1.3 Analyze potential indicators associated with application attacks Flashcards
The ability to run any software on a target system.
Arbitrary code execution
When a user account is able to obtain unauthorized access to higher levels of privileges.
Privilege escalation
A form of malicious code injection attack in which an attacker is able to compromise a web server and inject their own malicious code into the content sent to other visitors.
Cross-site scripting (XSS or CSS)
Implemented by the programmer by validating input, coding defensively, escaping metacharacters, and rejection script-like input.
Cross-site scripting (XSS) prevention
Characters that have been assigned special programmatic meaning.
Metacharacter
The process of marking the metacharacter as merely a normal or common character, thus removing its special programmatic powers.
Escaping metacharacters
Any exploitation that allows an attacker to submit code to a target system to modify its operations and/or poison and corrupt its data set.
Injection attack
Focuses on executing malicious commands on a vulnerable target system.
Command injection attack
Adds malicious code to an existing script or application.
Code injection attack
An XSS event that plants custom HTML statements.
HTML injection attack
Attempts to deposit a malicious file on a target system.
File injection attack
Allows a malicious individual to perform SQL transactions directly against the backend database through a website front end.
SQL (SQLi) injection attack
An advanced software exploitation technique that manipulates a process’s memory to trick it into loading additional code and thus performing operations the original author did not intend.
Dynamic link library (DLL) injection attack
An input injection attack against a LDAP directory service.
Lightweight directory access protocol (LDAP) injection attack
A variant of SQL injection, where the backend target is an XML application.
XML injection attack
The programmatic activity of retrieving the value stored in a memory location by triggering the pulling of the memory based on its address or location as stored in a pointer.
Pointer/ Object dereferencing
An attack that enables an attacker to jump out of the web root directory structure and into any other part of the filesystem hosted by the web server’s host OS.
Directory traversal
A memory exploitation that takes advantage of a software’s lack of input length validation. They can sometimes allow for arbitrary code execution.
Buffer overflow
A memory security feature of many operating systems aimed at blocking a range of memory abuse attacks, including buffer overflows. It blocks the execution of code stored in areas of memory designated as data only areas.
Data execution prevention (DEP)
A memory management mechanism that ensures that the various elements and components of the OS and other core system code are loaded into randomly assigned memory locations at each bootup.
Address space layout randomization (ASLR)
Strcat(), strcpy(), sprintf(), vsprintf(), memcpy(), bcopy(), getwd(), scanf(), and gets. Usually indicate that a buffer overflow is present.
Unbounded C++ functions
The manipulation of the completion order of tasks to exploit a vulnerability.
Race conditions
Often called race condition attacks because the attacker is racing with the legitimate process to replace the object before it is used.
Time-of-check-to-time-of-use (TOCTTOU or TOC/TOU) attacks
When a process, a procedure, or an input causes an error, the system should revert to a more secure state.
Error handling
Allows for the leaking of essential information to attackers or enable attackers to force a system into an insecure state.
Improper error handling
Should include the following: check for length, filter for known malware patterns, and escape metacharacters.
Proper input handling
When an attacker captures network traffic and then replays (retransmits) the captured traffic in an attempt to gain unauthorized access to a system.
Replay attack
May focus on initial authentication abuse. They may be used to simulate numerous new clients or cause a DoS.
Wireless replay attack
The recording of a subject’s visit to a website, interacting with a mobile application, or using an PC application, which is then played back by an administrator, investigator, or programmer to understand what occurred and why based on the subject’s activities.
Session replay
The state that occurs when a mathematical operation attempts to create a numeric value that is too large to be contained or represented by the allocated storage space or memory structure.
Integer overflow
Exploitations that make malicious requests of a service in such a way that the request seems legitimate.
Request forgeries
When a vulnerable server is coerced into functioning as a proxy.
Server-side request forgery (SSRF)
Tricks the user or the user’s browser into performing actions they had not intended or would not have authorized.
Cross-site request forgery (XSRF or CSRF)
Malicious usages of software through its API.
API attack
Occurs when applications are allowed to operate in an unrestricted and unmonitored manner so that all available system resources are consumed in the attempt to serve the requests of valid users or in response to a DoS attack.
Resource exhaustion
Occurs when a program fails to release memory or continues to consume more memory.
Memory leak
An on-path attack that prevents the negotiation of strong encryption between a client and server. Early attacks blocked access to HTTPS, later versions proxied between HTTP and HTTPS, and current versions perform downgrade attacks on the cipher suits of SSL/TLS.
SSL stripping
Occurs when a malicious programmer crafts a system or device driver so that it behaves differently based on certain conditions.
Driver manipulation
A means of injecting alternate or compensation code into a system to alter its operations without changing the original or existing code.
Shimming
A restricting or reorganizing of software code without changing its externally perceived behavior or produced results.
Refactoring
An authentication attack that potentially can be used to gain access as an authorized user without actually knowing or possessing the plaintext of the victim’s credentials. This attack is mostly aimed at Windows systems.
Pass the hash
