1. SQL Injection

SQL injection attacks attempt to use application code to access or corrupt database content. This is accomplished via a Web request where the Web user input is incorrectly filtered for string literal escape characters that can be embedded in your SQL statements (like " or *) or more generally not strongly typed or sanitized, and thereby unexpectedly interpreted and executed as SQL.

2. Cross-Site Scripting (XSS)

Often used in conjunction with phishing, social engineering, and other browser exploits, XSS attacks inject malicious HTML or client-side scripts into Web pages viewed by other users, thereby bypassing access controls that browsers use to make sure requests are from the same domain (same origin policy).

By these means, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other client-side objects through a XSS attacks. Some XSS attacks can be tracked to DOM-based or local cross-site script vulnerabilities within a page's client-side script itself, often called non-persistent or reflected XSS vulnerabilities.

3. Session Fixation

Session Fixation is an attack technique that forces a user's session ID to an explicit value. Depending on the functionality of the target web site, a number of techniques can be utilized to "fix" the session ID value. These techniques range from Cross-site Scripting exploits to peppering the web site with previously made HTTP requests. After a user's session ID has been fixed, the attacker will wait for that user to login. Once the user does so, the attacker uses the predefined session ID value to assume the same online identity.

Without active protection against Session Fixation, the attack can be mounted against any web site that uses sessions to identify authenticated users. Web sites using sessions IDs are normally cookie-based, but URLs and hidden form fields are used as well. Unfortunately, cookie-based sessions are the easiest to attack. Most of the currently identified attack methods are aimed toward the fixation of cookies.

4. Information Leakage

Camouflage should be "standard issue" for Web servers. The first task of a Web attacker (a cyber criminal, internal or external) is to determine your operating system, Web server, application server and database platforms.

The most successful attacks are often targeted attacks, so removing or obfuscating the signatures of your technology platforms -- both obvious ones like the server name header or file extensions in HTTP, or the TCP/IP window size, as well as more subtle signatures, like cookie names, ETag formats, HTTP header order, or services running on IP/port combinations -- is an important type of countermeasure in itself.

This can either dissuade intruders from attacking your Web site or Web application altogether or force them to make incorrect assumptions that lead them to try the wrong types of attacks (for instance, a Linux/UNIX hack on a Windows system). In turn, this makes it easier for firewalls and IDS systems to better identify and block those attacks directly.

Read More