Using the combination of an XSS attack and social engineering techniques, hackers can cause a lot more damage by stealing cookies, keylogging, and identity theft.
This also enables them to log in as the user and view information as the user would, allowing them full access to view credit card details, contact information, or even change passwords.
Websites use databases, which is why SQL injections are a real threat. These injections allow databases to be accessed, modified, or deleted regardless of the user’s permissions.
Consequences of a successful SQL injection include spoofing identities, the creation of new profiles with administrator rights, accessing all information on the server, or destroying any/all data to make it unusable. This vulnerability exists if user input passed on to an underlying SQL statement can change its meaning.
Another important threat to address is Cross Site Request Forgery (CSRF). This attack involves both the website as well as the web browser. More specifically, the browser’s authentication functionality.
Using the web browsing applications authentication vulnerabilities, users who are logged in to a particular site can fall prey to the attacker. Once logged in, it provides the attacker the ability to in a way “forge signatures” and perform actions which are not intended by the victim.
However, it should be noted that the users who are merely surfing through the site and not really logged in, would be safe from the attack.
Clickjacking is a threat that can quickly cause a system to spiral out of control. An attacker could either hack a legitimate website, or trick a user to visit an infected site where certain actions are controlled by the attacker. For example, a “submit” button may not submit information to the intended destination, or a close button “X” may actually trigger certain unwanted actions such as activating your camera, microphone, etc.
This can be used, for instance, on a banking site to get login information.
Denial of Service (DoS) attacks occur due to flooding a target website with requests with such volume that the website suffers disruptions for legitimate users.
While this list is not comprehensive, it does give you an idea of what threats exist and how each of them can affect you. By learning more about these security threats, or hiring Field IT support specialists for government, you can begin to design your website to minimize the risk of these issues occurring.