1.3 Application Attacks Flashcards
Define Privilege Escalation
Using an existing account to gain privileges beyond that account
Examples of privilege escalation attacks (2)
- User A gaining access to resources that only granted to User B
- Using a regular user account to launch an attack gaining Administrator/Root access
Preventing Privilege Escalation attacks (3)
- Data Execution Prevention (DEP)
- Anti-Virus/Malware
- Keeping OS patches up-to-date
Cross Site Scripting attack (XSS)
Taking advantage of web browsers and web-based applications use of JavaScript to launch attacks
2 Types of Cross Site Scripting attacks
- Non-Persistent (Client-side)
- Persistent or Reflected (Server-side)
Define Non-Persistent Cross Site Scripting Attack
Sends a malicious link to a valid, vulnerable web site with malicious JavaScript appended to input fields that will run silently in the background when the user clicks it
Define Persistent Cross Site Scripting Attack
Permanently posting malicious JavaScript on a site that runs every time the page is launched, i.e. via sites that display user messages or forum sites
Difference between Persistent and Non-Persistent Cross Site Scripting Attack
Non-persistent initiated from user’s browser, Persistent is stored on the web-server and runs every time some one accesses the web page
Define Injection Attack
Adding or removing information from a data stream for malicious intent
4 Common Injection Attacks
- SQL Injection
- XML Injection
- DLL Injection
- LDAP Injection
Define SQL Injection
Capitalizing on poorly designed web sites to extract data from databases via modified SQL statements
Define XML Injection
Appending malformed XML to XML exchanged between devices for malicious intent
Define LDAP Injection
Injecting data to LDAP data exchanges to access information from LDAP database
Define DLL Injection
Attaching a malicious DLL to a valid process so that whenever the valid process is run, the malicious process is also run
Define Pointer/Object Dereference, how and result
- supply a pointer for memory locations that the product is not expecting
- attack might allow modification of critical state variables, cause a crash, or execution of code
Define Directory Traversal attack and specific server type vulnerable to it
Accessing directories on a web server outside of the publicly available directories hosting the web content
Define Buffer Overflow attack
Using one section of memory to overwrite another section of memory causing the application to crash
What causes buffer overflow vulnerabilities?
Poor application programming
Define Race Condition attack
Taking advantage of simultaneously running processes for malicious intent
What is a TOCTOU attack?
Time-Of-Check to Time-Of-Use attack, taking advantage of the timing of the execution of processes for malicious intent, i.e. transferring more money from an account than the available balance due - Race Condition
What vulnerability exists related to application error handling?
Improper error messages might expose valuable system information, such a stack trace dump, that can be used for further malicious activities
Vulnerability exposed by improper input handling?
Improperly or not validating data input by users opens application up to injection attacks
Define replay attack
Gaining information, such as Session IDs, from network traffic and then using that information to create malicious requests
Define Session Replay attack
Attacker is able to pose as an authorized user by obtaining a session id and posing as another valid user or system
