Common website attacks along with prevention methods
SQL injection
Injecting malicious SQL queries via input fields.
Prevention: Use parameterized queries or prepared statements to separate data.
Cross-Site Scripting(XSS)
Injecting malicious scripts into web pages viewed by users.
Prevention: Sanitize and validate user input. Implement Content Security Policy(CSP) to restrict the execution of scripts.
Cross-Site Request Forgery(CSRF)
Tricking users into executing unwanted actions on a website.
Prevention: Implement CSRF tokens and require user authentication for sensitive actions. Use SameSite cookies to mitigate CSRF attack.
Distributed Denial of Service(DDoS)
Overwhelming a website's server with excessive traffic.
Prevention: Employ DDoS mitigation services, configure firewalls, and implement rate limiting. Utilize content delivery networks(CDNs) for distributed traffic handling.
Brute Force Attacks
Repeatedly attempting various combinations of usernames and passwords.
Prevention: Implement account lockout mechanisms, CAPTCHA, and multi-factor authentication(MFA). Enforce strong password polices.
Phishing Attacks
Deceiving users into revealing sensitive information.
Prevention: Use email authentication techniques like SPF, DKIM, and DMARC. Implement HTTPS and SSL certificates.
Man-in-the-Middle (MitM) Attacks
Intercepting and eavesdropping on communication between users and websites.
Prevention: Use SSL/TLS encryption for secure data transmission. Implement certificate pinning.
Session Hijacking
Stealing a user's session identifier to gain unauthorized access.
Prevention: Implement secure session management practices, such as using HTTPS, expiring session after inactivity, and rotating session identifiers.
Directory Traversal/File Inclusion
Exploiting vulnerabilities to access unauthorized directories or include malicious files.
Prevention: Validate and sanitize user input. Restrict file system access. Implement file upload security measures, such as whitelisting allowed file type.
Zero-Day Exploits
Exploiting previously unknown vulnerabilities.
Prevention: Stay informed about security advisories and apply software patches promptly. Implement intrusion detection systems(IDS) to detect and mitigate zero-day exploits.