When browsing the Internet we can suffer many types of attacks. These problems can affect the pages we visit or web applications we use. Logically this can put our security and privacy at risk. Therefore, it is important to know at all times what the main types of attacks are .
Attacks on web applications
Hackers often set their sights on what is hosting the most users. One way to achieve more probability in your goals. This can certainly happen on websites and web applications . They can search for possible existing vulnerabilities to carry out their attacks.
Web applications are very varied services and functions. They can be, for example, the tools to log in, the purchase process on a page or functions to manage the content of a social network.
Strain malicious files
Some web applications allow uploading files . This means that we could host an executable file and this could be exploited by hackers. They could upload a file with a malicious script. That server where you have uploaded the file may be compromised
In case you do not have adequate security and prevention measures, it could be a major problem for all those users who access this server. They could have loaded malicious files that are running and could compromise security and privacy.
Normally, and this is recommended, servers usually have different characteristics to validate the uploaded files. For example, detecting possible extensions that could be a danger or the type of content.
Plain text traffic
A potential intruder could access website traffic that is transferred in plain text . This is a major problem for the privacy of users. As we know, this could lead to what is known as Man-in-the-Middle. Basically an attacker can intercept requests to send information. If we send a message, upload a file or any type of request, it can be intercepted.
This occurs when traffic goes through HTTP. In this way, it is not encrypted and what we discussed above may occur. It is undoubtedly one of the most common types of attacks on web applications. Therefore, we must always make sure that we are browsing correctly encrypted pages when we go to log in or send information of any kind.
Link injection
Another major problem affecting applications and websites is link injection . This could jeopardize our security and privacy, as we could be accessing a link controlled by hackers.
How does this happen? Basically it means that cyber criminals inject fraudulent links on that site. In this way, when the victim enters and accesses that link, they are not really entering a website or section that is legitimate, but rather directly accessing a page or server that is controlled by the attackers.
HTTP parameter contamination
One more attack is that of HTTP parameter contamination . When we visit a web page, it is normal that we have to provide input data on that site through certain HTTP parameters that are responsible for sending said data to the web application. In this way the web application can work correctly. An example is when logging in to be able to send an e-mail, fill out a survey, etc.
The problem is when these HTTP parameters have been contaminated and therefore they can maliciously manipulate the data that we are sending. Instead of going to the legitimate server in a way that doesn’t harm us, they could misuse it. It could, in short, modify the behavior of the application, trigger errors or allow unauthorized access.
Auto-complete attribute
It is also another type of attack to abuse the autocomplete attribute that is usually set to off mode. The issue here is that a potential attacker could have it activated and this would allow the browser to store user-entered information in the cache.
What could happen to this? A potential attacker would have access to the username and password entered in the browser cache.
Click hijacking
This type of attack is mainly present on platforms such as social networks. It means that an attacker has successfully infected that site with the goal of hijacking clicks. This means that if a person clicks on an element of that platform, they could end up in a site controlled by attackers and put their security and privacy at risk.
