The first network attacks exploited vulnerabilities related to the implementation of TCP/IP protocol suites. With the gradual correction of these vulnerabilities, attacks have shifted to application layers and particularly the web, given that most companies open their firewall systems to web traffic.
In that web servers are becoming more and more secure, attacks are gradually shifting toward the exploitation of web application flaws.
Web application vulnerabilities can be categorized as follows:
The HTTP protocol is by nature used to manage requests, that is, to receive input data and send return data. Data may be sent in a variety of ways:
The basic idea to generally keep in mind during the development process is that you should never trust data sent by the client.
Attacks on web applications are always harmful since they give the company a bad image. A successful attack can have any of the following consequences: