Sec+ Domain 1.3 Application attacks

Given a scenario, analyze potential indicators associated with application attacks

Privilege escalation

The process of gaining higher-level access privileges than authorized, often through exploiting vulnerabilities.

Cross-site scripting (XSS)

A type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Occur when an attacker uses a web application to send malicious code to a different end user.

Client-side vulnerability: The code is stored on the targeted website

Injections

Attacks where malicious code is inserted into input fields or data streams to manipulate the behavior of an application. Best defense is filter, validate, and sanitize user input.

SQL Injection

Use unexpected input to a web application to gain unauthorized access to an underlying database.

“OR 1=1;” is always true for a database

Dynamic-link library (DLL) Injection

malware tries to inject code into the memory process space of a library using a vulnerable/compromised DLL

Lightweight Directory Access Protocol (LDAP) Injection

When LDAP directories are used for website authentication purposes, threat actors can inject malicious code into user input fields.

Targets directories, not databases

Extensible Markup Language (XML) Injection

occurs when user-supplied input is not properly escaped or sanitized before being added to a web application’s XML documents

Pointer/object dereference

occur when a program attempts to access or manipulate data through a pointer, but due to sloppy programming or lack of proper validation, the pointer leads to unintended memory locations

Directory traversal

also known as path traversal attacks or ../ (dot dot slash) attacks, occur when an attacker gains unauthorized access to files or directories stored outside the web server's root directory.

Buffer overflows

Race conditions

Time of check/time of use