Website security is an important aspect of a website. It's a process of securing the confidential information of website from the unauthorized access. There are infinite ways to breach the security of websites. Few of the most common are as follow:-
Directory Traversal is a method of exploiting the web applications by accessing files beyond the document root directory. It allows the hackers to view the restricted files and interact with them by using the command line.
It's kind of guesswork for hackers to find out the name of hidden files but can be executed easily by using few common file names. Once the attackers have the access to hidden files and folders, can easily steal your confidential information or can delete the important files too.
Remote Code Execution allows a hacker to execute the code remotely at the web server or client side. It's caused by a website vulnerability which allows hackers to deploy the malicious file at the web server. This can be caused by improper use of require() and include() functions. Malicious file can also be inserted by improper use of the file upload functionality.
Cross Site Scripting is the most common form of hacking. In this particular form of attack, hackers inject the web page with client side executable scripts and when a user visits the page, the script got download at the web browser. Now the hacker can control the whole website at the client side.
Session Hijacking can't breach the database or web application but can easily compromise the user accounts. The session is an entity triggered when the user login into the account. If a hacker can somehow able to get the session id of a particular user, can control the user account easily.
It's a most common attack at database driven websites where the user interacts with the website to perform the task like login, signup, and updation of information. There was a time when every second website got affected by SQL Injection but now after the replacement of MySQL by MySQLi, these attacks are got prevented up to an extent.