-
XSS (Cross-Site Scripting): XSS is a type of injection security vulnerability where malicious scripts are injected into trusted websites. These scripts can then be executed by the browser of any user who visits the compromised website. XSS can lead to various threats such as identity theft, data theft, and malicious redirection. There are three types of XSS attacks: stored XSS, reflected XSS, and DOM-based XSS.
-
CSRF (Cross-Site Request Forgery): CSRF is an attack that tricks the victim into submitting a malicious request. It exploits the trust that a website has in a user's browser. In this attack, the victim is forced to execute unwanted actions on a web application in which they're authenticated. These actions could range from changing their email address, password, to even more serious actions like making purchases.
-
UI Redressing: UI Redressing is a technique used by attackers to trick users into performing actions they did not intend to do. This is usually accomplished through the use of transparent layers (or "invisible" layers) that are overlaid on the expected UI elements. The most common type of UI Redressing attack is clickjacking, where the attacker tricks the user into clicking on something different from what the user perceives.
-
MITM (Man-in-the-Middle): A man-in-the-middle attack is a type of eavesdropping attack, where the attacker intercepts and potentially alters the communication between two parties without their knowledge. This can happen in any form of online communication, such as email, social media, web surfing, etc. Attackers could potentially steal login credentials, personal information, or even alter a conversation to achieve their goals.