Classes Flashcards
Go over common classes
Name 13 Bug Classes
Authentication Bypass CSRF Denial of Service File Handling IDOR Information Disclosure Injection Attacks Java Deserialization Checks Memory Corruption RCE Resource Exhaustion SSRF
How does an authentication bypass vulnerability exist in an application?
An authentication bypass vulnerability exists in an application if there is a way to authenticate to the application without providing all of the authentication credentials
What are some examples of an authentication bypass vulnerability?
- The app compares a simple check sum of the password which is easy to brute force
- SQL injection
What does CSRF Stand for?
Cross Site Request Forgery
How do CSRF attacks work?
They work by tricking signed-in users into making requests unknowingly
Give a general example of a CSRF attack with zoom.us
Attacker has a form on their website that appears to be for some other person; a user of our website is logged in to zoom.us and fills out the form on the attacker’s website. When they submit the form, unbeknownst to them, the browser makes a POST request to our site which changes the state of their account.
Explain denial of service
A vulnerability exists that, when exploited, causes an application to crash or become unresponsive
An attacker can then use that to deny legitimate users access to the application and the service it provides
Name and explain the two types of denial of service
- Persistent - permanently prevents legitimate users from accessing the service (some stored state is corrupted / application crashes when restarted)
- Non-persistent - lasts only as long as the attacker is sending data to cause the denial-of-service condition
What does IDOR stand for?
Insecure direct object reference
What are insecure direct object references?
They are a type of access control vulnerability that arises when an application uses user-supported input to access objects directly.
