A Review of Common Web Application Breaching Techniques (SQLi, XSS, CSRF)

Abstract

Regarded as one of the most popular platforms for digital services and content delivery over the internet, web application has been transforming our society for the better. However, with an increasing amount of critical services built upon web applications across government and private sectors, web applications have become a clear target for adversaries driven by financial or political motives. Although security standards such as the OWASP ASVS are being actively developed by security researchers to counteract the attacks on web applications, the concept of secure coding remains hostile for many developers, resulting in developed systems with various underlying vulnerabilities. This paper aims to provide an overview of the most common web application breaching techniques, with explanations to their working principles, proof of concept examples as well as applicable countermeasures.