An easy way to showcase your web app security is by photographing your home. It has a front door, a back door, windows, a number of rooms, a ceiling, border fences and various access methods. Just the terms are different.
the front door.
The front door of any web application is the login page, and it is not surprising that the primary target of the attack. The login page will consist of edit boxes to type in a username and password and a button to send to the server to authenticate your access to the rest of the web application. Some login pages might provide a captcha to make sure you're a human and not a template of the same form on another server. The form template will move through various forms of usernames and passwords so that it can access the application. This is known as cross-site counterfeiting and is similar to a thief faking your house keys.
Captchas are mixed images of mixed letters and numbers that make it impossible for an automated script to read. Unfortunately, when scripts become smarter when reading these images, captcha pictures must become more complex and more difficult for humans than to read them. This frustrates the end user because he repeated failed attempts to access his account because the captcha is not readable. The solution to this was to replace the captcha with a secure code. My secure token is generated when joining the username and password and any other user information available using a unique key created. This sequence is then encrypted and stored as a hidden field on the form, making it impossible for any typical model to make a successful login attempt.
Windows and back door.
What are the web application windows? I do not mean the OS on the server. I'm talking about potential areas on every page that can be broken down to make forced entry. These areas are edit boxes and text areas that allow the user to write information. The attacker would use edit boxes and text spaces to enter commands that the database understands. If the program is not written securely, it is very easy to interrupt the database when it saves data, so that the commands provided by the attacker are executed. Regular attacks may damage the database, expose data to theft, or endanger user information. This type of attack is known as SQL injection.
To prevent cross-site scripting, the software should scan all editable regions for code and also includes a secure code in every URL and link. The holes and gaps in the walls must be closed. All secure pages must have an authenticated user.
We have all the fake phony callers who claim to be the gas man or the water company saying they need to get to your house to stop the supply. Website attackers or any other user of your site may contact you via email, social network or phone and trick you into revealing your login details. The reasons they may provide are that your website has already been hacked and can fix it if you provide access to them. The only prevention is to constantly remind users that they should never disclose their username and password to anyone and that you as the site owner will never ask them to disclose their password. You must provide links to allow users to reset forgotten passwords by sending them an email link with an encrypted code to ensure its source.
Enter brute force.
The simplest and quickest way for a thief to enter a house is to use the donor to open the door award, or smash a window with a brick.
The hi-tech version of this method is DoS. DoS attack entails repeatedly targeting webpage until the web server runs out of memory and closes itself.
As the number of thieves decreases, the number of hackers increases. The thief may only be after financial gain, as the infiltrator's motive can be only political, financial, or harmful. No home may be robbed without any protection, but an unsafe website will definitely be attacked at last.