5. SQL Injection
SQL injection is a common and longstanding technique used in web application attacks and commonly used because they're widely available automated tools that can detect and attack them, said security experts. Coding errors that enable SQL injection have been in decline in recent years, according to data from WhiteHat Security, but it is still frequently detected by vulnerability scanners. It is the third-ranked technique used by financially motivated cybercriminals behind phishing and brute-force attacks, according to the Verizon analysis. Verizon said the hacking technique was used in 80 percent of attacks against web applications in the retail industry.