Web Application Vulnerabilities
Some of the common web application vulnerabilities (SQL, XSS, LFI, Session Hijacking)
OVERVIEW
Web application vulnerabilities involve a system flaw or weakness in a web-based application. It occurs largely due to not validating or sanitizing form inputs, misconfigured web servers, and application design flaws, and they can be exploited to compromise the application’s security.
SQL Injection Attack
SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server. SQL Injection can provide an attacker with unauthorized access to sensitive data including, customer data, personally identifiable information (PII), trade secrets, and other sensitive information.
How SQL Injection Work?
An SQL Injection needs just two conditions to exist — a relational database that uses SQL, and a user controllable input which is directly used in an SQL query.