- Primary problem: Data received from the outside is not validated before it is used.
- Mitigation
- Validate all data received from the outside before it is used.
- Enforce a ruleset for the data input.
- Buffer overflows
- Various injection attacks (command injection, SQL injection, XML injection, ...)
- XSS (Cross-Site Scripting)
- Allows an attacker to execute JavaScript code in the browser of another user to steal credentials, hijack a session
- Path traversal
- Allows an attacker to access files outside the web root