5 Most Common Web Security Vulnerabilities
                     5 Most Common 
Web Security 
Vulnerabilities
 Vulnerability management solutions help sanitise application inputs and 
outputs, and adopting certain coding practices can protect applications against 
most vulnerabilities and assures your vulnerability management. However, this is 
not enough. Web applications are constantly developing, and security testing 
must be incorporated into every development lifecycle stage to identify and fix 
vulnerable code early on.  
It occurs when attackers use malicious 
SQL code to manipulate backend 
SQL databases. The result can include unauthorised data listing, dropping 
(deletion) of tables, and unauthorised 
Injecti administrative access.
on
 It is an attack targeting users of an 
application. It can be used to access user 
accounts, attack their data to inject Trojans, 
change page content to deceive users, or 
Cross-Site deface a website. A more dangerous variant 
is stored XSS when malicious code is 
Scripting injected persistently into the application to distort your data. Reflected XSS also starts 
happening when malicious scripts are 
(XSS) reflected from the application to the user’s browser. Attackers can use JavaScript for 
XSS vulnerabilities to access a user’s 
webcam, location, and other sensitive data 
and functions.
Authentication helps apps identify and 
validate users. If the authentication breaks, 
Broken it can allow attackers to access and have the same permissions as the targeted user, 
Authenticati creating severe web app vulnerabilities. Authentication issues can give an attacker 
on access to your sensitive data and wreak havoc on your web application.
It is an attack that can lead to unwanted 
transfers of funds, password changes, or 
data theft. It involves an attacker leveraging 
a user’s open session, causing the user’s 
browser to unknowingly perform actions on 
Cross-Site a site the user is logged into. CSRF uses 
Request social engineering to trick authenticated users into clicking a link, for example, and 
Forgery take control of their sessions. As the attacker has established sessions, it can lead 
(CSRF) to unwanted performance changes to the state of an app or data theft. 
In this vulnerability, web applications are 
misconfigured, leaving an array of 
Security vulnerabilities for attackers to capitalise on. Security misconfigured vulnerabilities 
Misconfigura include various issues followed up with 
unpatched flaws, unused pages, 
tion unprotected files or directories, outdated 
software, and running software in debug 
mode.
THANK YOU