- XSS Attack (Cross-Site Scripting): Attackers inject malicious HTML code into the target website, which executes when users browse the site.
Defense Measures: Implement input validation and filtering, output encoding, and use CSP (Content Security Policy) to prevent the execution of unsafe dynamic scripts.
- CSRF Attack (Cross-Site Request Forgery): Attackers trick users into clicking malicious links, which send malicious requests using their authenticated session.
Defense Measures: Implement CSRF tokens and validate each request.
- Clickjacking: Attackers overlay a transparent malicious website on the legitimate website, tricking users into performing malicious actions unknowingly.
Defense Measures: Use X-Frame-Options to prevent the page from being embedded in an iframe.
- DoS Attack (Denial of Service): Excessive malicious requests overwhelm the server, making it unable to process legitimate requests.
Defense Measures: Limit request frequency and use CDN (Content Delivery Network) to distribute traffic.
- SQL Injection Attack: Attackers input special SQL queries to retrieve sensitive database information.
Defense Measures: Use prepared statements or parameterized SQL commands to prevent direct execution of dynamic SQL.
- Uploading Malicious Files: Attackers upload malicious files, such as those containing viruses or backdoors, to compromise servers or web pages.
Defense Measures: Restrict uploadable file types, scan uploaded files to prevent malicious software, and strictly filter uploaded filenames.