SQL Injection is a vulnerability that allows an attacker to insert or inject a SQL query into an application. Injection is number one vulnerability on the OWASP Top Ten list for 2013. Common ways to exploit this vulnerability is to add a SQL statement into a form element or by sending POST/GET requests with the query using known parameters. The risk of SQL injection is loss or compromise of critical or sensitive data. more…

Cross-site request forgery [CSRF] is a type of attack where a user is tricked/forced into performing an unwanted action on a friendly website that they are authenticated with. For example, if a user is logged into their bank and then visits a malicious site, it is possible that the malicious site can use the user’s session to make requests to the bank server. more…