In the past decade, millions of people have used the Web to communicate and conduct business with their customers. This includes the use of web-based software that collect and store data including customer information provided through content management systems, shopping carts, inquiry or submit forms, and login fields.
Because these applications are Internet-facing and are often accessible from any location in the world, they are at risk for attacks that exploit weaknesses in the application or its supporting infrastructure. SQL injection attacks, which exploit weaknesses in databases, could compromise databases that contain sensitive data. Attackers also can leverage the security of a Web application to identify and access other vulnerable systems on your network.
Cross Site Scripting (XSS) is another well-known Web attack type. This exploits the weaknesses of web servers to inject malicious code in web pages. The script then executes in the victim’s web browser. This lets attackers steal confidential information or redirect the user to sites that offer phishing. XSS attacks are most prevalent on blogs, message boards and web forums.
Distributed attacks on service (DDoS) involve hackers banding together to pummel a website with more requests than it can field. This can cause a website’s performance to suffer or even cease to function completely. This hinders the ability of the website to process requests, making it unusable to everyone. This is the reason DDoS attacks can be especially damaging for small businesses that rely on their websites for operations like local bakeries or restaurants.