SQL Injections (SQL-I)
Hackers can gain access to your database and steal customer information, including email addresses, passwords, credit card data etc. by inserting SQL commands in your website’s input forms and running codes that you don’t intend to.
Remote File Includes (RFI)
Attackers upload a custom coded, malicious file on a website or server using a script. The vulnerability exploits the poor validation checks in websites and can eventually lead to unintended code execution on the server or website.
Cross-Site Scripting (XSS)
Broken Authentication and Session Management
Often, application functions related to authentication and session management are not implemented correctly, allowing hackers to steal passwords, keys, tokens, or exploit other implementation flaws to assume users’ identities.
Cross-Site Request Forgery (CSRF)
This attack forces a victim’s browser to send forged HTTP requests, including the session cookie and other authentication information, to a vulnerable web application. This allows hackers to force the victim’s browser to make requests which trick the application into believing that they are legitimate.
Unvalidated Redirects and Forwards
Due to improper validation, websites often redirect users to other pages using untrusted data to determine the destination. This allows attackers to redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.