page contents Top 7 Vulnerabilities In Web Applications 2014 | TechGeek-Technology under one roof

0


In today's Post i will tell you about the Top 7 Vulnerabilities In Web Applications 2014 , so that you can secure your website and be aware of all these holes through which a hacker can gain access to your site and take over your site. Vulnerabilities or Holes are basically the weak points in your system , which a hacker can find out and can deface your site ,  play with your site , can destroy you data , steal your data , can steal employees data working in your company. Basically network security is at high risk nowadays , but i will show you how you can be safe from all that.
Black Friday Note 4

1. Cross Site Scripting or "XSS"

Cross Site Scripting is also known as XSS . It is a security flaw found in web applications nowadays its almost in every site , some of them are patched but some still left unpatched. XSS are type of injection in which malicious JavaScript's mainly are injected to trusted websites. These attack occurs when a hacker or an attacker sends a malicious code using web applications on the network to users. These flaws are mainly found where web applications uses input from user mainly forms , signups , search boxes. The user here will be not aware of the malicious code send to him , he will think that it is come from a trustworthy site and will execute the script. End result will be that the malicious code can access any of your cookies ,session tokens or any other sensitive information which means that the attacker can take control of your system now.

2. Injection Flaws  

Injection Flaws are mainly found in SQL ,Xpath , XML , SMTP headers , Program arguments and many more. Injection flaws occur when an application sends untrusted data to interpreter mainly the user. Anyone can be an attacker it might be the internal or external users or might be the administrator. Attacker sends simple text based attacks that exploit the syntax of the target or end user. Injection can cause you data loss , denial of access attacks , or complete take over of host. All your precious data can be stolen , modified or even deleted . Scanners can help you find injection flaws in your site.
Black Friday Note 4




3. Broken Authentication And Session Management

This security flaw is usually found in areas such as log outs , remember me , secret question , account update and so on. These flaws are bit difficult to find. Attacker uses flaws in the authentication and session management functions such as Password session ids, accounts etc to attack users. These flaws have a severe impact as it can hack all your accounts , if the attacker is successful in attacking then he can do what the victim can do. 
Black Friday Note 4





4. Security Misconfiguration 

This security flaw can be found on web server , platform server , databases , frameworks and many more. System administrators should make surety that the entire server is configured properly. Attacker here accesses default pages , default accounts , unpatched flaws , unprotected directories and gain unauthorized access to the systems. The attacker can completely take over the system without you knowing it and takes a huge cost to recover back these systems , so stay alert all your data can be stolen or re modified .





  5. Cross Site Request Forgery or CSRF

CSRF vulnerability is also found on sites nowadays , CSRF takes over the browser's advantage as nowadays browser's send credentials like session cookies automatically without user's knowledge and attackers can create malicious web pages which can generate forged requests that are same as the legit ones. Attacker here creates an Forged HTML requests and tricks a victim into submitting by image tags etc etc. If the user authenticates so BOOM the attacker has now succeeded in his attack. Example of some tricks can be making online purchases , updating bank account information and so on. This type of flaw can be detected via penetration testing or code analysis.





6. Redirects and Forwards 

Some web application forwards or redirects users to other web pages but sometimes the target page is specified in an validated parameter allowing attackers to chose the destination page , means the attacker links the unvalidated link and tricks the victim to click on it , since the link is to trustworthy site. Such redirects or forwards may cause victim to disclose their passwords or other sensitive information or install virus , malware etc. Prevention from this security flaw is unsafe forwards. 






7. Sensitive Data Exposure

This type of flaw is usually due to weak key management , weak passwords , weak encryption methods , weak password hashing techniques and so on. But somehow these flaws are hard to exploit for external hackers if they are on the server side. But if hacked then it might get you lose your sensitive information such as bank accounts , credit cards information and so on.



You may also like What is Ethical Hacking

Post a Comment

 
Top