The hacker's mind map
There is no substitute for the human mind. In this section, we will focus more on how a web application looks from the perspective of an attacker. The following diagram shows a mind map of a web application hack:
The mind map is split into two categories: attackers can attack either server-side vulnerabilities or client-side vulnerabilities. These vulnerabilities normally occur for one of the following reasons:
- Use of old or unpatched technology
- Poor security configuration for the latest technology
- Coding without security in mind
- The human factor: a lack of skilled staff
On the server side, attackers would typically perform the following list of attacks:
- Web application firewall evasion
- Injection attacks
- Remote code execution
- Remote file inclusion/local file inclusion
- Directory path traversal
- Exploiting session management
- Exploiting the logic of the system or application
- Identifying any relevant information that can help them to perform more dedicated attacks
Client-side attacks are...