Web applications interact with many different users at the same time over a network, and as such, must be easily accessible to a large number of people. This accessibility leads to attackers manipulating various components of web apps in order to steal sensitive data, compromise other users' sessions, disrupt the apps' operation, and many more.
- Poorly implemented or non-existent security configurations.
- Failings in authentication and authorization components.
- Weaknesses to various types of code injection.
- Weaknesses to cross-site scripting (XSS) and cross-site request forgery (CSRF).
- Weaknesses to clickjacking.
- Weaknesses to file inclusion exploits.
- Weaknesses to web shells.
- Insecure coding practices.