Web Attacks

SQL Injection
A SQL Injection, or SQLi, is a vulnerability which allows a hacker to “inject” a SQL statements into a target and access their database. The potential here is pretty extensive often making it a highly rewarded vulnerability.

HTTP Parameter Pollution
HTTP Parameter Pollution, or HPP, occurs when a website accepts input from a user and uses it to make an HTTP request to another system without validating that user’s input. This can happen one of two ways, via the server (or back end) and via the client side.

Cross-Site Request Forgery
A Cross-Site Request Forgery, or CSRF, attack occurs when a malicious website, email, instant message, application, etc. causes a user’s web browser to perform some action on another website where that user is already authenticated, or logged in. Often this occurs without the user knowing the action has occurred.

Open Redirect Vulnerabilities
According to the Open Web Application Security Project, an open redirect occurs when an application takes a parameter and redirects a user to that parameter value without any conducting any validation on the value. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it, abusing the trust of a given domain to lead users to  another. The malicious website serving as the redirect destination could be prepared to look like a legitimate site and try to collect personal / sensitive information.