SlideShare a Scribd company logo

LECTURE-DEC-6_web-application-attacks (1).pptx

Download as PPTX, PDF
J
JhonFrancisDuarte

Web applications are software accessible via web browsers, distinct from local apps. Various web application attacks, including cross-site scripting (XSS), SQL injection (SQLi), and DDoS attacks, exploit vulnerabilities leading to unauthorized access and data theft. Protection measures include automated vulnerability scanning, web application firewalls, and secure development practices.

Education
1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
WEBAPPLICATION ATTACKS Cybersecurity
WebApplicationStatistics
WebApplication - A web application is software that runs on a web server and can be accessed by a user through a web browser with an active internet connection.This differs from local software apps, which run directly on a user’s device. Web applications are usually easy to install on the user’s end, and can often be customized to meet a business’s specifications.
WebApplicationAttacks - Web application attacks are malicious activities that target web applications by exploiting vulnerabilities in their design or implementation. These attacks can result in unauthorized access, data theft, or other harmful consequences.
COMPANY/PRODUCTHISTORY To create your own, choose a topic that interests you.
TYPESOFWEB APPLICATION ATTACKS • Cross-site scripting (XSS): In an XSS attack, an attacker injects a piece of malicious code onto a trusted website or web-based app. Because the user’s browser thinks the script came from a trusted source, it will execute the script. XSS attacks can be used to steal data or perform other malicious acts on the visitor’s computer. While this method is considered unsophisticated, it’s common and can do significant harm.
CROSS-SITE SCRIPTING(XSS)
TYPESOFWEB APPLICATION ATTACKS • SQL injection (SQLI): SQLIs occur when an attacker meddles with the queries that a web application makes to its database. An SQLI can allow intruders to get sensitive data from the database. An attacker might modify or delete this data, or inject code that can change the web application's content or behavior.
SQLINJECTION (SQLI)
TYPESOFWEB APPLICATION ATTACKS • Path traversal: This attack, also known as directory traversal, allows the bad actor to manipulate paths to folders outside the web root folder, which can then be used to access web application files, directories and commands. • Local file inclusion: This technique tricks the web application into exposing or running its files on the web server. These attacks occur when the web app treats a malicious attack as “trusted input.” An attacker may use path or directory traversal to learn about the files on the server, and then prompt the web app to run the local file. Local file inclusions can lead to information disclosure, XSS and remote code execution.
TYPESOFWEB APPLICATION ATTACKS • DDoS attacks: These attacks happen when an attacker bombards a server with web requests. Attackers may use a network of compromised computers or bots to mount this attack, which can paralyze a server and prevent legitimate visitors from gaining access to your services. • Cross-site request forgery (CSRF): CSRFs occur when an attacker tricks or forces an end user to execute unwanted actions on an application in which they are already authenticated.
TYPESOFWEB APPLICATION ATTACKS • XML external entity (XXE): This attack relies on an improperly configured XML parser within an application’s code. This attack can lead to the disclosure of confidential data like passwords, denial of service, server-side request forgery and other system impacts.
XMLEXTERNAL ENTITY(XXE):
MostcommonvulnerabilitiesinWebApplications • Broken Access control • Cryptographic failures • Injection • Insecure design • Security misconfiguration • Vulnerable and outdated components • Identification and authentication failures • Software and data integrity failures • Security logging and monitoring failures • Server-side request forgery
Waystoprotectagaintswebsiteattacks • Automated vulnerability scanning and security testing • Web application firewalls • Secure development testing

More Related Content

PDF
Web Application Security Tips
tcellsn
 
PPTX
Codeinjection
Nitish Kumar
 
PPTX
OWASP
gehad hamdy
 
PPTX
Application-security-Javascript.pptx
DBALLIANCE Ltd UK
 
PPTX
webapplicationattacks-101005070110-phpapp02.pptx
SyedAliShahid3
 
PPTX
Web and Mobile Application Security
Prateek Jain
 
PDF
Alert logic anatomy owasp infographic
CMR WORLD TECH
 
PDF
Recent cyber Attacks
S.M. Towhidul Islam
 
Web Application Security Tips
tcellsn
 
Codeinjection
Nitish Kumar
 
OWASP
gehad hamdy
 
Application-security-Javascript.pptx
DBALLIANCE Ltd UK
 
webapplicationattacks-101005070110-phpapp02.pptx
SyedAliShahid3
 
Web and Mobile Application Security
Prateek Jain
 
Alert logic anatomy owasp infographic
CMR WORLD TECH
 
Recent cyber Attacks
S.M. Towhidul Islam
 

Similar to LECTURE-DEC-6_web-application-attacks (1).pptx (20)

PPTX
3-types of attacks_Types of attacks.pptx
AmandeepSohal4
 
PPTX
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
PDF
The most Common Website Security Threats
HTS Hosting
 
PPT
Secure code practices
Hina Rawal
 
PDF
React security vulnerabilities
AngelinaJasper
 
PPTX
Xss ppt
penetration Tester
 
PPTX
Web hacking refers to exploitation of applications via HTTP which can be done
ssuserf8636d
 
