Few common and emerging website security threats include the following
DDoS Attacks
DDoS means Distributed Denial of service attacks which make the website unavailable by increasing the requests for web pages from the web server hosting the website from multiple geographically distributed locations to such a extent, that web server stops fulfilling requests for a webpage. It is done by floods of packets overwhelming a victim’s network so that valid requests can’t get through. Improvements in defenses have forced attackers to change the way they attack. Packet floods have become larger, maxing out at 100 Gbps.
Attackers look for URLs on a target site and then make calls to the back-end database that powers the site. Frequent calls to those Web pages quickly consume a modest site’s resources. Massive DDoS attacks often mask “low-and-slow” attacks
Vulnerable Plug-Ins
Various plug-in based technologies have been exposed with severe vulnerabilities like Flash, Java. Many security websites have suggested users to disable Java in browsers or uninstall it. Cyber criminals are focusing on Java because it’s widely deployed but poorly patched.
Old Browser usage
Browser vulnerabilities in old versions of web browsers in use, are adding to cyber attacks. Exploit kits bring together a dozen or so attacks on various vulnerable components and can quickly compromise a company’s systems if the patches aren’t up to date.
Web Scraping
Automated Web bots scrape from Web pages information that can give a competitor better intelligence on products or services being offered.
Bad SQL Input Processing
Since 2010, SQL injection has held the top spot on the Open Web Application Security Project’s list of top 10 security vulnerabilities. Dynamic websites that pass search queries or other application inputs to a back-end database server are vulnerable to SQL injection. But the simple fix, is to check all user-provided input to make sure it’s valid.
