In the last decade, a lot of people have utilized the Web to communicate and conduct business with their customers. This includes the use of web-based apps that collect and store data such as customer information that is submitted via content management systems shopping carts inquiries or submit forms, and login fields.
Because these applications are Internet-facing and can be accessed from anywhere in the world they are vulnerable to attacks on security that exploit weaknesses in the application or its infrastructure. For instance, SQL injection attacks (which exploit weaknesses in the database) can lead to compromised databases that contain sensitive data. Attackers can also exploit a foothold gained by breaching an Web application to identify and gain access to other, more vulnerable systems on your network.
Other commonly used Web attack types include Cross Site Scripting attacks (XSS) which exploit flaws in the web server to inject malicious code into web pages, and which executes as an infected script in the victim’s browser. This lets attackers obtain confidential information or to redirect users to websites that offer phishing. XSS attacks are prevalent on blogs, message boards and web forums.
Hackers join forces to overwhelm a website by sending more requests than the site can handle. This can cause a website’s performance to suffer or even cease to function completely. This interferes with the ability to handle requests, and renders it inaccessible to all. This is why DDoS attacks can be particularly damaging for small businesses that depend on their websites for the operation for their business, such as local restaurants or bakeries.