Journal of Advances in Cryptography and Network Security (e-ISSN:3107-9431)

This report breaks down three frequent weaknesses found in websites: SQL Injection, XSS, and CSRF. We look at how they work, examples of attacks that have happened because of them, and how often these issues show up in current security findings – such as those from OWASP. This report also looks at ways to reduce these threats, like using parameterized queries, output encoding, content security policies, cookie settings, and CSRF protection, and assesses how effective those measures are. Comparing the potential harm caused by each weakness highlights why strong coding habits and layered security are essential for modern websites.

D. Escrig, “OWASP Top 10 2021: what’s new and changed,” Outpost24

blog, Mar. 31, 2025.

Radware, “SQL Injection: Examples, Real Life Attacks & Defensive Measures,” Radware Cyberpedia, 2023.

A. Jha, “XSS defenses for 2025,” CodeAnt AI Blog, Aug. 26, 2025.

E. Dizdar, “CSRF Attacks: Real Life Attacks and Code Walkthrough,” Bright Security Blog, Feb. 17, 2021. Updated Mar. 25, 2025.

OWASP, “SQL Injection,” OWASP Web Security Wiki, 2021.

OWASP, “SQL Injection Prevention Cheat Sheet,” OWASP Cheat Sheet Series, 2022.

OWASP, “Cross Site Scripting Prevention Cheat Sheet,” OWASP Cheat Sheet Series, 2021.

OWASP, “Cross-Site Request Forgery Prevention Cheat Sheet,” OWASP Cheat Sheet Series, 2021.

PortSwigger Web Security Academy, “Content Security Policy (CSP),” Accessed 2025.

J. Greer, “Do SameSite Cookies Fix CSRF?,” Airman Security (Medium), July 2020.