Top 5 most common threats identified by the Open Web Application Security Project 2017:
It’s not uncommon for web applications to have injection flaws, especially SQL injection flaws. A hacker who finds one will send malicious data as part of a command or query. The attacker’s message tricks the app into changing data or executing a command it was not designed to obey.
2. Cross-site Scripting.
Cross-site Scripting flaws occur whenever an application sends user-supplied data to a web browser without validating it first. Hackers use these flaws to hijack users away from the site or deface it, thereby costing the site owner in lost business.
3. Insecure Direct Object References.
Applications that lack checks to verify a user is authorized to view particular content can be manipulated to access private data.
4. Broken Authentication.
When account credentials and session tokens aren’t properly protected, hackers can assume users’ identities online. Learn how to Keep your site clean and secure
5. Cross-site Request Forgery (CSRF).
A CSRF attack tricks unknowing site visitors into submitting forged HTTP requests via image tags, XSS, or other techniques. If the user is logged in, the attack succeeds. Read more on how to Defend your website Click Here>>>