About this page.

This blog was originally just going to be my Security assignment for electronic logs, but it has now evolved just a bit. In this blog will will find my notes and anything else we do in these classes.

Tuesday, January 31, 2012

Chapter 3 beginning


Application and Network Attacks


Application Attacks
  • Attacks that target applications
    • Category continues to grow
    • Web applications attacks
    • Client-side attacks
    • Buffer overflow attacks
  • Zero day attacks
    • Exploit previously unknown vulnerabilities
    • Victims have no time to prepare or defend
More after the break

Web Application Attacks
  • Web applications an essential element of organizations today
  • Approach to securing Web applications
    • Hardening the Web server
    • Protecting the network
  • Common Web application attacks
    • Cross-site scripting
    • SQL injection
    • XML injection
    • Command injection/directory traversal

Cross-Site Scripting
  • Injecting scripts into a Web application server
    • Directs attacks at clients
  • When victim visits injected Web site:
    • Malicious instructions sent to victim's browser
  • Browser cannot distinguish between valid code and malicious script
  • Requirements of the targeted Web site
    • Accepts user input without validation
    • Uses input in a response without encoding it
  • Some XSS attacks designed to steal information:
    • Retained by the browser

SQL Injection
  • Targets SQL servers by injection commands
  • SQL (Structured Query Language)
    • Used to manipulate data stored in relational database
  • Forgotten password example
    • Attacker enters incorrectly formatted email address
    • Response lets attacker know whether input is being validated
    • Attacker enters email field in SQL statement
    • Statement processed by the database
    • Example statement:
      • SELECT fieldlist ROM table WHERE field = 'whatever' or 'a'='a'
    • Result: All user email addresses will be displayed

XML Injection
  • Markup language
    • Method for adding annotations to text
    • Came from SGML
  • HTML
    • Uses tags surrounded by brackets
    • Instructs browser to display text in specific format
  • XML
    • Carries data instead of indicating how to display it
    • No predefined set of tags
      • Users define their own tags
  • XML Attack
    • Similar to SQL injection attack
    • Attacker discovers Web site that does not filter user data
    • Injects XML tags and data into the database
  • Xpath injection
    • Specific type of XML injection attack
    • Attempts to exploit XML Path Language queries

Command Injection / Directory Traversal
  • Web server users typically restricted to root directory
  • Users may be able to access subdirectories
    • But not parallel or higher level directories
  • Sensitive files to protect from unauthorized user access
    • Cmd.exe can be used to enter text-based commands
    • Passwd (Linux) contains user account information
  • Directory transversal attack
    • Takes advantage of software vulnerability
    • Attacker moves from root directory to restricted directories
  • Command injection attack
    • Attacker enters commands to execute on a server

Client-Side Attacks
  • Web application attacks are server-side attacks
  • Client-side attacks target vulnerabilities in client applications
    • Interacting with a compromised server
    • Client initiates connection with server, which could result in an attack
  • Drive-by download
    • Client computer compromised simply by viewing a Web page
    • Attackers inject content into vulnerable Web server
      • Gain access to server's OS
    • Attackers craft a zero pixel frame to avoid visual detection
    • Embed an HTML document inside main document
    • Client's browser downloads malicious script
    • Instructs computer to download malware
  • Header manipulation
    • HTTP header contains fields that characterize data being transmitted
    • Headers can originate from a Web browser
      • Browsers do not normally allow this
      • Attacker's short program can allow modification
    • Examples
      • Referer
      • Accept-language
  • Referer field indicates site that generated the Web page
    • Attacker can modify this field to hide the fact it came from another site
    • Modified Web page hosted from attacker's computer
  • Accept-language
    • Some Web applications pass contents of this field directly to database
    • Attacker could inject SQL command by modifying this header
  • Cookies and Attachments
    • Cookies store user-specific information on user's local computer
  • Web sites use cookies to identify repeat visitors
  • Examples of information stored in a cookie
    • Travel Web sites may store user's travel itinerary
    • Personal information provided when visiting a site
  • Only the Web site that created a cookie can (generally) read it
  • First party
    • Cookie created by Web site user is currently visiting
  • Third party cookie
    • Site advertisers place a cookie to record user preferences
  • Session cookie
    • Stored in RAM and expires when browser is closed
  • Persistent cookie
    • Recorded on computer's HD
    • Does not expire when browser closes
  • Secure cookie
    • Used only when browser visits server over secure connection
    • Almost always encrypted
  • Flash cookie
    • Uses more memory that traditional cookie
    • Cannot be deleted through browser configuration settings
  • Cookies pose security and privacy risks
    • May be stolen and used to impersonate user
    • Used to tailor advertising
    • Can be exploited by attackers


When the server contacts the client, its called a push.
When the client contacts the server, its called a pull. 

Headers have both the destination and the source addresses.  You can manipulate these.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)