09 24 2025 - rtji0/Arthur-Tech-Journal GitHub Wiki

Vulnerabilities in Web Browsers

• Bad config
• Scripts
• Popups and extensions

Vulnerabilities in Web Servers

• Default users/perms not changed
• Sample files/scripts not removed
• Dir perms (default or bas setup)
• Technical illiteracy

Typical Attacks on web servers and sites

SQL

• Structured Query Language, very common for databases

• Select role from users where login = "jones" and password = "12345"
• Update Users set phone = 1-802-865-645 where LName = "Smith"
• Select ACCID from customers where email="[email protected]" AND password == "rover"

• SQL Injection Attacks

• Update transaction SET ID=valid

Stack Buffer Overflow

• When an app writes more data than a memory location can hold, overwriting (overflow) the adjacent memory space

Cross Site Scripting (XSS)

• Attackers embed a script in a web form field

Cookies

• Cookies are a part of many web apps that exist to maintain small bits of personal data, like website settings or authentications

• m

• Web apps would be much more secure without cookies, but users prefer them for convenience

How do we prevent these?

• Validate all inputs

Authentication + Encryption

• Zero trust policy