Major web server threats are:
Injection Flaws:
- What is it? Sending bad data to a web server to trick it into doing unintended things.
- Examples: SQL injection, OS injection.
- Why it’s bad: Allows attackers to execute unauthorized commands or access data.
Sensitive Data Exposure:
- What is it? Failing to protect important data like financial or healthcare information.
- Examples: Credit card fraud, identity theft.
- Why it’s bad: Enables criminals to steal or modify sensitive data without proper protection.
XML External Entities:
- What is it? Exploiting poorly configured XML processors to disclose internal files.
- Examples: Internal file sharing, remote code execution.
- Why it’s bad: Can lead to unauthorized access and denial-of-service attacks.
Broken Access Control:
- What is it? Not properly enforcing restrictions on what authenticated users are allowed to do.
- Examples: Accessing unauthorized functionality, viewing sensitive files.
- Why it’s bad: Allows attackers to manipulate the system and access unauthorized data.
Cross-Site Scripting (XSS):
- What is it? Injecting malicious code into a web application to harm users.
- Examples: Hijacking user sessions, redirecting to malicious sites.
- Why it’s bad: Targets users and damages the organization’s reputation.
Reflected XSS:
- What is it? Using a malicious script to reflect traffic to a user’s browser.
- Examples: Activating harmful scripts via manipulated web applications.
- Why it’s bad: Initiates harmful actions through unsuspecting users.
Cross-Site Request Forgery (CSRF):
- What is it? Deceiving a user’s browser to perform unauthorized actions.
- Examples: Transferring funds, changing passwords without user consent.
- Why it’s bad: Can lead to unauthorized actions and data theft.
Man in the Middle (MITM) Attack:
- What is it? Intercepting communication between the user and the application.
- Examples: Eavesdropping, impersonation.
- Why it’s bad: Allows attackers to harvest sensitive information.
Phishing Attack:
- What is it? Pretending to be a trustworthy entity to trick users into revealing sensitive information.
- Examples: Stealing login details, installing malware.
- Why it’s bad: Can lead to unauthorized access and data compromise.
Remote File Inclusion (RFI):
- What is it? Exploiting web applications that call external scripts to upload malware.
- Examples: Taking over systems by uploading malicious code.
- Why it’s bad: Allows attackers to control and compromise the system.
Using Components with Known Vulnerabilities:
- What is it? Exploiting weaknesses in libraries, frameworks, and modules with known vulnerabilities.
- Why it’s bad: Lets attackers take control of and exploit systems.
Insufficient Logging and Monitoring:
- What is it? Not properly tracking and monitoring activities, allowing attackers to go undetected.
- Why it’s bad: Enables attackers to maintain persistence and tamper with or steal data.
Backdoor Attack:
- What is it? Malware that bypasses login authentication to enter a system.
- Examples: Triggering system commands, maintaining access.
- Why it’s bad: Allows attackers to control the compromised system and update their malware covertly.