Think malicious users need sophisticated tools to attack a Web site? Think again. All they really need is a Web browser and basic knowledge of SQL or another scripting language.. . .

Think malicious users need sophisticated tools to attack a Web site? Think again. All they really need is a Web browser and basic knowledge of SQL or another scripting language.

Sometimes all malicious users do is place a script inside the username, address, or search query field on a Web page. And sometimes they get help from the sites they target. Error messages from unprotected servers can provide attackers with vital clues about the security on the back end, as well as the type of server being used, and the software running on it.

Common types of attacks include cross-site scripting (where customers are redirected to another site); buffer overflows (where rogue code can be executed on a remote server); cookie poisoning (where encrypted customer data can be altered); and parameter tampering (whereby malicious users can gain access to whole directory structures--and confidential files--on a remote system).

The link for this article located at ZDNet is no longer available.