Types Of Web Application Vulnerabilities

Web Application Vulnerabilities

1. SQL Injection
SQL stands for the structured query language. The SQL injection is an injection attack which gives an attacker the feasibility to inject or we can say to execute SQL statements which can directly communicate with the database of the web application also known as a relational database management system. An SQL injection is the most common vulnerability as a huge number of websites uses a database to store the data. An SQL injection is very dangerous as it gives to access to the database where all the sensitive files rely on. It can be used to change, modify or even upload the files.

2. Cross Site Scripting (XSS)
The most common vulnerability is XSS. It also allows an attacker to inject the code but that code is which means javascript code into the page. XSS is a client-side vulnerability which allows an attacker to execute malicious scripts. Through XSS sensitive information can be stolen. XSS usually comes in three flavors.
1. Persistent or Stored XSS
    In this type of XSS, the code gets stored in the database and is the most dangerous form of      XSS.
2. Reflected XSS
   In this type of XSS, the code only gets executed when the user runs some specific URL.
3. DOM Based XSS
    In this type of XSS, the code runs on the client machine without communicating with the web server.

3. Command Injection
Command injection click here to know What is Command Injection

4. LFI
LFI stands for Local File Inclusion. LFI allows an attacker to view the files stored on a server. It allows an attacker to do the directory traversal and visit the sensitive files which one must not visit. It can also be dangerous in some cases like much sensitive information is stored in a web server for example password files, employee’s information, etc.

5. RFI
RFI stands for Remote File Inclusion. It gives the attacker the ability to upload custom files on the server like viruses or payloads or shells. It can be used to easily deface a website.

These are the most common vulnerabilities found in Web Application.
Other vulnerabilities are: –

1. Broken Authentication
2. DOS & DDos
3. Server Rooting
4. ClickJacking Attacks
5. Social Engineering
6. For Tempering
7. Remote Code Execution
8. DNS Cache Poisoning
9. HTML Injection
10. Security Misconfiguration  
    
    
    
    

ilities

1. SQL Injection
   SQL stands for the structured query language. The SQL injection is an injection attack which gives an attacker the feasibility to inject or we can say to execute SQL statements which can directly communicate with the database of the web application also known as a relational database management system. An SQL injection is the most common vulnerability as a huge number of websites uses a database to store the data. An SQL injection is very dangerous as it gives to access to the database where all the sensitive files rely on. It can be used to change, modify or even upload the files.
2. Cross Site Scripting (XSS)
   The most common vulnerability is XSS. It also allows an attacker to inject the code but that code is which means javascript code into the page. XSS is a client-side vulnerability which allows an attacker to execute malicious scripts. Through XSS sensitive information can be stolen. XSS usually comes in three flavors.
   1. Persistent or Stored XSS
       In this type of XSS, the code gets stored in the database and is the most dangerous form of      XSS.
   2. Reflected XSS
      In this type of XSS, the code only gets executed when the user runs some specific URL.
   3. DOM Based XSS
       In this type of XSS, the code runs on the client machine without communicating with the web server.
3. Command Injection
   Command injection click here to know What is Command Injection
   
   
4. LFI
   LFI stands for Local File Inclusion. LFI allows an attacker to view the files stored on a server. It allows an attacker to do the directory traversal and visit the sensitive files which one must not visit. It can also be dangerous in some cases like much sensitive information is stored in a web server for example password files, employee’s information, etc.
5. RFI
   RFI stands for Remote File Inclusion. It gives the attacker the ability to upload custom files on the server like viruses or payloads or shells. It can be used to easily deface a website.

These are the most common vulnerabilities found in Web Application.
Other vulnerabilities are: –

1. Broken Authentication
2. DOS & DDos
3. Server Rooting
4. ClickJacking Attacks
5. Social Engineering
6. For Tempering
7. Remote Code Execution
8. DNS Cache Poisoning
9. HTML Injection
10. Security Misconfiguration