Application attacks (2.4)

Buffer overflow

overwriting a buffer of memory, the extra memory spills into other memory areas

Privilage escalation

exploiting a vulnerability or a bug to try and grant yourself admin lvl access

Horizontal privilege access

instead of admin access the attacker goes from user A to user B resources

Prevent privilege escalation

patching the application quickly, updated anti virus / anti malware, data execution prevention,

Cross site requests

stuff that occur on almost every single website, the different pictures and links are all loaded from different servers

Client side code

this renders all of the information inside of your browser in a way that the website admin orginally wanted it

Server Side

this side performs requests from the client

what are the two sides of a website page?

client side code and server side code

cross site request forgery

an attacker takes advantage of the trust that a web application has for the user, and makes requests without your consent or your knowledge

What is a common anti-forgery technique?

usually a cryptographic token

what is an example of a cross site request forgery?

attacker creates a funds transfer request < request is sent as a hyperlink to user who is already logged in < visitor clicks link and unknowingly sends the request to bank website < bank validates and sends funds to attacker

directory traversal / path traversal

a website vulnerability that allows an attacker to read or write files that are normally outside the scope of the website directory

How can you possibly see if someone is checking for a directory traversal?

when using ../ while accessing files on a web server