Losses related to cybercrime over the past year amounted to about $ 113 billion a year. This money would be enough to host 10 Olympiads, comparable to the 2012 London Olympics.
Top companies that pay for vulnerabilities found:
- Microsoft. The average cost of a bug in Internet Explorer is $ 4,500
- Facebook. The minimum cost of a bug is $ 500
- Google. A bug in Chrome costs about $ 1,000
- Vkontakte paid Ukrainian hackers $ 5,000 for the found XSS vulnerability
- Yahoo! $ 12.5 for the vulnerability, pay with coupons (for the purchase of caps, pens and T-shirts in the Yahoo online store)
Read more about: Security testing services
The main types of attacks on Web applications:
- SQL Injection
- XSS (Cross Browser Scripting)
SQL Injection - One of the most common methods of hacking, which is based on injecting your own arbitrary SQL code into a SQL query.
What can you do with SQL Injection?
-Using injection, an attacker can steal any information from the database without having access to it
XSS - Cross Site Scripting - Type of attack on web applications by injecting client scripts
There are two types:
-Reflected XSS
-Stored XSS
What can be done using XSS ?
- Stealing Cookies -
Stealing authentication data -
Redirecting the user to the attackers' pages
No comments:
Post a Comment