These days attackers always find their way to attack the system as well as the web. As we know everything is online these days. Every business and services are online. So hackers find it easy to attack web applications. Web attacks are more devastating. In this tutorial, we will discuss different web-based cyber attacks.

What is a web application?

A web application is a client-server program that deploys web technology as well as web browsers. Its main use is to make the use of stored information over the internet. Several things are online like personal details, credit card numbers on the internet.

Various web-based cyber attacks are as under:-

  1. Denial of service/Distributed denial of service
  2. Cross-site scripting
  3. SQL injection
  4. Brute force attack
  5. OS command injection attack

Denial of service/Distributed denial of service

In denial of service the attacker mainly makes network resources not available to the users by shutting down the services of host temporarily. In DOS system is mainly flooded with numerous requests, by doing so the system gets overloaded. So no intended user can process his/her request.

In a distributed denial-of-service attack, there are different sources for originating incoming traffic. So it doesn’t work if an attack from one side is sorted out. DDoS attacks acquire control over multiple computer systems. It prevents the normal traffic to reach to its appropriate destination.

Cross-site scripting

This attack prevails if the website is vulnerable to allow adding of the injection of scripts. What attackers do? It injects malicious JavaScripts into the database of the websites. In case the user wants to make use of javascript, the attacker steals the browser cookies to fulfill session hijacking. This attacker’s main focus is to execute various malicious scripts in a web browser by adding up the malicious code on the web page.

SQL injection

SQL is a structured query language that supports backend activities. Here we are talking about attacks so on SQL there is an SQL injection attack. It allows hackers and attackers to see the data.  This data may have some relevant information like user details and sensitive company data. To occur this SQL Injection attack, an attacker must first discover susceptible user inputs within the web page or web application. A web page or web application that has an SQL Injection vulnerability uses such user input directly in an SQL query. The attacker can generate input content. This content is often called a malicious payload.

Brute force attack

Here the attacker makes all the possible combinations of usernames as well as passwords. It is the simplest web attack. It is also known as a password attack. The attacker tries again and again, until he succeeds in his/her mission. Although, it takes a year to break the password. But hackers are very smart. They gain access easily. Just take a simple example the standard password demand is eight characters password, let say  26 uppercase characters, 26 lowercase, and 10 digits. It makes the possible combination of a total of 62 possible characters that means 2.1834011*10^14 combinations that are possible. Although, it takes so many years hackers can easily create a powerful software-based computing engine.

OS command injection attack               

An OS command injection occurs when the hacker’s input operating system (OS) commands into the server. That server is responsible for running the web application. It finds its way to enter the system by server-side. Here attackers have the full privilege to take control of the application. Here the attacker has the control to access the application to show sensitive information. Moreover, the attacker can also modify as well as delete the information.


Attackers just wait for the opportunity to attack the web or system. It is up to you how you can maintain your system security. In this tutorial, we have read different web-based cyber attacks. If you are having any doubts, ask freely in the comment box.



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.