Member-only story
Common Web Hack Attacks
Looking for a great Software Engineer? Or just feel like having a chat? Visit my profile on LinkedIn and say hi! 😃
Security has to be a core part of our work, not an auxiliary skill. As such, it helps to know the most common types of attacks that hackers carry out.
Common Pathways of Attack
The following access points into your application allow a User to provide custom input. A hacker can take advantage of these access points to send malicious code instead of valid data, which can cause unwanted and dangerous effects, and compromise security.
- HTML forms
- URL’s
- API Requests that allow custom input (e.g. Github API — Create Pull Request)
SQL Injection Attack
The goal of a SQL Injection Attack is to cause malicious or unwanted SQL code to be run on your database.
A hacker may send SQL code (e.g. DROP TABLE IF EXISTS customers;) via one of the pathways mentioned above. e.g. in an HTML form field instead of the desired input.
If your app takes the input and places it directly into an SQL statement without first validating or sanitizing it, it will be sent to your database and executed. The attacking code can break out of your intended SQL statement…
