Sheldon Speers
Sheldon Speers


Web Application Security Flaws

Let’s have a look at some of the common attack techniques commonly exploited by malicious groups or hackers.

SQL Injection

This is where an attacker exploits vulnerabilities associated with how a database executes search queries. SQi is deployed by hackers to gain access to unauthorized information, create new or modify user permissions, manipulate stored data and in some cases to destroy sensitive data.

Memory Corruption

Memory corruption occurs when part of memory is modified, thus resulting in unpredictable or unexpected behavior in the software. Malicious hacker takes advantage of the corrupted memory by using buffer overflow or code injection in an attempt to sniff out.

Buffer Overflow

Buffer overflow occurs when a program writing data to a buffer overloads that buffer’s capacity. It's the same thing that happens when you try to pour 15 ounces of wine into a 10-ounce glass. As a result, adjacent memories get overwritten with data. Hackers can exploit this type of behavior by injecting malicious codes into memory to create vulnerabilities in the targeted network.

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks

Attackers can overload target traffic or its surrounding infrastructure with various types of attack traffic. The server thus becomes slow and begins to behave sluggishly until it cannot offer services to legitimate users.

Data Breach

Data breach is a term used to refer to the release of confidential or sensitive information. A breach may be intentional or accidental and may consist of a few highly valuable set of records to millions of exposed user accounts.

Cross-site request forgery (CSRF)

This involves luring legitimate users into making a request that utilizes their authorization or authentication. After compromising a victim's account, the hacker then ex-filtrates, modify or destroy significant information. Most hackers target accounts such as executives or administrators.