Common application-based attacks.

Injection attacks

Injection attacks are one of the most common types of attacks against applications today. Web applications are especially vulnerable because they are internet-facing and their audience is extended out to the Internet.

Authentication attacks

Authentication attacks are methods you can use to try to bypass the authentication or compromise the security of the application by cracking the application’s passwords.

Authorisation attacks

After a user authenticates to an application or API, the user is then authorised to perform different actions while using the application or API. A vulnerable application may not have authorization configured properly and simply allows users and other applications to perform any task within the application.

XSS and CSRF/XSRF attacks

Cross-site scripting, or XSS for short, is one of the most common vulnerabilities found in web applications and involves the hacker injecting client-side script into a web page that is then viewed and executed by others at a later time.

The goal of a CSRF/ XSRF attack is to get an unsuspecting user to submit data to a website the user has already logged on to. A CSRF/XSRF attack leverages the fact that the site has already authenticated the user to the site, and therefore trusts all actions from the user.