Latest news state that hackers had broken in to the online account site of Citibank and credit card details, account numbers, and email addresses have been compromised. According to a statement issued by Citigroup, about one percent of the credit card information of their customers has been viewed by the intruders.

Citibank boasts an impressive client base of over 21 million credit card customers within North America. The attack was detected when conducting a routine monitoring session. However, exact information on the number of accounts faced the breach were not yet revealed.

However, the information stolen includes a great deal of personal information with the potential to lead to identity theft. Among the compromised data were social security numbers, birth dates, card security codes and even card expiration dates as per the announcement made by the bank.

Sheila Bair, chair of the Federal Deposit Insurance Corporation commented on the matter. According to her statement, both the banks and federal regulators have to remain in constant vigilance to avoid situations such as this from repeating in the future. She further stated that the FDIC and other federal agencies are developing new rules to encourage banks to pay special attention to improve their online security.

However, the attack on Citibank is not the only attack of its kind to be reported within the last few weeks. One June 1^st, Google Inc. stated that several personal Gmail accounts belonging to senior U.S. government officials and military personnel were attacked while broadcaster PBS confirmed that the network’s website was hacked on 30^th May. The widely publicized attack on Sony’s PSN saw millions of users data compromised and an extended offline period followed by numerous crashes and glitches.

Sean Kevelighan, a spokesman for Citibank stated that they are currently contacting affected clients and are tightening their security to prevent future attacks.

The Internet and web are becoming increasingly vulnerable with the advancement of technologies and skills of the people who use it for wrong reasons. When compared to early stage hack attacks, recent methods of attacking are very much advance and complex. But there are some techniques used even today introduced some decades ago. Let’s have a look at the top 10 web security vulnerabilities in out list.

First - Unvalidated Input. The information that comes from the web browser is not validated by the web application. This way, a third party can alter the web request and pass incorrect or harmful information to the web browser.

Second - Broken Access Control. Even though lot of web applications have frameworks implemented for access control and role authentication, some of these rules are not used effectively in the web application. So mistakenly a regular user maybe assigned higher level of authority.

Third - Broken Authentication and Sessions management. As we know, if you log in to a web application, a unique session is created for you. If this sessions details are not protected correctly (by a technique such as encryption), some one can steal it and misuse. This way, attackers can compromise password, keys, session cookies etc.

Fourth - Cross Site Scripting (XSS) - A well-known web site that is trusted by end-users can be used by an attacker to transport an attack to the end user. By clicking a link of the trusted website, the end user actually executes a code written by an attacker in another web application or web site. This way, an attacker can disclose the session details, attack the end users machine and provide incorrect content and fool the end user.

Fifth - Buffer Overflows. This is one of the very common and familiar types of attack. This is not common only for web application but also for operating systems. For web applications, an attacker may send a chunk of data which crashes the web application and taken control of some of it’s processes. There are some programming and scripting languages that does not validate whether the data stream id too much and it can crash the web application (Ex: CGI, libraries, drivers and web application server components).