Currently, about 70% of sites have critical vulnerabilities.
Existing vulnerabilities allow an attacker not only to gain access to the site and cause serious damage, but also to carry out an attack on the site's users, and, if the attack is successful, to gain access to critical information of users, including their personal data, Bank card data, etc., and in the worst-case scenario, get full control of the user's computer.
Please note that only antivirus software is usually available on user computers. Unauthorized access protection and disk encryption tools are rarely used, which greatly simplifies the process of stealing significant user information.
Note that the majority of site vulnerabilities are related to the use of vulnerable versions of web servers, CMS, DBMS, and programmer errors. At the same time, the presence of vulnerabilities does not depend much on the programming language used.
The main reason for vulnerabilities in the site's source code is the lack of verification of data entered in forms and requests to the site. The most dangerous types of vulnerabilities to attacks on web applications are described below.
An SQL injection attack is performed by inserting or" injecting " a partial or complete SQL query to the database by entering or transmitting data from the client (browser) to the web application.
Successful SQL injections can read confidential data from the database, modify the database (insert/update/delete), perform operations in the database (such as shutting down the DBMS), restore the contents of a file that exists in the file system, or write files to the file system, and, in some cases, execute operating system commands.
In some cases, when using outdated operating systems and DBMS, as well as the absence of additional security measures against unauthorized access on the web server, an attacker using SQL injection can gain administrative access to the web server. This attack is particularly dangerous for networks that use external firewalls but do not use demilitarizing area. A compromised web server inside a secure perimeter is a dangerous springboard for attacks on all elements of the organization's network.
A vulnerability to a blind SQL injection attack is more difficult to detect than a vulnerability to an SQL injection attack because with this type of vulnerability, the DBMS error response is not transmitted to the client (browser) of the web server and the vulnerability can be judged by indirect signs. Otherwise, a blind SQL injection attack is just as dangerous as a normal SQL injection attack. The success of a blind SQL injection attack can only be judged by indirect signs.
The command injection attack is performed by passing special operating system commands to the server in a request. As a rule, an attack is possible if user requests are filtered incorrectly and / or access rules are configured incorrectly. If the attack is successful, an attacker can gain access to confidential information or gain full control over the attacked server.
The PHP injection attack is performed by passing special PHP commands to the server in a request. Usually, an attack is possible if user requests are filtered incorrectly or access rules are configured incorrectly. If the attack is successful, an attacker can gain access to confidential information or change significant files on the server.
Before generating an HTML page, the server can run scripts that use the data provided by the user. An SSI injection attack allows the attacker to pass executable code to the server, which will be interpreted as a command and executed on the server. If the attack is successful, an attacker can gain access to confidential information or change significant files on the server.
An SQL injection attack is performed by inserting or "injecting" a partial or complete change to the structure of the application's XML document. In this case, the XML document parser incorrectly reads the XML data of the document, which allows the attacker to execute arbitrary code on the server.
Cross-site scripting (XSS) occurs when an attacker inserts executable code into the victim's browser as part of a single http request. The attack code is not stored inside the app itself, it is a non-permanent and user-only impact that opens malicious links or third-party web pages. The attack code that is part of the created URI or http parameter is incorrectly processed by the application and returned to the victim. Reflected cross-site scripting is the most common type of attack. For a long time, cross-site scripting was considered not very dangerous and it was not given false attention. Currently, cross-site scripting is ranked as the 7th most dangerous in the Web application risk rating OWASP Top 10.
Errors in differentiating access rights to directories have been known for a long time, but they are still quite common. Errors can occur both when creating a site and during its operation.Hackers can use these errors to run their own scripts and applications on the server, access data, including other users 'accounts, view confidential files, change other users' data, change access rights, and so on.
Vulnerabilities that occur due to the use of outdated and vulnerable versions of protocols (vulnerable versions of SSl and TLS, unsecured protocols http, ftp, etc.) or the use of vulnerable versions of operating systems, web servers, or web applications allow an attacker to gain full control over the server and access all server information.