Context
General literature review about web application vulnerabilities
Approach
Non-systematic literature survey
Results
he Russia-Ukraine conflict has led to a 300% increase in cyberattacks targeting NATO countries, with a particular focus on critical infrastructure, utilities, public services, and the media and information space.
Most relevant vulnerabilities, sorted by prevalence:
- SQLIA (SQL injection attack)
- RCE (Remote Code Execution)
- XSS (cross site scripting)
- CSRF (cross-site request forgery)
- file inclusion
- DoS (Denial of Service)
- misconfiguration
- broken access control (RBAC (role-based access control) issues)
- SSRF (server-side request forgery)
- identification and authentication failures
- XXE (XML external entities)
- insecure design
- directory traversal (path traversal)
- software and data integrity failure
- cryptographic failures
- vulnerable and outdated components
- security logging and monitoring failures
- information leak
- string validation
- redirect attack
- privilege escalation
- session hijacking
- clickjacking
- brute force attack
- memory corruption