Common Web Security Vulnerabilities: XSS, SQL Injection, CSRF, CC, DoS and DDoS

1. XSS (Cross‑Site Scripting) XSS is a code‑injection attack where an attacker injects malicious scripts into a target website so that the script runs in the victim's browser, allowing theft of cookies, session IDs, and other sensitive data.

Typical sources of untrusted input include user‑generated content (UGC), third‑party links, URL parameters, POST data, the Referer header, and cookies that may be set by other sub‑domains.

2. SQL Injection By manipulating SQL statements an attacker can bypass authentication or modify the database. A classic example is constructing a query with user‑supplied values without proper sanitisation.

Example code:

String sql = "select * from user_table where username=' " + userName + " ' and password=' " + password + " '";

If the attacker supplies a payload such as ' or 1=1 -- , the query becomes SELECT * FROM user_table WHERE username='or 1=1' -- and password='' , which always evaluates to true and grants unauthorized access.

Defence measures include checking variable data types and formats, filtering special characters, and using prepared statements or bound parameters.

3. CSRF (Cross‑Site Request Forgery) CSRF tricks a victim’s browser into sending authenticated requests to a trusted site on the attacker’s behalf. The typical attack flow is:

User logs into a trusted site (Site A) and receives a session cookie.

Without logging out, the user visits a malicious site (Site B) in another tab.

Site B returns malicious code that automatically issues a request to Site A.

The browser automatically includes the previously obtained cookie, so Site A processes the request as if it came from the legitimate user.

Defence strategies:

Validate the HTTP Referer header to ensure the request originates from the same domain.

Include a random token (CSRF token) in request URLs or hidden form fields and verify it server‑side.

Send a custom header (e.g., X‑CSRF‑Token ) via XMLHttpRequest and validate it.

Each method has trade‑offs: Referer validation depends on the browser and can be spoofed; token‑in‑URL or body requires developers to embed and verify tokens on every request; custom headers work well for Ajax calls but are unsuitable for non‑Ajax requests and legacy systems.

4. CC Attack (Connection‑Count Attack) The attacker floods the target server with a massive number of connections, exhausting CPU, memory, or bandwidth until the service becomes unavailable. Types include direct attacks, proxy attacks, and botnet‑based attacks. Unlike DDoS, which targets the network layer, CC attacks focus on consuming server‑side resources.

5. DoS (Denial of Service) A DoS attack sends a large volume of bogus requests (often with forged IP addresses) to a server, causing it to allocate resources for connections that never complete. The server eventually runs out of resources and cannot serve legitimate users.

6. DDoS (Distributed Denial of Service) DDoS amplifies the DoS concept by using many compromised machines (a botnet) to launch the attack simultaneously, making mitigation far more difficult. Common tools include LOIC. DDoS can target both computers and network devices such as routers, and its effectiveness is influenced by the attacker’s bandwidth.