1.3 Given a scenario, analyze potential indicators associated with application attacks. Flashcards
Cross-site(Client Side) Request Forgery (XSRF)
XSRF is an attack that exploits a user’s active session with a web application. It tricks the victim into executing an unwanted action, typically by clicking on a malicious link.
A Cross-site request forgery (XSRF) is a malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser. This is successful if the server does not check if the user made the request.
allows an attacker to induce a victim user to perform actions that they do not intend to. “One way” attack, attacker cannot see the response only send commands like move money from 1 bank account to another. Needs to already have an established session
Stored Cross-Site Scripting (XSS)
Stored XSS attacks involve an attacker injecting a malicious script directly into a website that is stored and served to users. Unlike a reflected XSS attack, which executes on the server, a stored XSS attack executes on the user’s browser.
Document Object Model (DOM)-based XSS
DOM-based XSS attacks involve an attacker manipulating the structure of an HTML page using client-side scripting. The malicious payload is typically embedded within the page itself.
Reflected Cross-Site Scripting (XSS)
A reflected XSS attack occurs when a web application echoes user-supplied data without proper sanitization. In this case, the attacker’s email links to a malicious website. Once clicked, it injects malicious code into the victim’s browser, which executes and changes the password on a legitimate website. “Two way” attack.
Server-side request forgeries(SSRF)
Server-side request forgeries (SSRF) causes the server application to process an arbitrary request that targets another service, either on the same host or another.
A server-side request forgery abuses the functionality and services of backend servers to read and update internal resources. This can expose, for example, database information, even without an authenticated session.
Application programming interface intrusions
Application programming interface (API) intrusion occurs when an attacker takes advantage of unsecure communication with application services to perform denial of service attacks using multiple API calls, for example.
Secure socket layer stripping
Secure socket layer (SSL) stripping is an On-path attack using ARP poisoning that redirects clients to an HTTPS site in an unsafe way when attempting an HTTP connection.
Directory traversal
Directory traversal occurs when the attacker gets access to a file outside the web server’s root directory.
Transitive access
Transitive access describes the problem of authorizing a request for a service that depends on an intermediate service.
Privilege escalation
Privilege escalation is the practice of exploiting flaws in an operating system or other application to gain a greater level of access than intended for the user or application.
LDAP injection
A lightweight directory access protocol (LDAP) injection occurs when an attacker exploits a client’s unauthenticated access to submit LDAP queries that could create or delete accounts, even change authorizations and privileges. LDAP uses port 389.
XML injection
An extensible markup language (XML) injection attack occurs when submitted XML data takes advantage of spoofing, request forgery, and injection of arbitrary code. The XML had no encryption or input validation checks.
DLL injection
A dynamic link library (DLL) injection is a vulnerability that causes the operating system to allow one process to attach to another and then forces it to load a malicious link library.
Refactoring
Refactoring means the code performs the same function by using different methods. Refactoring means that the antivirus software may no longer identify the malware by its signature.
Shimming
Shimming is the process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable.
