Most Common Application Level Attacks
Download as PPTX, PDF2 likes372 views
The document outlines the most common application-level attacks, including SQL injection, cross-site scripting (XSS), parameter tampering, directory traversal, denial-of-service (DoS), session hijacking, and cross-site request forgery (CSRF). It emphasizes the significant risks posed by these attacks, such as unauthorized access to sensitive data and disruption of application interactions. Each type of attack is briefly described, highlighting its method and potential impact on security.
Most Common Application Level Attacks
- 1. Copyright EC-Council 2020. All Rights Reserved. Certified Application Security Engineer (CASE) Most Common Application Level Attacks
- 2. SQL Injection Attack Cross-Site Scripting (XSS) Attacks Parameter Tampering DirectoryTraversal Denial-of-Service (DoS) Attack Session Attacks Cross-Site Request Forgery (CSRF) Attack Most Common Application Level Attacks
- 3. SQL Injection Attack: Most of the prominent data breaches that occur today have been the outcomes of an SQL Injection attack, which has led to regulatory penalties and reputational damages. An effective SQL Injection attack can lead to unapproved access to delicate data, including credit card information, PINs, or other private information regarding a customer.
- 4. Cross-Site Scripting (XSS) Attack: This attack disrupts the interaction between users and vulnerable applications. It is based on client-side code injection. The attacker inserts malicious scripts into a legit application to alter its original intention.
- 5. Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Parameter Tampering
- 6. File path traversal is also known as directory traversal or backtracking. The primary objective of this web application attack is to access files and directories which are not placed under the ‘root directory’. Directory Traversal
- 7. It is a type of cyberattack that occurs when an attacker seeks to render a computer or other networks inaccessible to its authorized users by momentarily or permanently interrupting the normal operations of a host linked to the Internet. Denial-of-Service (DoS) Attack DoS
- 8. Session hijacking is an attack over user sessions by masquerading as an authorized user. It is generally applicable to browser sessions and web applications hacking. You can understand session hijacking as a form of Man- in-the-Middle (MITM) attack. Session Attack:
- 9. Cross site request forgery — also known as CSRF or XSRF — is one of the web-related security threats on the OWASP top-ten list. The main principle behind a CSRF attack is exploitation of a site’s trust for a particular user, clandestinely utilizing the user’s authentication data. Cross-Site Request forgery ( CSRF) Attack:
- 10. To Learn More, Visit - https://www.eccouncil.org/programs/certified-application-security-engineer-case/
- 11. THANK YOU!