Types of Security Attacks
Below is the list of security attacks that might happen.
- Cross site scripting (XSS) – Injecting malicious Java script code into the web pages.
- CSRF – Cross Site Request Forgery
- Session hijacking attack – by stealing the session Id
- DoS – Denial of Service
- SQL injection
- Code injection – Making malicious code execute by the application.
- Malware injection
- Phishing – Posing a fake site for actual site in an attempt to steal confidential data. For example – sending an email with fake website link to potential victims. Victims complete the transaction on the fake website without noticing that the site is fake.
- Brute Force attack – exhaustive attack by trying all possible combinations of input values. For example – trying to find the password of the site by trying a lot of combinations of the passwords.
- Cache poisoning – inserting malicious data into browser cache
- DNS Poisoning – tampering with DNS records on DNS Server.
- Account lockout attack – locking the account of given user by entering the wrong password more than maximum allowed times deliberately. It is a kind of DoS attack where valid users won’t get access to the information due to locked out account.
- Malware
- Stealing plain text data (Unencrypted)
- Cross site request forgery
Web development and Automation testing
solutions delivered!!