What is a Web application vulnerability?
A Web application vulnerability is a security weakness in a website or its environment. Vulnerabilities are sort of like holes, and an attacker can get in through the holes to make a website perform actions or do things the site owner didn't intend.
Flaws in a site's code or improper configuration can cause vulnerabilities. Depending on the vulnerability, attackers can do all sorts of things to steal information, disrupt a website or perform other malicious actions.
Vulnerabilities are difficult for Web developers to identify because, in many cases, they do not affect the intended use of the application. Plus, there are hundreds of "known" vulnerabilities and new ones are discovered daily.
For example: If a login page on your site submits credentials in "clear text," the login information is sent to the server unencrypted. Visitors can log in and might not notice any issue.
Attackers who discover the "clear text" vulnerability might try to intercept another visitor's login information to view it.
You can resolve this issue by adding an SSL certificate to your website. SSLs encrypt transactions between visitors and your site, so an attacker cannot view the credentials.
Avoid vulnerabilities by learning more about secure coding standards, and keep your hosting applications up to date with the most recent versions or patches. Use a tool to detect issues, such as Website Protection Site Scanner.
To learn more about common vulnerabilities and how to avoid them, see The Open Web Application Security Project.
