Cybersecurity Assignment 2022
VerifiedAdded on 2022/10/20
|12
|3058
|22
Assignment
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Jocelyne Suerte
2021-2022
hahhahahahaahhaha
https://quizlet.com/245116740/ccna-cyber-ops-flash-cards/
Cyber Ops TextBook Notes
Chapter 1:w
Cybersecurity is here to protect each of us, our economy, schools, critical infrastructure, and any
other organizations from unauthorized or criminal use. It protects us from crime that can result
from inadverdent or intentional misuse, compromise, or destruction of information and
information systems.
Cybersecurity vs Information Security
Traditional InfoSec- used to protected confidentiality, integrity, and availability of data within
and organization
- This is no longer sufficient, every organization is a target which is why we have…
Cybersecurity programs which build on or expand upon traditional InfoSec programs and
include..
- Cyber risk management and Oversight
- Threat intelligence and information sharing
- Threat hunting (looking for potential comptomises & threats in your organization which
were not previously detected)
- Third party organization, software, and hardware dependency management
- Incident response and resiliency
Cybersecurity which is the process of protecting information by preventing, detecting, and
responding to attacks.
- Vigilant, resilient, and ready to protect and defend every ingress and egress connection &
organizational data wherever it is stored, transmitted, or protected
The NIST Cybersecurity Framework
NIST- National Institute of Standards and Technology, a non regulatory federal agency within the
US Commerce Department’s Technology Administration
- Computer Security Division, 1/7 divisions
2021-2022
hahhahahahaahhaha
https://quizlet.com/245116740/ccna-cyber-ops-flash-cards/
Cyber Ops TextBook Notes
Chapter 1:w
Cybersecurity is here to protect each of us, our economy, schools, critical infrastructure, and any
other organizations from unauthorized or criminal use. It protects us from crime that can result
from inadverdent or intentional misuse, compromise, or destruction of information and
information systems.
Cybersecurity vs Information Security
Traditional InfoSec- used to protected confidentiality, integrity, and availability of data within
and organization
- This is no longer sufficient, every organization is a target which is why we have…
Cybersecurity programs which build on or expand upon traditional InfoSec programs and
include..
- Cyber risk management and Oversight
- Threat intelligence and information sharing
- Threat hunting (looking for potential comptomises & threats in your organization which
were not previously detected)
- Third party organization, software, and hardware dependency management
- Incident response and resiliency
Cybersecurity which is the process of protecting information by preventing, detecting, and
responding to attacks.
- Vigilant, resilient, and ready to protect and defend every ingress and egress connection &
organizational data wherever it is stored, transmitted, or protected
The NIST Cybersecurity Framework
NIST- National Institute of Standards and Technology, a non regulatory federal agency within the
US Commerce Department’s Technology Administration
- Computer Security Division, 1/7 divisions
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Jocelyne Suerte
2021-2022
- It’s cybersecurity framework is a collection of industry standards and best practices to
help organizations manage cybersecurity risks
- One of the main goals of the framework is to manage risk in a cost-effective manner to
protect critical infrastructure
The International Organization for Standardization (ISO)
A network of the national standards institute of more than 160 countries.
ISO27k- compromises information security standards published jointly by the ISO & the
Information Security Management System
- First six docs provide recommendations for “establishing, implementing, operating,
monitoring, reviewing, maintaining, and improving a Information Security Management
System (ISO 27001 - ISO 27006)
- Framework is applicable to public and private organizations of all sizes
- It gives recommendations for InfoSec management for use by those who are responsible
for initiating, implementing, or maintaining security in their organizations
Threats, Vulnerabilities, and Exploits
Threat- Potential danger to an asset
- Latent Threat: a vulnerability that exists but has not yet been exploited or is not publicly
known
- Realized Threat: can be, someone actively launching an attack on your system and
successfully compromises your securiy
Malicious Actor- entity that takes advantage of the vulnerability
Threat Agent or Threat Vector- path used by malicious actor to perform an attack
Vulnerability- a weakness in the system design, implementation, software, or code or the lack of
a mechanism
- Correct implementation of safeguard and security countermeasures can mitigate a
vulnerability and reduce the risk of exploitation
Different types of vulnerabilities
Application- may happen when apps are in need of patches or updates
2021-2022
- It’s cybersecurity framework is a collection of industry standards and best practices to
help organizations manage cybersecurity risks
- One of the main goals of the framework is to manage risk in a cost-effective manner to
protect critical infrastructure
The International Organization for Standardization (ISO)
A network of the national standards institute of more than 160 countries.
