Common examples are XSS, CSRF, and SQL injection
XSS (Cross Site Scripting) Cross-site scripting attacks
Definition: An attacker inserts a script on a web page, and the malicious script is executed when users browse the web page
XSS attacks fall into three categories: storage (persistent), reflection (non-persistent), and DOM based
How to prevent:
Set HttpOnly to avoid dangerous filtering of cookie hijacking, for example
Cross Site Request Forgery (CSRF
Definition: An attack that hijacks a trusted user to send an unexpected request to the server
How to prevent:
Verify that the HTTP Referer field requests the token to be added to the address and verifies the custom attributes in the HTTP header and validates
SQL Injection
Definition: Unauthorized access to database information
How to prevent:
Put an end to user submitted parameters into the library and execute in the code layer, SQL statements are not allowed to appear in the web input parameters, SQL escape for all parameters online test, need to use SQL automatic injection tool for all page SQL injection test