Network-based points of attack can

Network-based points of attack can include:

Wi-Fi (weak encryption/no encryption) – Applications failing to implement encryption, when used across a Wi-Fi network run the risk of data being intercepted by a malicious attacker eavesdropping on the wireless connection. Many applications utilize SSL/TLS, which provides some level of protection; however some attacks against SSL/TLS have also been proven to expose critical user data to an attacker.

Rogue access points – Involves physically installing an unauthorized wireless access point that grants parties access to a secure network.

Packet sniffing – Allows a malicious intruder to capture and analyze network traffic, which typically includes username and password information transmitted in clear text.

Man-in-the-Middle (MITM) – Involves eavesdropping on an existing network connection, intruding into that connection, intercepting messages, and modifying select data.

Database attacks and vulnerabilities include:

SQL injection – Interfaces that don’t properly validate user input can result in SQL being injected into an otherwise innocuous application query, causing the database to expose or otherwise manipulate data that should normally be restricted from the user or application.

OS command execution – Similar to SQL injection, certain database systems provide a means of executing OS-level commands. An attacker can inject such commands into a query, causing the database to execute these commands on the server, providing the attacker with additional privileges, up to and including root level system access.

Privilege escalation – This occurs when an attack leverages some exploit to gain greater access. On databases this can lead to theft of sensitive data.
Data dumping – An attacker causes the database to dump some or all data within a database, exposing sensitive records.