Security threats in web applications


Today, most security breaches online occur through the application rather than the server. The majority of web application attacks occur through cross-site scripting (XSS) and SQL injection attackswhich typically result from flawed coding, and failure to sanitize input to and output from the web application.

In this blog I will be discussing these two attacks and methods on how to counter them.

Cross Site Scripting (XSS)

Cross-site scripting (XSS) is an injection attack which is carried out on Web applications that accept input, but do not properly separate data and executablecode before the input is delivered back to a user’s browser.

Like all injection attacks, XSS takes advantage of the fact that browsers can’t tell valid markup from attacker-controlled markup, they simply execute whatever markup text they receive. The attack circumvents the Same Origin Policy (SOP), a security measure used in Web browser programming languages…

View original post 1,335 more words


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s