The goals of security testing are simple: Finding flaws in your software’s security mechanisms and possible vulnerabilities some may use for malicious impact. Meaning determining how exactly is the system vulnerable and what may such vulnerability lead to is what you are probably doing at your security testing sessions. To make things a little bit simpler we may determine what security breaches are the most often ones.
SQL Injections: This is probably the most common web hacking technology. This attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data, execute administration operations on the database and in some cases issue commands to the operating system. This particular type of attack is using loopholes as a tool of achieving malicious goals. Thus all input field should be tested properly.
XSS / Cross-Site Scripting: This vulnerability may be found in many web apps. With this attack malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. The websites entire behavior may be changed, personal data may be stolen, etc.
DoS (Denial of Service): This attack aims to make whatever your software is out of service via different resources that are unavailable to primary users.
URL Manipulations: URL query string manipulations are done to capture some important info. HTTP GET method used for information travel from a client to a server allows hackers to do this type of hacking. Yet valley parameters may be modified by a tester to make sure server is not accepting them.