1) Sql injection
– Try to simulate sql injection with very known tool HaviJ
2) Transport Layer attacks (http/https)
– Typically Man in the middle attack that sniffs the no secured traffic by injecting javascript keylogger on the webpage specially in login page.
Cookies are source of this kind of attacks too.
3) Insecure password storage
– Password are stored either in plain text either encrypted or cryptographically hashed mode (one way process)
Password storage on the DB has to be always hashed with the right algorithm rather that just encrypted them and enforce a strong password policy
Try hashcat combined with password dictionary downloaded on sites such as “hashkiller.co.uk”
4) Cross Site Scripting (XSS)
– Technique of distributing a link with xss payload , victims follows the link , page returned to browser (reflected) and victim’s data sent to attacker
– Encode correctly HTML / HTML attributes/ CSS / JavaScript
– Protect the cookies not to be accessible by client script
5) Weak Account Management
– Poor password tools, lack to brute force protection, remember password option of web browsers, password change mechanism, account enumeration list ( the page answer to a request to confirm or not the existence of an account on the system).