In the last decade, millions of people have used the Web to communicate and conduct business with their customers. This includes web-based applications that store and collect information. This includes information about customers provided through content management systems and online shopping carts, inquiry forms or login fields.
These applications are often accessed via the Internet and are able to be hacked in order to exploit weaknesses within the application or its supporting infrastructure. SQL injection attacks which exploit weaknesses within databases, can compromise databases that hold sensitive data. Attackers can leverage the foothold they gain by compromising your Web application to discover other, more vulnerable systems in your network.
Cross Site Scripting (XSS) is a different Web attack type. This exploits vulnerabilities in web servers to inject malicious code in web pages. The script then runs in the victim’s web browser. This allows attackers to steal private information, or redirect users to phishing sites. Web forums, message boards and blogs are especially vulnerable to XSS attacks.
Hackers work together to overwhelm a website by sending more requests than the site can handle. This could cause the page to slow or shut down altogether in a way that hinders the ability of the site to process requests and render it inaccessible for everyone. This is why DDoS attacks are especially devastating for small businesses that depend on their websites to run, such as local restaurants or bakeries.