Cross-Site Scripting (XSS)
XSS attacks are a type of injection where malicious code is injected into a web application by the attacker. This happens when the web application lacks mechanisms to validate user input from the browser.
An attacker develops a code (script) that executes when the user is interacting with the web application. The browser has no way of differentiating genuine and injected code since the attacker will use a script that looks genuine but with the intention of changing the behavior of the web application.
The best practice to prevent XSS attack is to make sure that user input is validated before being submitted to the database and also allowing only authorized users in certain levels of the application.
Man-in-the-middle (MitM) attack
MitM attack happens when a hacker comes between a client and the server. A client may be using a browser to access an application and the hacker hijacks the communication between client’s browser and the network server.
A very common MitM attack is Session Hijacking – this attack occurs when a hacker hijacks a user’s session and substitutes the IP address making the server believe that it’s still communicating with right, trusted client.
DoS attacks happen when hackers attack a network and prevent valid users from accessing resources of the network. This is done by sending multiple requests to the target machine in order to overload or overwhelm the system therefore making resources unavailable for the intended user.