SQL Injection:
Arises when an attacker controls SQL queries by injecting malicious input.
Mitigation Strategy:

• Use parameterized queries/prepared statements to ensure user inputs are treated as data rather than code
• Utilize stored procedures and ORM frameworks

Cross-Site Scripting (XSS):
It happens when an attacker injects malicious scripts, leading to session hijacking, data theft and defacement of websites.

Mitigation Strategy:

• Validate inputs and sanitize them thoroughly.
• Encode output and implement CSP to restrict the sources.

Security Misconfiguration:
This threat results from Improper configuration of web servers, databases, and applications.

Mitigation Strategy:

• Regularly check for updates and apply patches.
• Disable unnecessary features and use Automated tools like SaltStack, etc…

Broken Authentication and Session Management:
Anomalies in authentication and session management can lead to unauthorized access to the database and data leakage.

Mitigation Strategy:

• Using multifactor authentication systems and session expiry methods.
• Use HttpOnly and SameSite attributes for cookies.

Man-in-the-Middle (MitM) Attack :
Occurs when attackers alter communications between clients and servers.

Mitigation Strategy:

• Implement strong encryption protocols like TLS/SSL.
• Use certificate pinning

Phishing:
Occurs when attackers cheat users providing sensitive data by impersonating legitimate websites or communications

Mitigation Strategy:

• Use anti-phishing tools and email filtering
• Implement secure protocols and verify SSL/TLS certificates.