The typical 10 security breaches

Discussion in 'Ethical hacking' started by slk3, Mar 22, 2013.

  1. slk3

    slk3 New Member

    Mar 22, 2013
    Likes Received:
    Trophy Points:
    IBM AppScan is a good tool to detect security breaches of web applications. Does anybody ever study it? Typically AppScan can find out 10 main attacks including
    • XSS,
    • SQL(Code) Injection,
    • Malicious file execution,
    • Insecure direct object references,
    • CSRF,
    • Information to leak out and improper error handling,
    • Broken authentication and Session management,
    • Insecure cryptographic storage,
    • Unsecured communication,
    • URL access restrictions fail
    What are the corresponding solutions for them? Does anybody ever summarize?
  2. Syperus

    Syperus New Member

    Sep 2, 2011
    Likes Received:
    Trophy Points:
    Where's buffer overflow? This is one of the top security risks due to poor programming techniques.
  3. Avantika Pandey

    Avantika Pandey New Member

    Feb 22, 2023
    Likes Received:
    Trophy Points:
    Here are 10 typical security breaches that can occur:

    1. Phishing: This is the practice of sending fraudulent emails, texts or messages to trick people into revealing sensitive information, such as login credentials or credit card details.

    2. Malware: This is malicious software designed to harm a computer system or network, often by stealing sensitive data or disrupting normal system operations.

    3. SQL Injection: This is a type of cyber attack that targets databases by inserting malicious SQL code into user input fields to access sensitive information.

    4. Cross-Site Scripting (XSS): This is a type of cyber attack that targets web applications by injecting malicious code into websites to steal sensitive information from users.

    5. Social Engineering: This is the practice of using psychological manipulation to trick people into revealing sensitive information or taking certain actions, such as clicking on a malicious link.

    6. Insider Threats: This is when someone with authorized access to a system or network intentionally or accidentally causes a security breach, such as by sharing sensitive information or stealing data.

    7. Ransomware: This is a type of malware that encrypts a victim's data and demands payment in exchange for the decryption key.

    8. Denial-of-Service (DoS) Attack: This is a type of cyber attack that floods a system or network with traffic to disrupt normal operations and deny access to legitimate users.

    9. Man-in-the-Middle (MitM) Attack: This is a type of cyber attack that intercepts communication between two parties to steal sensitive information or modify data.

    10. Password Attacks: This is when hackers use various techniques, such as brute-force or dictionary attacks, to crack weak passwords and gain access to systems or networks.
    Last edited by a moderator: Apr 26, 2023

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice