Content deleted Content added
m Undid revision 1248822080 by 86.99.86.96 (talk) |
→Web applications: reword for accuracy |
||
Line 54:
*[[Process hijacking]] occurs when an attacker takes over an existing [[computer process]].{{sfn |Strout |2023|p=15}}
===Web applications===
[[Web applications]] run on many websites. Because they are inherently less secure than other applications, they are a leading source of [[data breach]]es and other security incidents.{{sfn |Strout |2023|p=13}}{{sfn|Haber |Hibbert|2018|p=129}}
*[[Authentication]] and [[authorization]] failures enable attackers to access data that should be restricted to trusted users.{{sfn |Strout |2023|p=13}}
*[[Business logic vulnerability]] occurs when programmers do not consider unexpected cases arising in [[business logic]].
*
*Attacks used against vulnerabilities in web applications include:
*
*[[Cross-site scripting]] (XSS) enables attackers to [[code injection|inject]] and run [[JavaScript]]-based [[malware]] when [[input checking]] is insufficient to reject the injected code.{{sfn |Strout |2023|p=13}} XSS can be persistent, when attackers save the malware in a data field and run it when the data is loaded; it can also be loaded using a malicious [[URL]] link (reflected XSS).{{sfn |Strout |2023|p=13}} Attackers can also insert malicious code into the [[___domain object model]].{{sfn |Strout |2023|p=14}}
*[[SQL injection]] and similar attacks manipulate [[database queries]] to gain unauthorized access to data.{{sfn |Strout |2023|p=14}}
| |||