Web Security Threats

The threats facing web applications are extremely diverse and difficult to catch. They vary so greatly from each application that it requires an experienced professional to catch and repair. Here I have listed the basic web application exploits, how they work, and what the risks are.

1) SQL Injection
SQL Injection is where an attacker injects a specially crafted input into an application that interacts with a database, such as a search feature, comment system, or login system in such a way that it modifies the SQL syntax, allowing for modification of the database, exposing of database contents, or bypassing security systems such as user systems. The information gathered is usually used in identity theft.

2) XSS (Cross Site Scripting)
XSS or Cross Site Scripting is the most common exploit today, it is done by injecting script (usually JavaScript) into a page to be executed on a victims browser. The most common places to find these exploits are search functions, comment pages or user blogs, user profiles or pages, error pages, or on almost any page given the right curcumstances.
The risks are numerous, cookie stealing, session hijacking, password theft, phishing attacks, defaced pages, redirects, page replacement for scams, and many, many others. This exploit is often very difficult to stop, and requires very specially crafted measures to secure a site.
More Information Here

3) Header Injection
Header Injection is most commonly used on "Contact Us" email forms. Basically, an attacker injects email headers, to redirect the email to multiple targets under a false name. This is the number one way that spam and scam messages get sent, causing millions of dollars in theft each year. The scary thing is, that if your website falls victim to this type of explit, all of your legitimate emails will be sent to spam boxes, and in some rare cases the owner of the site can be liable to damages. Either way is very, very bad for business.

4) Read Exploit
The Read Exploit is a very dangerous exploit, and can be used on many dynamic sites. Essentially, whenever a script reads a file and outputs the contents, a read explit may be possible. Usually, an attacker reads the password files of your server and cracks the hash, thus stealing the password to your website, effectivley leaving you vulnerable to anything the attacker wants. Other variants are where user pages are read for use in identity theft, or private files are read, exposing potentially harmful information to the malicious user.

5) Include Exploit
The Include Exploit is one of the most critical exploits a website can face, it essentially allows a hacker to execute server side script remotely, giving the attacker the ability to do anything he wants on your site. Often, an attacker will change your password to prevent you from fixing the problem before more damage is done. Also, an attacker will often hijack your account to attack other websites, potentially leaving you liable to damages in some cases.

6) Buffer Overflow
A buffer overflow is caused when user input is not handled properly. Too much data is injected, and it overflows out of the space allotted for the input. An attacker can now inject his own code for the server to execute.

7) Upload Exploit
When ever a file is uploaded, it must be handled properly, or a malicious or even careless user could upload a server executable file, leading to the same problems as a read exploit, except in some cases, it can give an attacker control over the entire server, not just the vulnerable website.

8) CSRF (Cross-Site Request Forgery)
Cross-Site Request Forgery is an extremely simple exploit that has been causing a lot of trouble lately, despite the fact that this exploit is as old as JavaScript.
The basic idea is that an attacker will copy the form from a friendly site (maybe a site manager or email system) and make it submit automatically. So, as long as you are logged into the vulnerable system, the form executes flawlessly and the attacker now can do anything, such as change your password, steal your identity, etc. This is a very dangerous exploit.

There are hundreds more types of exploits, these are just some of the most common.