In the last decade, millions of businesses and organizations have taken to the Web as a cost-effective method to interact with customers and conduct business. This includes the use of web applications that collect and store data such as customer information that is submitted via content management systems, shopping carts inquiry or submit forms, and login fields.
Because these applications are connected to the Internet and can be accessed from anywhere in the world they are vulnerable to hacking attempts that exploit vulnerabilities in the application or its supporting infrastructure. For example, SQL injection attacks (which exploit weaknesses in the database) can lead to compromised databases that contain sensitive information. Attackers can use the foothold they gain from compromising your Web application to identify other systems that are more vulnerable within your network.
Cross Site Scripting (XSS) is another common Web attack type. This exploits weaknesses in web servers to inject malicious code in web pages. The script then runs on the victim’s computer’s browser. This allows attackers steal confidential information or redirect users to phishing websites. Web forums, message boards, and blogs are especially vulnerable to XSS attacks.
Distributed attacks on service (DDoS) comprise hackers banding together to overwhelm a website with more requests than it can handle. This can cause the page to slow or shut down altogether, which interferes with its ability to process requests and make it unusable for all website link users. DDoS attacks can be devastating to small businesses, such as local restaurants or bakeries that rely on their websites to run.