Cross-Site Request Forgery (CSRF)
Published: Sat Feb 01 2025
A vulnerability where an attacker forces an authenticated browser to send unauthorized state-changing requests to a web application.
Common Internet Security
A practical series on common web and network attacks, how they work, and how to defend against them.
Each chapter includes a short explanation, an attack-flow diagram, and a checklist of best practices.
Cross-Site Scripting (XSS)
Published: Sat Feb 01 2025
A code injection attack where malicious scripts are executed in a trusted victim's browser context.
SQL Injection (SQLi)
Published: Sat Feb 01 2025
An injection attack that allows an attacker to interfere with the queries an application makes to its database.
NoSQL Injection
Published: Sat Feb 01 2025
An injection vulnerability targeting NoSQL databases by manipulating query structures or logic using malicious objects.
OS Command Injection
Published: Sat Feb 01 2025
A critical vulnerability where an attacker executes arbitrary operating system (OS) commands on the server via vulnerable application code.
Distributed Denial of Service (DDoS)
Published: Sat Feb 01 2025
A malicious attempt to disrupt normal traffic of a targeted server by overwhelming it with a flood of Internet traffic.
Brute Force Attacks
Published: Sat Feb 01 2025
A trial-and-error method used to guess login credentials or encryption keys.
Credential Stuffing
Published: Sat Feb 01 2025
An automated attack where stolen username/password pairs from one breach are tested against other websites.
Session Hijacking
Published: Sat Feb 01 2025
The exploitation of a valid session control mechanism to gain unauthorized access to a user's session.
Insecure Direct Object Reference (IDOR)
Published: Sat Feb 01 2025
A vulnerability where an application exposes a reference to an internal object (like a file or database key) without verifying authorization.
Broken Access Control
Published: Sat Feb 01 2025
Failures in enforcing policy that allow users to act outside of their intended permissions.
File Upload Vulnerabilities
Published: Sat Feb 01 2025
Attacks where malicious files are uploaded to a server to execute code (Web Shell) or bypass security controls.
Directory Traversal
Published: Sat Feb 01 2025
An HTTP attack which allows attackers to access restricted directories and read (or sometimes write) files outside of the web server's root directory.