In the last decade many businesses and organizations have taken to the Web as an inexpensive way to communicate with customers as well as conduct business. This includes web applications that store and collect data. This includes information about customers supplied through content management systems, online shopping carts, inquiry forms, or login fields.
These applications are usually accessed via the Internet and are able to be hacked to exploit weaknesses within the application or its supporting infrastructure. For instance, SQL injection attacks (which exploit weaknesses in the database) can result in compromised databases that contain sensitive information. Attackers can also leverage an advantage gained by breaching an Web application to discover and access other, more vulnerable systems on your network.
Other commonly used Web attacks include Cross Site Scripting attacks (XSS) which exploit flaws in the web server to inject malicious code into web pages, it executes as an infected program in the victim’s browser. This lets attackers steal confidential information or redirect the user to websites that offer phishing. XSS attacks are most prevalent on blogs, message boards and web forums.
Distributed attacks on service (DDoS) comprise hackers banding together to overwhelm a website with more requests than it can field. This can cause a website’s performance to drop or even shut down completely. This affects the ability to handle requests, and makes it unusable for everyone. DDoS attacks can be devastating to small businesses, like local restaurants or bakeries that rely on their websites for operations.