2.5 Application Attacks Flashcards

1
Q

2.5.1 Cross-Site Scripting

A

Attacks carried out through web applications are becoming increasingly common. Threat actors exploit vulnerabilities in the coding of a web-based application to gain access to a database or server.

Cross-site scripting (XSS) is a common threat to many web applications. This is how it works:

Cybercriminals exploit the XSS vulnerability by injecting scripts containing malicious code into a web page.
The web page is accessed by the victim, and the malicious scripts unknowingly pass to their browser.
The malicious script can access cookies, session tokens, or other sensitive information about the user, which is sent back to the cybercriminal.
Armed with this information, the cybercriminal can impersonate the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2.5.2 Code Injection

A

Most modern websites use a database, such as a Structured Query Language (SQL) or an Extensible Markup Language (XML) database, to store and manage data. Injection attacks seek to exploit weaknesses in these databases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

XML INJECTION ATTACK

A

An XML injection attack can corrupt the data on the XML database and threaten the security of the website.

It works by interfering with an application’s processing of XML data or query entered by a user.

Cybercriminals can manipulate this query by programming it to suit their needs. This will grant them access to all of the sensitive information stored on the database and allows them to make any number of changes to the website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SQL INJECTION ATTACK

A

Cybercriminals can carry out an SQL injection attack on websites or any SQL database by inserting a malicious SQL statement in an entry field.

This attack takes advantage of a vulnerability in which the application does not correctly filter the data entered by a user for characters in an SQL statement.

As a result, the cybercriminal can gain unauthorized access to information stored on the database, from which they can spoof an identity, modify existing data, destroy data or even become an administrator of the database server itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DLL INJECTION ATTACK

A

A dynamic link library (DLL) file is a library that contains a set of code and data for carrying out a particular activity in Windows. Applications use this type of file to add functionality that is not built-in, when they need to carry out this activity.

DLL injection allows a cybercriminal to trick an application into calling a malicious DLL file, which executes as part of the target process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

LDAP INJECTION ATTACK

A

The Lightweight Directory Access Protocol (LDAP) is an open protocol for authenticating user access to directory services.

An LDAP injection attack exploits input validation vulnerabilities by injecting and executing queries to LDAP servers, giving cybercriminals an opportunity to extract sensitive information from an organization’s LDAP directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

2.5.3 Buffer Overflow

A

Buffers are memory areas allocated to an application. A buffer overflow occurs when data is written beyond the limits of a buffer. By changing data beyond the boundaries of a buffer, the application can access memory allocated to other processes. This can lead to a system crash or data compromise, or provide escalation of privileges.

These memory flaws can also give attackers complete control over a target’s device. For example, an attacker can change the instructions of a vulnerable application while the program is loading in memory and, as a result, can install malware and access the internal network from the infected device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

2.5.4 Remote Code Executions

A

Remote code execution allows a cybercriminal to take advantage of application vulnerabilities to execute any command with the privileges of the user running the application on the target device.

Privilege escalation exploits a bug, design flaw, or misconfiguration in an operating system or application to gain access to resources that are normally restricted.

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing. Among the tools they have developed is the Metasploit Framework, which can be used for developing and executing exploit code against a remote target.

Meterpreter, in particular, is a payload within Metasploit that allows users to take control of a target’s device by writing their own extensions and uploading these files into a running process on the device. These files are loaded and executed from memory, so they never involve the hard drive. This means that such files fly under the radar of antivirus detection.

Meterpreter also has a module for controlling a remote system’s webcam. Once Meterpreter is installed on a target device, the Metasploit user can view and capture images from the target’s webcam.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

2.5.5 Other Application Attacks

A

Every piece of information that an attacker receives about a targeted system or application can be used as a valuable weapon for launching a dangerous attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CROSS SITE REQUEST FORGERY (CSRF)

A

CSRF describes the malicious exploit of a website where unauthorized commands are submitted from a user’s browser to a trusted web application.

