Recently, PreciseSecurity investigated and researched active hacker attacks in 2019 and ranked them. It was found that cross-site scripting attacks (XSS) became the hackers’ favorite attack vector globally in 2019.
It is understood that cross-site scripting is a network attack, a computer security vulnerability that often appears in web applications. It allows malicious web users to implant code into the pages used by users. Such as HTML code and client-side script, to help attackers steal user accounts, control corporate data, steal important business valuable data, illegal transfers, website hacking, control victim machines to other Websites launch a series of malicious actions. Surveys have shown that most XSS attacks are targeted at large companies operating in Europe and North America.
According to the ranking created by PreciseSecurity, it can be seen that SQL injection attacks rank second after XSS network attacks, followed by Fuzzing attacks, that is, attackers use their own vulnerability query software to look for vulnerable code in the operating system or network to further invade.
Simon Roe, product manager of security vulnerability sharing platform Outpost24, said that by 2020, hackers will continue to attack websites through APIs. Because in order to meet changing market demands, most developers put network security guidelines aside during security coding due to time and budget constraints.