Threats, Attacks and Vulnerabilities

Application Attacks

  • Buffer overflow
  • Injection
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF or XSRF)
  • Privilege escalation

Search “OWASP top ten” for risks related to applications.

Buffer Overflow Attacks

When more data are written to a buffer than it can hold

An anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations.

Injections

Occur when un-trusted data is sent to an interpreter as part of a command or query. The most common fall into the following categories:

  • Escape characters not filtered correctly
  • Type handling not properly done
  • Conditional errors
  • Time delays


The way to defend against this attack is always to filter input
Examples: SQL Injection, OS, LDAP, XML

Coss-site scripting (XSS) & Cross-site request forgery (CSRF/XSRF)

Cross-site scripting (XSS): occur whenever an application includes un-trusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript
Example: “Ron<SCRIPT>alert(‘heIIo’)</SCRIPT>Woemer”

Cross-site request forgery (CSRF/XSRF): an attack that forces an end user to execute unwanted actions on a web application. Also known as a session riding or one-click attack.

Privilege Escalation

The act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

Application Attacks – Prevention and Response

  • Good coding practices – See OWASP
  • Filter and validate any user input
  • Use a Web Application Firewall (WAF)
  • Build security into the Software Development Life Cycle (SDLC)
  • Have an incident response plan in place

0 Days Attack

An attack that exploits a previously unknown security vulnerability.

It may take advantage of a security vulnerability on the same day that the vulnerability becomes generally known.

Example : Stuxnet

Prevention:

  • Defense in depth
  • Patch
  • Updated AV

Impersonation / Masquerading / Replay Attacks

The act if pretending to be someone or something to gain unauthorized access to a system.

Capturing network traffic via eavesdropping, then reestablishing a communications session by replaying captured traffic using spoofed authentication credentials.

Prevention: Token authentication (Kerberos), MFA/TFA, Encryption, Sequenced session identification

Driver Manipulation

  • Driver: A program that controls a device (printers, media, keyboards, etc.)
  • Shimming: creating a library—or modifying an existing one—to bypass a driver and perform a function other than the one for which the API was created.
  • Refactoring: set of techniques used to identify the flow and then modify the internal structure of code without changing the code’s visible behavior

Cryptographic attacks

  • Birthday: an attack on cryptographic hash that looks for hash collisions — exploiting the 1-to-1 nature of hashing functions.
  • Known plain text/cipher text: The attacker attempts to derive a cryptographic key by using pairs of known plain text along with the corresponding cipher text.
  • Frequency analysis: Looking at the blocks of an encrypted message to determine if any common patterns exists

Password Cryptographic Attacks,

  • Dictionary: systematically entering each word in a dictionary as a password
  • Brute force: systematically attempting all possible combinations of letters, numbers, and symbols. Usually automated.
  • Rainbow tables: all of the possible password hashes are computed in advance and those hash values are compared with the password database.
  • Pass the hash: An attacker attempts to authenticate to a remote server or service by intercepting password hashes on a network.

Leave a comment

Your email address will not be published. Required fields are marked *