All the vulnerabilities listed below are essential to know when it comes to web security. These vulnerabilities are the most common and are the most likely to be exploited. It is important to know how to prevent these vulnerabilities from being exploited and how to fix them if they are exploited.
- XSS (Cross-Site Scripting) Injecting malicious scripts into web pages viewed by other users.
- RFI (Remote File Inclusion) Exploiting scripts to include files located on remote servers.
- File Upload Inserting malicious files into web applications.
- CSRF (Cross-Site Request Forgery) Unauthorized commands are transmitted from a user the website trusts.
- SQL Injection Inserting or "injecting" an SQL query via the input data from the client to the application.
- Session Hijacking Illegally gaining access to another user's web session.
- HTTP Utilize Wireshark for sniffing passwords, usernames, and other sensitive data.
- Lack of Rate Limiting (DDoS) Potentially looping through the site with multiple computers or renting servers to crash the site.
- No Logging Absence of event logging, making malicious activities difficult to trace.
- Execution of Malicious Files Running harmful files, potentially affecting the system or network.
- Metadata Not Removed For example, not removing geolocation data from profile pictures.