Wonder if you have developed a billion dollar website generating millions of dollars in a day and suddenly all the data get lost ,Passwords of users get cracked ,their bank accounts were empty by phishing which was caused due to data breach from your web app.

Developing a platform is not enough an improper construction can damage you,if necessary precautions are not applied to your web app.Web today is not just for surfing ,browsing and searching ,there are lot more things other than username and password which can be theft by the hackers.A trustful login will make a website reliable with an improper execution you app may not survive in future.There are endless possibilities and resources for a hacker to attack your users and most of it relates to background processes running with scripts and the rest given to forms where user provides information ,all needs a complex learning to secure from malicious movements of Attackers.

The web artisans have recognized the importance of sercurity and dangers arising with developing an application.To deal with such threats they have developed established a community called OWASP(Online Web Application Security Project) which includes standard organisations and research centers around the world.After years of research and development they refined many flaws by proving vulnerable ways to develop a web application.

Ten ways in which attack is vulnerable to web application

1. SQL Injection -

A code injection technique to destroy database which is most common method of attacking a database or hacking web through inserting malicious code in SQL statements.When a user inserts data in form it stores in Mysql Database and showed using queries through database. Generally there are shell commands which gives access to attackers to carry out malicious tasks which can trick the admin and lead to data loss or corruption.

1. Broken Access Control

Not properly enforcing restrictions to authenticated users which allows attackers to exploit other accounts and view sensitive files.Active and broken Session management helps attacker to access control over Session id ,token ,passwords , we use cryptography such as hashing and Secure connection with SSL certificate ,use HTTPS over HTTP.

1. Cross Site Scripting (XSS)

Cross site scripting or browser side scripting is used to misguide the user which occurs when user inserts information without validation and next time when user visits again he perform as attacker wanted him to behave.These malicious scripts contains such code which can access to cookies and session tokens and any other information provided to the website by user.Attacker can also rewrite the HTML of the website.

1. Invalid redirects and forwards -

This kind of attack can be done during payments or redirecting to a malware site or user can be tricked through interacting them to similar kind of pages to disclose their passwords and other sensitive information.

1. Insecure direct object reference

When there is access provided to all the users such as viewing/modifying the object ,file and database ,attackers take benefits of data and dig very deep.Only admin should have all the access and control over Web App.

1. Security Misconfiguration - There should be proper configuration of web server, database server and application server to protect data which can be stolen is proper development of security and password not applied to database and server.All developers should work together for secure configuration.

2. Improper Error Handling -

Improper handling of errors leads to crashing of the server and cracker can take the advantage of this course which can occur in normal operation which are not handled properly.Attacker can take advantage of improper erro rhandling an obtain information of the server and cause the security mechanism or crash it.

1. Denial of service -

They can consume all the resources and space of the web application which can stop other users to enter on that application,they can lock the users and system to fail.

1. Buffer overflows -
   Sometimes web application does not properly validate the inputs which can be crashed. These web applications include CGI, libraries, drivers, and web servers.

1. Sensitive data exposure - Proper handling of confidential data such as credit cards and passwords must be securely handled by Web apps.Attackers might observe keys and data from browser and server because they can't directly perform theft.They use to perform transactions with the help of data and only way to protect your website is Crypto algorithm ex , SHA-256.

image taken form -https://i.ytimg.com/vi/WmvpSTVu9N4/maxresdefault.jpg

---

follow - @cryptojolt

---