Application attacks and its types

When one uses the internet, it's the important thing that he takes some measures to stay secure. Because now the attacks are not just done on the user by the viruses but they are done through some applications as well. The applications which one uses everyday might contain the infections which can damage the system seriously. Here are some application type's attacks which are being used commonly;



Cross-site scripting:

This attack is the type of an injection in which there are some malicious scripts inserted into the websites which are pretty trusted ones by the users. The XXS attack can happen there the hacker uses some website applications to transfer some bad malicious code. That code is normally in the form Os some browser scripts. Hence it can be sent to some different user as well. Those flaws which are successes can cause the infection to bet spread at some high rate and then this thing can happen whenever there is some website application which is using the input from some user and the output of that website is generated without any encoding or the validation of it. Also, the attacks can make use of the XXS attack to send some malicious scripts to the user who is unsuspecting. The browser used at the user's end might not know that the script shouldn't be trusted. Hence the browser will automatically execute the script. The reason is, that browser will automatically think that the script has come from some source which is a trusted one and that bad script can have access to the cookies, sensitive information, session tokens etc. and hence the browser's data which has been retained can be stolen easily. Also, these scripts can be so powerful that they might write up the HTML page's contents as well.



SQL injection:

This attack is the technique in which some code injection method is used. This is used to make some attacks on the applications which are data driven. There the SQL statements which are malicious are inserted into the fields for some executions. This injection of SQP also exploits the security vulnerability in some application software. User might put some input which is not correct and is not filtered or there is some string character which has been embedded in the SQL statements. It might also happen that the input given by the user is not types so strongly and is handled badly. This SQO injection thing is also known as the attack done it the vector for the websites which can be the easy victim of the SQL database.





LDAP injection:

This attack falls into the category of the applications attacks as well since it is also associated to some applications. This injection is used there to exploit some of the website based applications which can construct the LDAP statements. The statements constructed are based on some input which is given by user. When there is an application which fails to actually sanitize the input, then it becomes possible for the LDAP statements to use the local proxy. The can end up in the execution of some commands which are arbitrary like the giving of permission to some unauthorized queries and Also the modification of some contents in the LDAP tree. Also, these types of techniques are there in the SQL injections as well which can hence be easily applied into the LDAP injections.



XML injection:

When this attack is taken place, the attack mainly makes some efforts and has an aim to inject some XML tags into the SOAP message and hence he wants to modify the source of XML. If the injection of XML is successful, then the result is the execution of the operation which is restricted. Also, it depends on the operation that the security objectives done might get violated as well,



Directory traversal/command injection:

One must know that the proper control Os the web access content is something very crucial for someone who is running the server and safe web server. Directory traversal is the HPTTP exploit which can allow some hacks to get access to some directories which are restricted and hence can help them in execution of some commands which are outside the scope of the root directory of webserver. The webservers normally contain two levels of the security mechanism. One is the Root directory while the other is the access control listings. When the attackers see that some website's security has been compromised and it vulnerable, he can make use of it to get out of the root directory and then can get some access to the parts of the system where there are other files as well. Hence it gives that attacks some abilities to watch and save the restricted filed. The worst case can be that it may allow that hackers to launch some of the very powerful attacks on the web server which might also lead to the full fledge compromise of that specific system.



Buffer overflow:

This term is seed very basically and widely in the computer programming and security. There is a thing where some problem, over burns the boundaries of the user and overwrite that's adjunct memory. It happens when the data is being written to the buffer. This is some case which is special and belongs to the memory safety violation. These overflows can be initiated by some inputs which are specially made for the execution of codes. They can be used for targeting any other programs as well. Hence it can result into some bad program behaviour which can also contain the losing of memory access and errors related to them, the crashes and the results showing which are not correct. Also, the breach in the security system can be made here as well. Hence there are the basics of many of the software vulnerabilities which can be populated maliciously. There are some programming languages too which have been associated with the overflows of the buffer. They include the C and C++ and they can be provided through the protection which is against the over whelming or the access of the data in many of the parts of that memory and hence they don't just check the data automatically to any of the arrays. Also, the bounds checked can result into the prevention of the overs flows of buffers.



