Application-based

Common application-based attacks.

Injection attacks

Injection attacks are one of the most common types of attacks against applications today. Web applications are especially vulnerable because they are internet-facing and their audience is extended out to the Internet.

Authentication attacks

Authentication attacks are methods you can use to try to bypass the authentication or compromise the security of the application by cracking the application’s passwords.

Authorisation attacks

After a user authenticates to an application or API, the user is then authorised to perform different actions while using the application or API. A vulnerable application may not have authorization configured properly and simply allows users and other applications to perform any task within the application.

XSS and CSRF/XSRF attacks

Cross-site scripting, or XSS for short, is one of the most common vulnerabilities found in web applications and involves the hacker injecting client-side script into a web page that is then viewed and executed by others at a later time.

The goal of a CSRF/ XSRF attack is to get an unsuspecting user to submit data to a website the user has already logged on to. A CSRF/XSRF attack leverages the fact that the site has already authenticated the user to the site, and therefore trusts all actions from the user.