A malicious website can transmit such commands through specially-crafted image tags, hidden forms or JavaScript requests — all of which can work without the user’s knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

RACE CONDITION ATTACK

A

Also known as a time of check (TOC) or a time of use (TOU) attack, a race condition attack happens when a computing system that is designed to handle tasks in a specific sequence is forced to perform two or more operations simultaneously.

For example, operating systems are made up of threads — the smallest sequence of program instructions required to carry out a process. When two or more threads access shared data and try to change it at the exact same time, a race condition attack occurs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

IMPROPER INPUT HANDLING ATTACK

A

Data inputted by a user that is not properly validated can affect the data flow of a program and cause critical vulnerabilities in systems and applications that result in buffer overflow or SQL injection attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ERROR HANDLING ATTACK

A

Attackers can use error messages to extract specific information such as the hostnames of internal systems and directories or files that exist on a given web server — as well as database, table and field names that can be used to craft SQL injection attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

APPLICATION PROGRAMMING INTERFACE (API) ATTACK

A

An API delivers a user response to a system and sends the system’s response back to the user. An API attack occurs when a cybercriminal abuses an API endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

REPLAY ATTACK

A

This describes a situation where a valid data transmission is maliciously or fraudulently repeated or delayed by an attacker, who intercepts, amends and resubmits the data to get the receiver to do whatever they want.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DIRECTORY TRAVERSAL ATTACK

A

Directory traversal occurs when an attacker is able to read files on the webserver outside of the directory of the website. An attacker can then use this information to download server configuration files containing sensitive information, potentially expose more server vulnerabilities or even take control of the server!

17
Q

RESOURCE EXHAUSTION ATTACKS

A

These attacks are computer security exploits that crash, hang or otherwise interfere with a targeted program or system. Rather than overwhelming network bandwidth like a DoS attack, resource exhaustion attacks overwhelm the hardware resources available on the target’s server instead.

18
Q

2.5.7 Defending Against Application Attacks

A

There are several actions that you can take to defend against an application attack. You will find some of them outlined here.

The first line of defense against an application attack is to write solid code.
Prudent programming practice involves treating and validating all input from outside of a function as if it is hostile.
Use security testing tools to evaluate source code and binary software on an ongoing basis during the software development life cycle.
Keep all software, including operating systems and applications, up to date and do not ignore update prompts. Remember that not all programs update automatically.

19
Q

SPAM

A

Spam, also known as junk mail, is simply unsolicited email. In most cases, it is a method of advertising. However, a lot of spam is sent in bulk by computers infected by viruses or worms — and often contains malicious links, malware, or deceptive content that aims to trick recipients into disclosing sensitive information, such as a social security number or bank account information.

Almost all email providers filter spam, but it still consumes bandwidth. And even if you have security features implemented, some spam might still get through to you. Look out for the following indicators of spam:

The email has no subject line.
The email asks you to update your account details.
The email text contains misspelled words or strange punctuation and characters.
Links within the email are long and/or cryptic.
The email looks like correspondence from a legitimate business, but there are tiny differences — or it contains information that does not seem relevant to you.
The email asks you to open an attachment, often urgently.
The email originates from an unusual domain or contains links to domains that are not likely to belong to the identified sender.
If you receive an email that contains one or more of these indicators, you should not open the email or any attachments. Many organizations have an email policy that requires employees to report receipt of this type of email to their cybersecurity team for further investigation. If in doubt, always report.

20
Q

2.5.9 Phishing

A

Phishing is a form of fraudulent activity often used to steal personal information.

21
Q

PHISHING

A

Phishing occurs when a user is contacted by email or instant message — or in any other way — by someone masquerading as a legitimate person or organization. The intent is to trick the recipient into installing malware on their device or into sharing confidential information, such as login credentials or financial information.