Integer overflow:

This thing is basically volubility. There is some overflow of integer condition when there is an integer which is used in the determination of some memory allocation, concatenation, allocation and something like this. That integer is not checked properly and hence it causes some damages. That integer might be wrapped up into something very tiny and the negative number as well and hence it can provide some really in accurate value. There are some consequences too which are associated to it, like the availability of the integer can lead someone to the overflowing of some identifying behaviour. It can also result into some crashes. In the case where the overflows start involving the variables of the indexes, then the likeness that the loop would be so high increases. If the integer which is being used has some value in the question which is something important to the data, it is possible some data corruption can happen. Another thing is that the overflow can also be resulted into some overflow conation of bidder and hence again there are more changes that data will be corrupted. The integer overflow can sometimes also result into something which can initiate the buffer overflow. Hence the arbitrary code can get executed. This is normally done when the program's security policy is not shown.



Zero-day:

It is also known s the zero hour or the day zero attacks. It is a threat which can exploit smooth vulnerability which has been known in the past as well. They can exist in any of the computer applications. It may happen that the developer who developed that application couldn't find time to overcome it or could create some security patch.



Cookies and attachments:

There is a possibility that the cookies which are downloaded are infected ones and the attachments which are downloaded are also the victim of them. When this thing happens, if someone has got some anti-viruses or any other denting program installed, it will automatically detect the coolies which are lying there and hence it would become so easy for someone to remove them and he can secure his computer.



LSO (Locally Shared Objects):

Local shared objectives are the pieces of the data which belong to some website and they are happened when the adobe flash is stored on the user's computer. These LSO are mostly used by the adobe flash's all versions and the non-obsolete flash player's versions as well. There is some important usage of these flashes when the user likes to play some flash games. Here the websites might become the victim of it for the purpose of having some strong user's preferences. Then there are some privacy concerns which can go on regarding the LSO and it might result into the breaching of browser securities.



Flash Cookies:

Flash cookies are so much like LSO. This is basically a message which is used in the adobe flash. It is sent from the webserver to some web browser and then is stored as a single data file in the bowers. They can behave like some conventional coolies by having the user's experiences personalized.



Malicious add-ons:

Sometimes the ads on which are available to get can get injected and they can turn the computers into botnets, it happened once in the past when the Firefox got some ad on which created this problem.



Session hijacking:

This is also known as the cookie hijack. In this case, the computer session or the key session is simply exploited and hence the access to some unauthorized area is gained to get some information or the service in a computer. Specially, this thing is used for the theft of some magic cookie which is used for the authentication of user to some remote access.



Header manipulation:

This type vulnerability takes place when there is some data which has entered the website through some source which isn't trusted and it used by the HTTP request. If the data which is included into the HTTP response has been sent to the website users without getting validated, then too this grave problem can happen.



Arbitrary code execution / remote code execution:

This thing is commonly used to explain about the ability of the attacker to educate many of the commands which are made by the choice of attacker. They are targeted towards one machine or on some process. They are normally used to tell about the software buff which gives the acres some ways to get this code executed. This program is specially designed so that it can exploit the vulnerability which is the ABC exploit. Many of this vulnerability can vulnerability the execution of the code and can exploit them by injecting the shell code and also by executing it. Hence it gives the attacker some easy way so that the arbitrate commands can be rune easily and securely. They also might contain some abilities to initiate the codes which can then be executed from one machine to another. Hence it is also known as the remote code equation because of these very characteristics.


Hence, there are many of the applications which contain some attacks. There are some past histories too which can be checked by one to learn about them. Every time a website I opened and even the content is accesses, there are the chances that the attack can happen and it can steal the data or atlas can read it up. So users might like to know about these attacks so that they can be aware of all the risk they can be the target to when they enter some website or get some services of any of the application they are downloading either for money or the free versions.


VCE Exam Simulator Free DemoVCE Exam Simulator Free Demo
Read about VCE Exam Simulator
Download VCE Exam Simulator
Prep4sure - Professional IT Certification Training
BrainDumps - Get Real Exam Questions
Actual Tests - Lifetime Access to IT Exams

Site Search:

Close

Close
Summer Sale! 40% Off

ExamCollection PREMIUM

Get Unlimited Access to all ExamCollection's PREMIUM files!



Enter Your Email Address to Receive Your 40% Off Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.