Attacks
List attacks (examples)
| Attack | Explanation | Example |
|---|---|---|
| XSS | Cross site scripting is when an attacker uses a web application to send malicious code to another user. Usually takes form of a script run by the browser. | Newspaper which was vulnerable had the content of an article displayed to the user changed with javascript. http://www.cgisecurity.com/2007/08/20 Note that potential usage involves cookie theft, session stealing etc. |
| CSRF | Cross site request forgery is a relatively new attack that exploits the fact that most web applications are stateless (apart from login) to submit formdata. A user which is logged in somewhere that accesses an "attacker site" (can be XSS vulnerable third party) will find that his browser requests that formdata is posted and the request seems legit from the exploited site point of view. | Gmail had an CSRF vulnerability that allowed an attacker to post forms to a logged in users gmail account. Gmail was extremely vulnerable because users tend to stay logged in for longer periods of time. |
| Injection | Injection attacks cover all forms of attacks where the attacker supplies data which tries to be interpreted as control characters which in turn might make the system perform unintended operations. | SQL-injection is a popular flavour, where the attacker supplies control characters which alters or influences SQL statements. SQL-injections can reveal information, insert information, delete all data etc. |
| DoS | Denial of Service is most often thought of as taking down a site with massive amounts of requests. However, there are other aspects that can enable a DoS attack with much less effort. If there are operations in the system whose runtime is polynomial or worse in regard to number of requests, then a possible DoS weakness exists. | Computation heavy processes like sorting a large array should be cached or saved so it isn't possible to invoke the process over and over again. |
| Replay attacks | Replay attacks is attacks where an attacker replays previously transmitted traffic. This attack can utilize legitimate traffic to perform some actions twice, acheiving some malicious intent. | TODO |