CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

4 Most Common Web Attacking Techniques

Table of Contents

If you want to secure your web application than first you must know about the common types of web attack and you should first attack on your web application to check that if it is vulnerable or not, for this purpose in this article we will talk about the most common type attacking technique that will cause a web server to compromise.
Cross Site Scripting

cross site scripting (XSS) is the most common type of web application flaws that reported now a days, Cross Site Scripting (XSS) is to trick the browser to execute malicious scripting commands. Unlike a lot of other web application attacks, XSS
targets the clients instead of the web application itself.
Cross Site scripting allow an attacker to perform a variety of activities including: 
  • Insertion of worm into a website
  • An attacker may insert their code to perform tabnapping
  • An attacker may complete deface the website
  • Cross site scripting may be used to hijacking the session 
  • etc.
Injection flaws


Injection flaws including SQL, Hibernate Query Language (HQL), LDAP, XPath, XQuery, XSLT, HTML, XML, OS command injection and many more, but the most common type of injection is SQL and HTML injection. Injection flaws allow an attacker to execute a command on a server. This is how an attack works:
  • The malicious codes are sent in a HTTP request. 
  • The malicious codes are extracted by a web application and passed to the interpreter. 
  • The malicious codes are executed on behalf of the web application.


Cross Site Request Forgery


Although it sounds like cross site scripting but it is different a bit, cross site request forgery also known as CSRF or XSRF, in CSRF attack the trust of the user being exploited. In this type of attack an attacker show that the website is for your(s) [user]. It is a one click attack in which user redirect to make some request without a knowledge of lagetimate user. In CSRF user have to already authenticate the website before launching the attack.
In CSRF attack an attacker may use some HTML or java embedded image technique, Typically an attacker will embed these into an email or website so when the user loads the page or email.

IMG SRC
  <img src=”http://host/?command”>
  SCRIPT SRC
  <script src=”http://host/?command”>

Information Leakage and Improper Error Handling

Error might be occur in on any web application but sometimes these errors give some valuable information about the website, error might be occur by Memory outages, null pointer exceptions, system call failure, an unavailable database, network timeouts etc, but due to misconfiguration these error may leak the information of the website. By knowing little detail about the web application server an attacker might be exploit it it on different ways like if an attacker know what services running on a port than an attacker will try to know about running operating system because the exploit available for different operating system. 


Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among

March 24, 2022

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training