There are many ways hackers are able to target Web applications (websites that let you communicate directly with software via the browser) to steal confidential information, introduce malicious codes, or take over your computer. These attacks exploit weaknesses in components such as web apps such as content-management systems, web servers.
Web app attacks comprise large proportions of security threats. In the last decade attackers have developed their skills in identifying and exploiting vulnerabilities that compromise the perimeter defenses of an application. Attackers are able to bypass the most common defenses using techniques like botnets, phishing and social engineering.
A phishing scam involves tricking victims into clicking on an email link that has malware. This malware is downloaded onto their computer, which enables attackers to gain access to devices or systems to use for other goals. Botnets are groups of infected and compromised connected devices, that attackers use to launch DDoS attacks, spread malware, perpetuate fraud on ads, and so on.
Directory (or path) traversal attacks use movement patterns to gain unauthorized access to data on websites, their configuration files as well as databases. Input sanitization is necessary to defend against this type of attack.
SQL injection attacks target the database that stores important data for websites and services by injecting malicious code which allows it to bypass security controls and disclose information that it normally would not. Attackers can execute commands, dump databases, and more.
Cross-site scripting attacks (or XSS), insert malicious code on a trusted website to hijack the browsers of users. This allows attackers to access session cookies and private information, impersonate a user or alter content, and many more.