A web vulnerability is a specific type of programming or configuration error. Vulnerabilities make it possible for malicious hackers to access resources that should be inaccessible, including sensitive data, application code, or the web server’s operating system. Such security defects may also allow attackers to use your vulnerable website or web application as a tool for other malicious activities, like phishing attacks.
Here are the most common and dangerous web vulnerabilities at a glance – see the full index for more:
Remote code execution (RCE)
Remote code execution means that a remote attacker is able to execute code in the programming language of the software.
SQL injection (SQLi)
SQL injection means that an attacker is able to introduce undesired SQL code into SQL queries executed by the software.
Cross-site scripting (XSS)
Cross-site scripting means that an attacker introduces commands into client-side code executed by a browser on behalf of the web application.