Application Layer Attacks

Countermeasures

Malware Attacks

Network Security Tools, Anti-Malware Software, Firewall, SSL/TLS Certification

SQL Injections

The use of Prepared Statements with Parameterized Queries, Stored Procedures, List Input Validation, Principle of Least Privilege

Cross-site Scripting (XSS)

Filter input on arrival, encode data on output, Use appropriate response headers

Directory Traversal Attack

Validate user input before processing

Phishing

End-User Training, Phishing filters

Email Spoofing

Email Authentication

Password Sniffing

Encryption, VPN