1.3 Application Attacks

Question 1

What is Privilege Escalation?

Answer 1

The act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user

Question 2

What is Cross-Site Scripting?

Answer 2

Attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end-user.

Question 3

What are the [4] types of injections?

Answer 3

• SQL injection (SQLi)
• Dynamic-link library (DLL)
• Lightweight Directory Access Protocol (LDAP)
• Extensible Markup Language (XML)

Question 4

What is SQL injection (SQLi)?

Answer 4

SQL transactions are delivered directly against the backend database through a website front end.

Question 5

What is Dynamic-link library (DLL)?

Answer 5

Manipulates the execution of a running process. Most DLL injection attacks are performed to do reverse engineering attacks

Question 6

What is Lightweight Directory Access Protocol (LDAP)?

Answer 6

Exploits web applications that could reveal sensitive user information or modify information represented in the LDAP data stores

Question 7

What is Extensible Markup Language (XML)?

Answer 7

XML input containing a reference to an external entity is processed by a weakly configured XML parser

Question 8

How to stop SQLi?

Answer 8

Sanitize Data validation; escaping metacharacters

Question 9

What is Pointer/Object Dereference?

Answer 9

If a programmer leaves in code that causes an invalid to dereference, it could cause a crash of the application, cause the system to freeze, or even open vulnerabilities that can be exploited by other means (such as buffer overflow attacks)

Question 10

What is a Pointer? (Pointer/Object Dereference)

Answer 10

An object in programming that stores the memory address of another value located in computer memory.

Question 11

What is a NULL Pointer?

Answer 11

Pointing at nothing

Question 12

What is Directory Traversal?

Answer 12

Directory traversal/path traversal attack (also known as dot dot slash attack) is an HTTP exploit that allows an attacker to access restricted files, directories, and commands that reside outside the web server’s root directory. EX.http://www.mycompany.com/../../../etc/passwd

Question 13

What is Buffer Overflow?

Answer 13

Occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer, is allocated to hold.

Question 14

What is a Race Condition?

Answer 14

A race condition occurs when a process produces an unexpected result due to timing. Also called Time of Check/Time of Use (TOCTOU) The difference between the TOC and the TOU is sometimes large enough for an attacker to replace the original object with another object that suits their own needs.

Question 15

What is Error Handling?

Answer 15

If error messages are not handled properly, they may disclose details about a flaw or weakness that will enable an attacker to fine-tune their exploit.

Question 16

What is Improper Input Handling?

Answer 16

When a system does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.

Question 17

What is a Replay Attack?

Answer 17

An attacker captures network traffic and then replays (retransmits) the captured traffic in an attempt to gain unauthorized access to a system. If an attacker can capture authentication traffic – especially the packets containing the login credentials – then a replay attack may grant the attacker the ability to masquerade as the victim user on the system.

Question 18

What is an Integer Overflow?

Answer 18

The state occurs when a mathematical operation attempts to create a numeric value that is too large to be contained or represented by the allocated storage space or memory structure. For example, an 8-bit value can only hold the numbers 0-255. If an additional number is added to the maximum value, an integer overflow occurs.

Question 19

What is a Server-Side Attack Request Forgeries (SSRF)?

Answer 19

Also called service-side attacks. These attacks are launched directly from an attacker (the client) to a listening service. It specifically seeks to compromise and breach the data and application present on a server.

Question 20

What is a Server-Side Attack Request Forgeries (CSRF)?

Answer 20

A software attack that exploits the trust relationship between a client and the server it connects to. It specifically targets the software on the desktop.

Question 21

Application Programming Interface (API) Attacks

Answer 21

An API is the means by which software talks to other software to exchange information. An API attack is hostile usage, or attempted hostile usage, of an API. If a system accepts user input or input from another application, there is a risk of API abuse. This includes injection attacks, XSS, CSRF, SSRF, buffer overflows, race conditions, replay attacks, request forgeries, and more.

Question 22

What is Resource Exhaustion?

Answer 22

Occurs when applications are allowed to operate in an unrestricted and unmonitored manner so that all available system resources are consumed in the attempt to serve the requests of valid users or in response to a DoS attack.

Question 23

What is a Memory Leak?

Answer 23

Occurs when a program fails to release or continues to consume more memory. It’s called a leak because the overall computer system ends up with less available memory when an application is causing a memory leak.

Question 24

What is Secure Socket Layer (SSL) Stripping

Answer 24

This on-path attack tool simply replaced Hypertext Transfer Protocol Secure (HTTPS) in HTTP requests with HTTP. If the server still offered plaintext access to its content, then it would serve the requested URL back to the victim (via an on-path attack) in non-encrypted form and hence strip the connection of SSL security.

Question 25

What is Driver Manipulation?

Answer 25

Driver manipulation occurs when a malicious programmer crafts a system or device driver so that it behaves differently based on certain conditions.

Question 26

What is Shimming?

Answer 26

It refers to an attack that captures data by tapping directly into an EMV chip. A small, flat device containing a microprocessor and flash memory is inserted inside the card reader itself.

Question 27

What is Refactoring?

Answer 27

It is the process of changing a computer program’s internal structure without modifying its external functional behavior or existing functionality.

Question 28

What is Pass The Hash?

Answer 28

Pass the hash is an exploit in which an attacker steals a hashed user credential and without cracking it, reuses it to trick an authentication system into creating a new authenticated session on the same network.

Question 29

Application Attacks - Prevention and Response

Answer 29

• Secure coding practices
• Filter and validate any user input
• Use a Web Application Firewall (WAF)
• Build security into the Software Development Life Cycle (SDLC)
• Have an incident response plan in place