1.0 Attacks, Threats, and Vulnerabilities
1.3 Potential Indicators of an Application Attack
Privilege Escalation - When an attacker is able to gain a higher level access to the system than what their authentication allows.
Cross-site scripting (XSS) - An attack where client-side scripts are able to be injected into web pages viewed by other users.
Injections - An attacker is able to put their code into existing data
Structured Query Language (SQL) - Modify SQL data or access non-protected SQL data
Dynamic-Link Library (DLL) - An attacker has an application run a program.
Lightweight Directory Access Protocol (LDAP) - Can modify LDAP requests to manipulate app results.
Extensible Markup Language (XML) - Used to transfer data, man in the middle attacks
Pointer/Object Dereference - Attacker dereferences a portion of memory that’s being used by an application where nothing was stored to cause a crash/denial of service.
Directory Traversal - Attacker is able to read files on the server that the application/website is running on.
Buffer Overflows - Amount of data in the buffer exceeds its storage capacity.
Race Conditions - Situation where a device runs operations at the same time when it should sequence the operations.
Time of Check/Time of Use - Bug where the attacker can check the state of part of a system (credentials) and use the results elsewhere.
Error Handling - An application's response and recovery procedures from an error condition.
Improper Input Handling - Functions such as validation, sanitization, filtering, or encoding/decoding of input data.
Replay Attack - Attacker eavesdrops on network communication, intercepts it, and delays or resends it to misdirect the receiver.
Session Replays - Attacker replays the journey a user made on a website, mobile app, or web app.
Integer Overflow - An arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of digits.
Request Forgeries
Server-Side (SSRF) - Attacker forces a server to make additional client requests.
Cross-Site (CSRF) - Attacker forces an authenticated user to submit a request to a web app with their authenticated credentials.
Application Programming Interface (API) Attacks - Attacker abuses or manipulates use of an API (data breach).
Resource Exhaustion - Attacker exploits software to cause it to crash, (denial-of-service).
Memory Leak - Memory gets allocated, but never released/freed causing a crash.
Secure Sockets Layer (SSL) Stripping - Attacker is able to bypass security by downgrading your connection to an insecure one (https to http).
Driver Manipulation - Attacker exploits drivers. (keylogger)
Shimming - Using things like compatibility mode to exploit vulnerabilities/elevate privileges.
Refactoring - Attacker adds pointless code to have malware circumvent anti-virus signatures.
Pass the Hash - Attacker captures a password hash and uses it to authenticate.