What do Cross Site Scripting (XSS), SQL Injection, SSI Injection, HTTP Response Splitting, and Brute Force attacks mean?
Cross-Site Scripting: An attack technique that forces a website to echo client-supplied data, which execute in a user’s web browser. When a user is Cross-Site Scripted, the attacker will have access to all web browser content (cookies, history, application version, etc). SQL Injection: An attack technique used to exploit websites by altering backend SQL statements through manipulating application input. The attack relies on lack of field validation and the use of database scripts by websites. SSI Injection: A server-side exploit technique that allows an attacker to send code into a web application, which will be executed by the web server. Similar to SQL injection, SSI injection relies on the use of multiple languages in the development of web applications. HTTP Response Splitting: An HTTP response splitting attack causes the web server to send out two HTTP responses, where it typically only sends out one HTTP response (hence the name – “response splitting”). This can be described as H
