stackoom
  简体   繁体   中英

What type of attacks are possible on web applications?

 原文  2009-09-15 09:03:14       asp.net/ security

Question

I am going to start new web application (ASP .Net), but i am wondering how many type of attacks are possible on web applications which we need to take care of while building a web application.

As i am developing this web application from scratch, if i can get this kind of list and identify what i need to take care of while building the application it will be a great help.

3 answers

solution1
 4 ACCPTED  2009-09-15 09:05:55

XSS attacks

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.

Denial-of-service attack

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

SQL injection

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.

Also read

Five common Web application vulnerabilities

and a similar SO question

Common Website Attack Methods, Detection, and Recovery

solution2
 2  2009-09-15 09:07:50

There are numerous possible attacks, in fact the more you learn about it so soon realise that it's pretty much an endless list .

However, it's unlikely you are going to be targeted by militray grade hackers and it's a minimum that you should be aware of and protect against the most common attacks , according to owasp .

Not forgetting that while you may only be interested in web application threats, a field in itself, you cannot be ignorant of the other threats to you. The top other two fields I can think of are infrastructure (eg denial of service) and social engineering (eg using weak passwords or leaving them in unsecured locations). As always it's best to defend in depth and treat anything that is not yours as suspicious. The Microsoft SDL is one good place to start if you're interested in a more holistic approach and to have a more solid understanding.

That said, you know your situation. Assess the potential threats and associated risks. Calculate the costs in implementing them. This is your threat model . Then you'll be in a place where you can decide on how secure you can be, you'll never be 100% but as you keep getting closer the cost gets exponentially more expensive.

solution3
 0  2009-09-15 09:09:04

Craploads, but here is a top 10 . You may also like to check out The OWASP Guide .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What are possible architecture options for large scale web applications what is the difference among these terminologies in web applications? What is the best way to rollout web applications? Is it possible to share the same Authentication information between two Web Applications? Is it possible to run asp.net and java web applications in the IIS server? What are your experiences with development frameworks and tools for building web applications? What's the best caching mechanism to use for .Net web applications? What are other ASP.NET web applications that are as well done as StackOverflow? What makes good web form styling for business applications? What could be good ways to deploy ASP.Net Web Applications?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM