Web Attacks
This blog post was contributed by Vaibhav Rastogi. The web is one of the most common interfaces between an organization and the outside world and so web attacks, or attacks on web applications, are a fairly frequent attack scenario. They have been studied for decades, projects such as OWASP Top Ten have been there to create awareness about these attacks, and there are numerous tools, which can be used to detect and mitigate common web application vulnerabilities. Here, we outline some of the common categories of attacks on web applications. Injection attacks Such attacks happen when untrusted data is incorporated into the server-side application logic without proper sanitization. These attacks can use a variety of vectors: for example, unsanitized input can make its way into a SQL query to result in a so-called SQL injection. Similar attacks can result with injection into noSQL database queries, and into server-side scripts (e.g., a PHP script that evaluates some untrusted inp