Web application security is too wide a field to treat it comprehensively in this article. Hence, it focuses on the description of well-known attack vectors related to Web applications.
Attacks against a Web application can be blocked by eliminating vulnerabilities during implementation or by the use of upstream web application firewalls.
In a SQL injection, the attacker sends connection requests to the server, the request parameters are provided with SQL control characters.
It starts the Web application control character by sending them as part of an SQL query to the database, the attacker can read it either in the conventional manner.
Behind the name cross-site scripting (XSS) hide two (sometimes even a third type) fundamentally different attacks.
This attack takes advantage of vulnerabilities in the local execution of scripts or initiates a cross-site request forgery.
Server-side XSS refers to the smuggling of manipulated information in an application running on the Web server script, so that, for example in a dynamically generated include () file (possibly even from another server) executes.
Since HTTP is a connectionless protocol, the Web application, the identification of a user is done using a Session ID that is specified as Basic / Digest Authentication, Cookies, URL rewriting, or HTTP form parameters (GET or POST) for each request.
Session hijacking involves the attacker trying to gain knowledge of the session ID of the user, and then simulate the identity of the victim and the rights to access the Web application.
Cross-Site Request Forgery
Cross-Site Request Forgery presupposes an existing session between the user and the web application. The attacker uses various techniques (possibly XSS) or the user to move over a client-side scripts and direct the browser to call a malicious URL.
Unlike the session hijacking, the attacker obtains no knowledge of the session ID, since the attack takes place exclusively in the user’s browser.
In a directory traversal attack, the attacker takes advantage of the lack of testing of the web application to engineered paths. Expected, for example, the Web application can datei1.html a parameter as necessary with this item = item = .. / .. / .. / Config.sys be abused.
With an e-mail injection, the attacker adds a contact form in manipulated data so that instead of the message being sent to the intended recipient by the provider of the web application, it now emails are sent to any recipient. This option is usually abused for sending spam.
The following attacks are not against the Web application itself, but are commonly found in the environment:
In a man-in-the-middle attack (MitM) the attacker sets up a connection without the victim noticing.
The value in use is for the attacker is to manipulate redemptions requests to the Web application desired. Encryption of data transfer using SSL protection becomes necessary to combat this issue.
But this protection is also ineffective if the attacker can obtain an SSL certificate from the concerned website to which a root certificate is installed in the victim’s browser.
Denial of Service
In a denial of service (DoS) attack, the attacker tries to evade the Web server through a variety of connection requests.
The attack is carried out simultaneously by several (possibly several thousand) computers at the same time.
There is also a distributed denial-of-service (DDoS) attack . A DoS is not limited to web applications, but can be directed against any kind of server.
Phishing is not a vulnerability of a Web application , it is rather in the area of social hacking. Here, the attacker asks its potential victims usually enmasse by e-mail for access codes, such as PINs and TANs for online banking.