There are a variety of ways attackers could target web applications (websites that allow you to interact directly with software via a browser), to steal confidential information or introduce malicious code or hijack your computer. These attacks exploit weaknesses in components like web apps and content management systems as well as web servers.

Web app attacks comprise the majority of security threats. Over the last 10 years attackers have developed their skills in finding and exploiting vulnerabilities that can affect the perimeter defenses of applications. Attackers can evade the most common defenses by leveraging techniques such as phishing, social engineering, and botnets.

A phishing attack involves fooling victims into clicking an email link that contains malware. The malware is then downloaded to the victim’s computer and allows attackers access to devices or systems. Botnets are groups of infected and compromised connected devices, which attackers use to launch DDoS attacks or spread malware, to continue fraud in advertising, and much more.

Directory traversal attacks use patterns of movement to gain access to files, configuration files, and databases on a website. Sanitizing inputs is essential to defend against this type of attack.

SQL injection attacks target the database that stores critical data for websites and services by injecting malicious code that allows it to bypass security controls and reveal information that normally wouldn’t. Attackers can then run commands, dump databases and more.

Cross-site scripting attacks (or XSS), insert malicious code on a trusted site to hijack the browsers of users. This allows attackers to steal session cookies and private information, impersonate users to alter content, and more.