There are a variety of ways attackers can attack Web applications (websites that allow you to interact directly with software via the browser) to steal confidential information, introduce malicious codes, or even hijack your computer. These attacks exploit vulnerabilities within components like web apps, content-management systems and web servers.
Web app attacks comprise the majority of security threats. In the past 10 years, attackers have improved their abilities to find and exploiting vulnerabilities that affect the perimeter defenses of an application. Attackers can circumvent the all common defenses using methods like botnets, phishing and social engineering.
A phishing scam involves fooling victims into clicking an email link containing malware. This malware is downloaded to the victim’s PC and gives attackers access to devices or systems. Botnets are compromised or infected devices used by attackers to carry out DDoS attacks, spreading malware, perpetuating fraud through ads, and much more.
Directory (or path) traversal attacks use patterns of movement to gain access to the files on a website, its configuration files as well as databases. Input sanitization is required to protect against this type attack.
SQL injection attacks target the database that holds crucial site and service information by injecting malicious code that allows it to override security safeguards and reveal information that normally would not. Attackers then execute commands such as dump databases, etc.
Cross-site scripting (or XSS) attacks insert malicious code on a trusted website to hijack browsers of users. This allows attackers to steal session cookies and sensitive information, impersonate users, manipulate content, and much more.
http://neoerudition.net/why-is-anti-spyware-software-important-to-online-security