webapplication attacks are increasing day by day.its easy and does not require much knowldge about OS internals or assembly or any such stuff.so you can see many vulnerabilities coming out daily like sql injection,XSS etc etc.
this kind of attacks are easy and hence someone with the basic knowledge about it can easily play with your webapplication.lets see some of the common attack techniques for webapplications:-
1)Sql Injection:-it is the favourite topic of any attacker.first thing they try to do is runnig the queries which was not intended to run by your programmer.i m not goin to discuss in detail but i wirtten a paper on it and you can check it here:-
http://www.secguru.com/hardik/understanding_sql_injection
2)XSS or Cross Site Scripting:-it is another favourite attack.xss simply means using teh combination of java script and html tags to perform andexicute the code which was not intended to run.with this kind of attacks someone easily phish the data,can redirect you to diffrent place,execute maillicious scripts etc.i have written a paper describing how such kind of attacks get performed.waiting for skillz(secguru.com)toi upload that soon.
3)Query strings:-i am sure you have seen some strings with the URL like item=3 or so.this are called query string.this string are used to genrate various results.so if you use such string and does not verify the data then it may be possible this can lead to potentional vulnerabilities.
4)cookie and session management:-we also need to make sure we handle the cookie and session stuff carefully.some programmer made stupid mistakes like storing the passwords in plain text formate in cookie etc etc.
5)Client Side validation:-this is the another mistake programmers make.you can not relay on the client to enter the correct data.you need to make sure on server side that the data which come will be validated properly oin server side.
6)Hidden Fields:-this is the worst mistake programmers make.i seen in some ecommerce site that programmer store the price or quantity in the hidden variables.this is very dangrous situation.someone with basic knowledge can easily manipulate this.so beeter avoid putting critical data in the hidden variables.
there are many more things to learn.will try to updat this post later on.(last updated 9.27 24 dec)