For example, you receive an email congratulating you for winning a prize. It looks like it was sent from a well-known retail store and asks you to click on a link to claim your prize. This link may in fact redirect you to a fake site that asks you to enter your personal details, or it may even install a virus on your device.

22
Q

SPEAR PHISHING

A

A highly targeted attack, spear phishing sends customized emails to a specific person based on information the attacker knows about them — which could be their interests, preferences, activities, or work projects.

For example, a cybercriminal discovers through their research that you are looking to buy a specific model of car. The cybercriminal joins a car discussion forum you are a member of, forges a car sale offering and sends you an email that contains a link to see pictures of the car. When you click on the link, you unknowingly install malware on your device.

23
Q

2.5.10 Vishing, Pharming and Whaling

A

Criminals make use of a wide range of techniques to try to gain access to your personal information.

24
Q

VISHING

A

Often referred to as voice phishing, this type of attack sees criminals use voice communication technology to encourage users to divulge information, such as their credit card details.

Criminals can spoof phone calls using voice over internet protocol (VoIP), or leave recorded messages to give the impression that they are legitimate callers.

25
Q

PHARMING

A

This type of attack deliberately misdirects users to a fake version of an official website. Tricked into believing that they are connected to a legitimate site, users enter their credentials into the fraudulent website.

26
Q

WHALING

A

Whaling is a phishing attack that targets high profile individuals, such as senior executives within an organization, politicians and celebrities.

27
Q

2.5.12 Defending Against Email and Browser Attacks

A

There are many actions that you can take to defend against email and browser attacks. Some of the most important ones are outlined here.

It is difficult to stop spam, but there are ways to reduce its effects:
Most internet service providers (ISPs) filter spam before it reaches the user’s inbox.
Many antivirus and email software programs automatically detect and remove dangerous spam from an email inbox.
Organizations should educate employees about the dangers of unsolicited emails and make them aware of the dangers of opening attachments.
Never assume that email attachments are safe, even when they come from a trusted contact. Always scan attachments before opening them.
Become a member of the Anti-Phishing Working Group (APWG). It is an international association of companies focused on eliminating identity theft and fraud resulting from phishing and email spoofing.
All software should be kept up-to-date, with the latest security patches applied to protect against any known security vulnerabilities.

28
Q

PHYSICAL ATTACKS

A

Physical attacks are intentional, offensive actions used to destroy, expose, alter, disable, steal or gain unauthorized access to an organization’s infrastructure or hardware.

29
Q

ADVERSARIAL ARTIFICIAL INTELLIGENCE ATTACKS

A

Machine learning is a method of automation that allows devices to carry out analysis and perform tasks without specifically being programmed to do so. It powers many of the applications we use today, such as web searching, photo tagging, spam detection, video surveillance, fraud detection and security automation.

Machine learning uses mathematical models to predict outcomes. However, these models are dependent on the data that is inputted. If the data is tainted, it can have a negative impact on the predicted outcome. Attackers can take advantage of this to perpetrate attacks against machine learning algorithms. For example, using tainted data to trick an autonomous vehicle into misinterpreting street signs.

30
Q

SUPLLY CHAIN ATTACKS

A

Many organizations interface with a third party for their systems management or to purchase components and software. Organizations may even rely on parts or components from a foreign source.

Attackers often find ways to intercept these supply chains. For example, software can be based on specific support agreements and subject to an end-of-life (EOL) date. Changing this date could mean that an organization is no longer eligible for service and maintenance support.

31
Q

CLOUD BASED ATTACKS

A

Rather than developing systems on their own premises, more and more organizations are making the move toward cloud-based computing, as we discussed earlier in this module.

The advantage is that the cloud provider will maintain the equipment but this also opens up an organization to a host of potential threats. Attackers are constantly leveraging ways to exploit sensitive data stored on the cloud, as well as applications, platforms and infrastructure that is cloud-based, as we saw with SaaS, PaaS and IaaS.