Lesson 13 - Web App Attacks Flashcards
What type of attack an occur if you are missing input validation?
Injection Attacks
T or F developers should put as much details into error handling as possible
False
Too much information will provide malicious actors into too much unnecessary insight
What is the most likley outcome of a security misconfiguration
Exposing Sensitive Data
What is the method of using a digital signature to ensure the source and integrity of programming code
Code Signing
What can occur when the resulting outcome from execution process is directly depended on the order and timing of certain events
Causing Race Conditions
A malicious actor steals a user’s session credentials then uses it to impersonate the user. What is the text file that can be used to manage user sessions
Session Hijacking
Cookie - contains Session ID
Name the attack that forces a user to browse a website in the context of a known and valid session
Session Fixation - fake login page that uses the know SID
Name the attack that requires the user repeat the authentication process and intercepts. What category of attack can this be accomplished by
Session Replay
Man in the Middle - On Path
Name and describe two Crafting Request Forgery Attacks
Cross-Site Request Forgery (XSRF/CSRF) uses a malicious script hosted on attacker site that can exploit a session started on another site in same browser. the power of this type is that it is extremely hard to detect since it is carried out by user browser as business as usual
Server-Side request Forgery (SSRF) - takes advantage of trust between server and resources it can access such as a SQL Server.
Lab Lesson 13 exploiting Web Weakness
Name the two Privilege Escalation techniques and how they are impact an attack
Horizontal Privilege Escalation - obtaining access to regular user accounts with different permissions than the current one. Allows malicious actor to stay unnoticed.
Vertical Privilege Escalation - higher privilege and use PrivEsc to elevate in a restrictive shell
What is the method and syntax to launch Bash in interactive mode
/bin/bash -i
What are vulnerabilities that arise from implementation and design issues that lead to unintended behavior
Business Logic Flaws
Name the 3 most common API’s
RESTful: API based on REST
XML-RPC
SOAP - Simple Object Access Protocol
What is a recommended web framework for apps that incorporate HTML and/or Java Script Code
Ruby on Rails
AngularJS
Django (Python)
What is the most common type of code injection and what should you test for every single input to include
SQL Injection (SQLi)
URL Parameters
Form Fields
Cookies POST Data
HTTP Headers
What is the simplest way and most common method for identifying possible SQL injection vulnerabilities in a Web Application
Using the Single Quote Method
This will provide an error that can details on syntax to construct an attack
What is the process of injecting SQL queries when the web app response doe not contain the results of the query.
Blind SQL Injection
A boolean version of this is submitting a values that are always true and false. 1=1 or 1=2
Time based is submitting with time delays
What is the application attack that allows access to commands, file and directories that may or may not be connected to a web document directory
Director Traversal
Within URL using ../ or ..\ to traverse up one parent directory.
If these are blocked pr filtered you can use encoding to bypass this such as
%2E is equivalent to . (Period)
%2F is equivalent to /
What is a Null Byte used for in most programming languages and what is the Hexadecimal representations
Is a character with a value of zero that is used in most programming languages to indicated the termination of a string.
%00
What is Code Injection and what makes it possible to Exploit
is an attack that introduces malicious code in a vulnerable application to compromise the security of that app.
Made possible by week or absent input processing routines in the app
What is the injection attack that a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web app
Command Injection
Only using the native language of that app
What is the attack that injects JavaScript that executes on the clients broswer and what are the 3 categories
Cross Site Scripting (XSS)
Persistent Attack - Stored attack where you inject malicious code on that server
Reflected Attack - Send a form or other request to server that contains malicious script. You send link to the victim with this request, the script is sent to the server and reflected off of it
Document Object Model (DOM) attack - done solely on a web app’s client-side implementation of Java Script to attack solely on client
What is one type of technology that will protect you from attacks and where does it sit
Proxy
Between client and Webserver and can provide firewall
What is the method to gain control of a browser by connecting to another devices such as an attacker’s tool or framework. Name a common Framework that uses JavaScript.
Hook a Browser
Browser Exploit Framework (BeEF)