PDF
T04505103106
IJERA Editor
 
PDF
Are you fighting_new_threats_with_old_weapons
Bhargav Modi
 
PDF
Injection attacks
Adamu Muhammad
 
PPTX
CyberSecurityppt. pptx
iamayesha2526
 
PPTX
A Taken on Cyber Attacks - The Cyber Physical System.pptx
animeshdabral007
 
PPTX
Major Web Sever Threat.pptx
SANDEEPVISHWAKARMA425010
 
PPT
Why You Need A Web Application Firewall
Port80 Software
 
PDF
Web application sec_3
vhimsikal
 
PPTX
Most Common Application Level Attacks
EC-Council
 
PPT
CROSS SITE SCRIPTING.ppt
yashvirsingh48
 
PPT
Web Application Security
Chris Hillman
 
PPTX
week2-cybersecurityOverview of social engineering attacks.pptx
christianaolusegun22
 
PPTX
AW-Infs201101067.pptx
AnonymousDevil2
 
3-types of attacks_Types of attacks.pptx
AmandeepSohal4
 
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
The most Common Website Security Threats
HTS Hosting
 
Secure code practices
Hina Rawal
 
React security vulnerabilities
AngelinaJasper
 
Xss ppt
penetration Tester
 
Web hacking refers to exploitation of applications via HTTP which can be done
ssuserf8636d
 
T04505103106
IJERA Editor
 
Are you fighting_new_threats_with_old_weapons
Bhargav Modi
 
Injection attacks
Adamu Muhammad
 
CyberSecurityppt. pptx
iamayesha2526
 
A Taken on Cyber Attacks - The Cyber Physical System.pptx
animeshdabral007
 
Major Web Sever Threat.pptx
SANDEEPVISHWAKARMA425010
 
Why You Need A Web Application Firewall
Port80 Software
 
Web application sec_3
vhimsikal
 
Most Common Application Level Attacks
EC-Council
 
CROSS SITE SCRIPTING.ppt
yashvirsingh48
 
Web Application Security
Chris Hillman
 
week2-cybersecurityOverview of social engineering attacks.pptx
christianaolusegun22
 
AW-Infs201101067.pptx
AnonymousDevil2
 
Ad

Recently uploaded (20)

PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Lesson notes of climatology university.
sgladness67
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
master seminar digital applications in india
ananyaray35
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Ad

LECTURE-DEC-6_web-application-attacks (1).pptx

  • 3. WebApplication - A web application is software that runs on a web server and can be accessed by a user through a web browser with an active internet connection.This differs from local software apps, which run directly on a user’s device. Web applications are usually easy to install on the user’s end, and can often be customized to meet a business’s specifications.
  • 4. WebApplicationAttacks - Web application attacks are malicious activities that target web applications by exploiting vulnerabilities in their design or implementation. These attacks can result in unauthorized access, data theft, or other harmful consequences.
  • 5. COMPANY/PRODUCTHISTORY To create your own, choose a topic that interests you.
  • 6. TYPESOFWEB APPLICATION ATTACKS • Cross-site scripting (XSS): In an XSS attack, an attacker injects a piece of malicious code onto a trusted website or web-based app. Because the user’s browser thinks the script came from a trusted source, it will execute the script. XSS attacks can be used to steal data or perform other malicious acts on the visitor’s computer. While this method is considered unsophisticated, it’s common and can do significant harm.
  • 8. TYPESOFWEB APPLICATION ATTACKS • SQL injection (SQLI): SQLIs occur when an attacker meddles with the queries that a web application makes to its database. An SQLI can allow intruders to get sensitive data from the database. An attacker might modify or delete this data, or inject code that can change the web application's content or behavior.
  • 10. TYPESOFWEB APPLICATION ATTACKS • Path traversal: This attack, also known as directory traversal, allows the bad actor to manipulate paths to folders outside the web root folder, which can then be used to access web application files, directories and commands. • Local file inclusion: This technique tricks the web application into exposing or running its files on the web server. These attacks occur when the web app treats a malicious attack as “trusted input.” An attacker may use path or directory traversal to learn about the files on the server, and then prompt the web app to run the local file. Local file inclusions can lead to information disclosure, XSS and remote code execution.
  • 11. TYPESOFWEB APPLICATION ATTACKS • DDoS attacks: These attacks happen when an attacker bombards a server with web requests. Attackers may use a network of compromised computers or bots to mount this attack, which can paralyze a server and prevent legitimate visitors from gaining access to your services. • Cross-site request forgery (CSRF): CSRFs occur when an attacker tricks or forces an end user to execute unwanted actions on an application in which they are already authenticated.
  • 12. TYPESOFWEB APPLICATION ATTACKS • XML external entity (XXE): This attack relies on an improperly configured XML parser within an application’s code. This attack can lead to the disclosure of confidential data like passwords, denial of service, server-side request forgery and other system impacts.
  • 14. MostcommonvulnerabilitiesinWebApplications • Broken Access control • Cryptographic failures • Injection • Insecure design • Security misconfiguration • Vulnerable and outdated components • Identification and authentication failures • Software and data integrity failures • Security logging and monitoring failures • Server-side request forgery
  • 15. Waystoprotectagaintswebsiteattacks • Automated vulnerability scanning and security testing • Web application firewalls • Secure development testing