Application/Programming Attacks
Resource Exhaustion: This is where an attack on an application consumes all of the available memory and
CPU cores. It could also be where all of the IP addresses have been allocated on an DHCP server.
SSL Striping: This is an attack where the attackers carry out an SSL downgrade attack, where they manage
to bypass the certificate-based protection and turn the session into an HTTP attack. This is where they can
now capture data such as credit card numbers.
Dynamic Link Library (DLL) Injection: This is a technique used for running code within the address space
of another process by forcing it to load a DLL. This makes the application run differently from how it was
designed to. For example, you could install a malware DLL in another process.
print "<html>"
print "Latest comment:" print
database.latestComment print "</html>"
Cross-Site Scripting (XSS): XSS is when a user injects malicious code into another user's browser. It uses
both HTML tags and JavaScript. The following is a very simple server-side script to display the latest
Cross-Site Scripting (XSS
comments:
The attacker could alter the comment to have HTML tags for a script, as follows:
<html>
Cross-Site Request Forgery (XSRF): This is known as XSRF, or CSRF. The attacker could carry out this
attack by using a cookie to pretend to be the user, or the user could click on a like or share button. The user
has to be authenticated to the web server.
Buffer Overflow: A buffer overflow occurs when a program tries to store more data than it can hold in a
temporary memory storage area. Writing outside the allocated memory into the adjacent memory can corrupt
the data, crash the program, or cause the execution of malicious code, which could allow an attacker to
var command and for a variable with <html>
ags <script> and </script>. Scripts with var are likely to be JavaScript. This is
An XSS attack can be identified by looking for the
a very popular exam topic.
Integer Overflow: An integer overflow is a condition that occurs when the result of an arithmetic operation,
such as multiplication or addition, exceeds the maximum size of the integer type used to store it.
modify the target process address space:
Example: Equivalent XML Payload:
XML Injection
<?xmlversion="1.0"encoding="UTF-8"?><root>
<query>a'%3E%3Cscript%3Ealert(‚123')%3C/scr
ipt%3E</query></root>8
: XML is a language similar to HTML that is used with web data. The attacker wil try and
manipulate the XML script to carry out attacks. It is interoperable with Java and an XML injection attack is
similar to XSS above. It can also be used to replace variables in the script.
SQL Injection Attack
int fun (char data [256]) {
int I
char tmp [64]; strcpy (tmp, data);
}
: When you use a SQL database, you can run queries against the SQL database using
Transact-SQL. An example would be, if I want to know the customers that I have in my SQL database,
run the following Transact-SQL query:
A stored procedure is a pre-written SQL script that might ask you for a list of all customers who have
Select* from Customers. This wil display all
of the customers in my SQL database. A SQL injection attack is where the SQL command is modified to gain
purchased items over $1,000 in the last 7 days. When this is written, it is saved as a stored procedure called
information from the database by ending the statement with
ABC. When I run the ABC stored procedure, it will give me all of the information I require, and an attacker
true, and information wil be acquired.
won't be able to modify the script inside. This is the best way to stop a SQL injection attack. The other way is
EXAM TIP
strcpy could create a buffer overflow as it cannot limit the amount of characters.
to use input validation, which is not as effective.
LDAP Injection Attack: LDAP is used to manage a directory service using X500 objects, such as
and
1=1. Since one equals one, the statement is
cn, ou,
dc. In an LDAP injection attack, an attacker inserts data into an LDAP statement. This can be
prevented by using input validation, which is why Microsoft uses wizards to input data into Active Directory.
Example: In the following example, a query is constructed to validate a user's credentials for the purpose of
LDAP Injection Attack
logging in:
"(&(USER = " + user_name + ") (PASSWORD =
" + user_password + "))";
String filter =
Improper Error Handling: Applications have a tendency to create errors and the applications themselves do
not validate the information returned in errors. Web servers host applications where the frontend is the web
server, and the backend is a SQL database that can hold credit card information. Attackers can use fuzzing,
Input Validation: Input validation is where data is entered either using a web page or wizard; both are set up
to only accept data in the correct format within a range of minimum and maximum values. Have you ever
completed a web form quickly and maybe put your zip code into another field? This results in an error in the
where they send random input to an application with the hope that they can get good information from the
form and it fails to process the submit button. The web form then has a list at the top, in red, of the incorrect
errors, such as the server IP address. They can also insert commands into SQL scripts. To prevent this, we
parameters, with a red star next to each of them. Once you have corrected the entries, the form will accept
can use input validation, and in the SQL server we can use a sealed script called a stored procedure, which these and submit them. Input validation can prevent SQL injection, buffer overflow, and integer overflow
attacks.
is much better than input validation.