In the last decade, millions of businesses and organizations have adopted the Web as a cheap way to communicate with customers and conduct business. This includes the use of web-based apps which collect and store information, including customer information submitted via content management systems shopping carts and inquiry forms, and login fields.
These applications are often accessible via the Internet and are able to be hacked to exploit weaknesses within the application or its supporting infrastructure. SQL injection attacks which exploit weaknesses within databases, can cause damage to databases that store sensitive data. Attackers can also exploit an advantage gained by breaching an Web application to discover and gain access to other, more vulnerable systems on your network.
Other commonly used Web attack types include Cross Site Scripting attacks (XSS) that exploit weaknesses in the web server to inject malicious code into web pages, and it executes as an infected script in the victim's browser. This allows attackers to access sensitive information or send users to phishing websites. Web forums, message boards and blogs are particularly susceptible to XSS attacks.
Hackers work together to overwhelm websites by sending more requests than the site can handle. This can cause a web page to slow down or shut down altogether in a way that hinders its ability to handle requests and make it unusable for everyone. This is why DDoS attacks can be particularly damaging for small businesses that rely on their websites for operations in local establishments, like bakeries or restaurants.