In the last decade many businesses and organizations have accepted the Web as an inexpensive way to interact with customers and conduct business. This includes the use of web applications that collect and store data such as customer data submitted through content management systems, shopping carts inquiry or submit forms, and login fields.
Because these applications are internet-connected and frequently accessible from anywhere in the world They are at risk for hacking attempts to exploit weaknesses in the application or its supporting infrastructure. SQL injection attacks which exploit weaknesses in databases, could compromise databases that contain sensitive information. Attackers can also leverage the security of a Web application to identify and access other, more vulnerable systems on your network.
Cross Site Scripting (XSS) is another common Web attack type. This exploits weaknesses in web servers to inject malicious code into web pages. The script then executes in the victim's web browser. This allows attackers to gain access to private information, or redirect users to phishing sites. XSS attacks are prevalent on blogs, message boards and online forums.
Hackers work together to overwhelm websites by sending more requests than the site can handle. This can cause the web site to slow down or even shut down completely that compromises the ability of the site to process requests and render it inaccessible for everyone. This is the reason DDoS attacks can be especially damaging for small businesses that rely on their websites to run like local restaurants or bakeries.