Vulnerable Web

Most common and effective web vulnerabilities

Security is a vital part of web development. But since it may often be complex, many developers does not include that in their learning curves. Result of which, new web applications do not normally include any protection and become ripe targets for hackers (malicious or otherwise).

Some of the more common problems and vulnerabilities used by hackers are:

Plain password

Storing plain text user logins passwords in the database is very bad practice. If hacker gains access to the database they can directly use those credentials immediately to cause great harm. Internal employees would also be able to view or manipulate sensitive user data. e.g. if Facebook stores all passwords in plain text, employees at Facebook who have access to the database would be able to access your account without you or Facebook knowing it.

XSS (Cross side scripting)

Cross-Site Scripting (XSS) vulnerabilities are a type of computer security vulnerability typically found in Web applications. XSS vulnerabilities enable attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.

CSRF

Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.

Man in middle

In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM, MiM or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Session/Cookie hijacking

Session hijacking/cookie hijacking is the exploitation of a valid computer session — sometimes also called a session key — to gain unauthorised access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many websites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer (see HTTP cookie theft)

X-Powered-By

When responding to a web request it’s common for servers to tell the client various bits of information. The one they enjoy most is some promotion around the name and version “powering” the site. Sadly, hackers also love this as it gives them more information for an attack vector

Clickjacking

Clickjacking occurs when your web page is inserted into an HTML iframe where users’ clicks can be hijacked. If a user clicks on your home button, an attacker could hijack the click and redirect the user to a malicious web page.

Content policy attacks

If the web application allows for users to specify their own JavaScript to embed on the page, managing security can quickly get out of hand.

Semantic URL attack

In a semantic URL attack, a client manually adjusts the parameters of its request by maintaining the URL’s syntax but altering its semantic meaning. This attack is primarily used against CGIdriven websites.

SQL injections

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Directory browsing

If your web application does not restrict directory access to your platform, you are in trouble. Imagine hackers having access to config files, .git folder etc.