Common Web Hack Attacks

Ben Grunfeld
4 min readOct 12, 2020

Looking for a great Software Engineer? Or just feel like having a chat? Visit my profile on LinkedIn and say hi! 😃

Common web hack attacks
Common Web Attacks

Security has to be a core part of our work, not an auxiliary skill. As such, it helps to know the most common types of attacks that hackers carry out.

Common Pathways of Attack

The following access points into your application allow a User to provide custom input. A hacker can take advantage of these access points to send malicious code instead of valid data, which can cause unwanted and dangerous effects, and compromise security.

SQL Injection Attack

The goal of a SQL Injection Attack is to cause malicious or unwanted SQL code to be run on your database.

A hacker may send SQL code (e.g. DROP TABLE IF EXISTS customers;) via one of the pathways mentioned above. e.g. in an HTML form field instead of the desired input.

If your app takes the input and places it directly into an SQL statement without first validating or sanitizing it, it will be sent to your database and executed. The attacking code can break out of your intended SQL statement and cause havoc.

“Code injection is the top security threat to web applications” — OWASP

Defense Against SQL Injection Attacks

  • Validate and appropriately Sanitize your inputs
  • Limit the Apps database privileges
  • Limit permission to Create, Drop, and Update tables
  • Don’t grant access privileges to database users
  • Never let the App connect as the root user
  • Use a popular SQL sanitization library
  • Use prepared SQL statements

Here is an example of a prepared SQL statement:

const query = `SELECT * FROM cars WHERE model = ${modelInput}`

Cross Site Scripting Attacks (XSS)

--

--

Ben Grunfeld

I’m a Front End Engineer who loves React, NextJS, and GraphQL. Looking for a developer in #Israel? Contact me at: https://www.linkedin.com/in/bengrunfeld/