Over the past decade many businesses and organizations have accepted the Web as a cost-effective method to connect with customers and conduct business. This includes web applications that store and collect data. This includes customer information that is submitted via content management systems, online shopping carts, inquiry forms, or login fields.
These applications are typically accessed via the Internet and can be hacked to exploit vulnerabilities within the application, or in its infrastructure. For example, SQL injection attacks (which exploit weaknesses in the database) can result in compromised databases that contain sensitive data. Attackers can also leverage a foothold gained by breaching an Web application to discover and access other vulnerable systems on your network.
Other typical Web attack types include Cross Site Scripting attacks (XSS) that exploit weaknesses in the web server to inject malicious code into web pages, and that code is executed as a virus-infected script within the victim’s browser. This allows attackers to steal private information, or redirect users to phishing sites. XSS attacks are most prevalent on blogs, message boards and web forums.
Hackers collaborate to overwhelm websites by sending more requests than the site can handle. This can cause a website to lag or even stop functioning completely. This hinders the ability to process requests, rendering it unusable to everyone. This is why DDoS attacks can be especially damaging for small businesses that depend on their websites for the operation for their business, such as local bakeries or restaurants.