In the past decade, a lot of people have utilized the Web to communicate and conduct business with their customers. This includes the use of web-based apps which collect and store information including customer information provided via content management systems, shopping carts and inquiry forms and login fields.
These applications are often accessible via the Internet and can be hacked to exploit vulnerabilities within the application or its supporting infrastructure. For example, SQL injection attacks (which exploit weaknesses in the database) can result in compromised databases that contain sensitive information. Attackers can also leverage an advantage gained through hacking an Web application to identify and gain access to other, more vulnerable systems on your network.
Other common Web attack types include Cross Site Scripting attacks (XSS), which exploit vulnerabilities in the web server to inject malicious code into web pages, and that code is executed as a virus-infected script within the victim’s browser. This allows attackers obtain confidential information or to redirect the user to sites that offer phishing. XSS attacks are most prevalent on blogs, message boards and online forums.
Hackers band together to overwhelm a website by sending more requests than the site can handle. This can cause the web page to slow or completely shut down that compromises the ability of the site to process requests and make it unusable for all users. This is why DDoS attacks can be especially damaging for small businesses that depend on their websites to operate for their business, such as local restaurants or bakeries.