Application/Programming Attacks Resource Exhaustion: This is where an attack on an application consumes all of the available memory and CPU cores. It could also be where all of the IP addresses have been allocated on an DHCP server. SSL Striping: This is an attack where the attackers carry out an SSL downgrade attack, where they manage to bypass the certificate-based protection and turn the session into an HTTP attack. This is where they can now capture data such as credit card numbers. Dynamic Link Library (DLL) Injection: This is a technique used for running code within the address space of another process by forcing it to load a DLL. This makes the application run differently from how it was designed to. For example, you could install a malware DLL in another process. print "<html>" print "Latest comment:" print database.latestComment print "</html>" Cross-Site Scripting (XSS): XSS is when a user injects malicious code into another user's browser. It uses both HTML tags and JavaScript. The following is a very simple server-side script to display the latest Cross-Site Scripting (XSS comments: The attacker could alter the comment to have HTML tags for a script, as follows: <html> Cross-Site Request Forgery (XSRF): This is known as XSRF, or CSRF. The attacker could carry out this attack by using a cookie to pretend to be the user, or the user could click on a like or share button. The user has to be authenticated to the web server. Buffer Overflow: A buffer overflow occurs when a program tries to store more data than it can hold in a temporary memory storage area. Writing outside the allocated memory into the adjacent memory can corrupt the data, crash the program, or cause the execution of malicious code, which could allow an attacker to var command and for a variable with <html> ags <script> and </script>. Scripts with var are likely to be JavaScript. This is An XSS attack can be identified by looking for the a very popular exam topic. Integer Overflow: An integer overflow is a condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer type used to store it. modify the target process address space: Example: Equivalent XML Payload: XML Injection <?xmlversion="1.0"encoding="UTF-8"?><root> <query>a'%3E%3Cscript%3Ealert(‚123')%3C/scr ipt%3E</query></root>8 : XML is a language similar to HTML that is used with web data. The attacker wil try and manipulate the XML script to carry out attacks. It is interoperable with Java and an XML injection attack is similar to XSS above. It can also be used to replace variables in the script. SQL Injection Attack int fun (char data [256]) { int I char tmp [64]; strcpy (tmp, data); } : When you use a SQL database, you can run queries against the SQL database using Transact-SQL. An example would be, if I want to know the customers that I have in my SQL database, run the following Transact-SQL query: A stored procedure is a pre-written SQL script that might ask you for a list of all customers who have Select* from Customers. This wil display all of the customers in my SQL database. A SQL injection attack is where the SQL command is modified to gain purchased items over $1,000 in the last 7 days. When this is written, it is saved as a stored procedure called information from the database by ending the statement with ABC. When I run the ABC stored procedure, it will give me all of the information I require, and an attacker true, and information wil be acquired. won't be able to modify the script inside. This is the best way to stop a SQL injection attack. The other way is EXAM TIP strcpy could create a buffer overflow as it cannot limit the amount of characters. to use input validation, which is not as effective. LDAP Injection Attack: LDAP is used to manage a directory service using X500 objects, such as and 1=1. Since one equals one, the statement is cn, ou, dc. In an LDAP injection attack, an attacker inserts data into an LDAP statement. This can be prevented by using input validation, which is why Microsoft uses wizards to input data into Active Directory. Example: In the following example, a query is constructed to validate a user's credentials for the purpose of LDAP Injection Attack logging in: "(&(USER = " + user_name + ") (PASSWORD = " + user_password + "))"; String filter = Improper Error Handling: Applications have a tendency to create errors and the applications themselves do not validate the information returned in errors. Web servers host applications where the frontend is the web server, and the backend is a SQL database that can hold credit card information. Attackers can use fuzzing, Input Validation: Input validation is where data is entered either using a web page or wizard; both are set up to only accept data in the correct format within a range of minimum and maximum values. Have you ever completed a web form quickly and maybe put your zip code into another field? This results in an error in the where they send random input to an application with the hope that they can get good information from the form and it fails to process the submit button. The web form then has a list at the top, in red, of the incorrect errors, such as the server IP address. They can also insert commands into SQL scripts. To prevent this, we parameters, with a red star next to each of them. Once you have corrected the entries, the form will accept can use input validation, and in the SQL server we can use a sealed script called a stored procedure, which these and submit them. Input validation can prevent SQL injection, buffer overflow, and integer overflow attacks. is much better than input validation.