Using direct observation to get information. It is relatively simple to stand next to someone and watch as they fill out a form, or enter a PIN number, but shoulder surfing can also be carried out long distance with the aid of binoculars or even CCTV.
SQL injection
Technique where malicious users can inject SQL commands into an SQL statement, via web page input.InjectedSQL commands can alter SQL statements and compromise the security of information held in a database.
Denial of service (DoS) attacks
They do not attempt to break system security, they attempt to make your website and servers unavailable to legitimate users, by swamping a system with fake requests – usually in an attempt to exhaust server resources.
Password-based attacks - Dictionary attack
This uses a simple file containing words found in a dictionary. This attack uses exactly the kind of words that many people use as their password.
Password-based attacks - Brute force attack
Similar to the dictionary attack but able to detect non-dictionary words by working through all possible alphanumeric combinations from aaa1 to zzz10. It’s not quick, but it will uncover your password eventually.
Password-based attacks - Guess
A user-generated password is unlikely to be random.Passwords are likely to be based upon our interests, hobbies, pet names, family names etc. Educated guesses often work.
IP spoofing
a spoof is a hoax, or a trick.IP addressspoofing involves an attacker changing the IP address of a legitimate host so that a visitor who types in the URL of a legitimate site is taken to a fraudulent or spoofed web page. The attacker can then use the hoax page to steal sensitive data
Social engineering
internet users frequently receive messages that requestpassword or credit card information to “set up their account”.Social engineering involves tricking a user into giving out sensitive information such as a password, by posing as a legitimate system administrator. E.g. phishing