ISO27k- compromises information security standards published jointly by the ISO & the
Information Security Management System
- First six docs provide recommendations for “establishing, implementing, operating,
monitoring, reviewing, maintaining, and improving a Information Security Management
System (ISO 27001 - ISO 27006)
- Framework is applicable to public and private organizations of all sizes
- It gives recommendations for InfoSec management for use by those who are responsible
for initiating, implementing, or maintaining security in their organizations
Threats, Vulnerabilities, and Exploits
Threat- Potential danger to an asset
- Latent Threat: a vulnerability that exists but has not yet been exploited or is not publicly
known
- Realized Threat: can be, someone actively launching an attack on your system and
successfully compromises your securiy
Malicious Actor- entity that takes advantage of the vulnerability
Threat Agent or Threat Vector- path used by malicious actor to perform an attack
Vulnerability- a weakness in the system design, implementation, software, or code or the lack of
a mechanism
- Correct implementation of safeguard and security countermeasures can mitigate a
vulnerability and reduce the risk of exploitation
Different types of vulnerabilities
Application- may happen when apps are in need of patches or updates
Jocelyne Suerte
2021-2022
Operating System- may happen when vulnerabilities are found in OS that have not been
patched or updated
Hardware- may happen if hardware requires patches to microcode (firmware) as well as the OS
or other system software. Spectre & Meltdown are well-known hardware vulnerabilities.
Misconfiguration- when misconfigured there may be open ports, vulnerable services, or
misconfigured network devices. This can be easily exploited.
Shrinkwrap Software- application or executable file that is run on a workstation or server,
when installed on a device it can have tons of functionality or sample scripts of code available
Common Vulnerability and Exposures (CVE) Identifier- identifier of vulnerabilities that is
disclosed to the public
- Maintained by MITRE
- Goal of CVE is to make it easier to shae data across tools, vulnerability repositories, and
security services
National Vulnerability Database (NVD)- maintains detailed list of vulnerabilities disclosed in the
industry
Exploit- a piece of software, a tool, a technique, or a process that takes advantage of`a
vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a
computer system
- Hackers and Perpetrators know that all software has vulnerabilities and seek to take
advantage of`them
- The more critical a server, the longer it takes to patch
Zero-day Exploitation- when a vulnerability no one knows exists is exploited
The time required to deploy & install software patch on production servers and workstations
exposes an IT infrastructure to an additional period of risk
People can trade exploits for malicious intent on places such as, the dark web (most common).
Darkweb / Darknet- an overlay of networks and systems that uses the Internet but requires
specific software and configurations to access it
- Small part of deep web
2021-2022
Operating System- may happen when vulnerabilities are found in OS that have not been
patched or updated
Hardware- may happen if hardware requires patches to microcode (firmware) as well as the OS
or other system software. Spectre & Meltdown are well-known hardware vulnerabilities.
Misconfiguration- when misconfigured there may be open ports, vulnerable services, or
misconfigured network devices. This can be easily exploited.
Shrinkwrap Software- application or executable file that is run on a workstation or server,
when installed on a device it can have tons of functionality or sample scripts of code available
Common Vulnerability and Exposures (CVE) Identifier- identifier of vulnerabilities that is
disclosed to the public
- Maintained by MITRE
- Goal of CVE is to make it easier to shae data across tools, vulnerability repositories, and
security services
National Vulnerability Database (NVD)- maintains detailed list of vulnerabilities disclosed in the
industry
Exploit- a piece of software, a tool, a technique, or a process that takes advantage of`a
vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a
computer system
- Hackers and Perpetrators know that all software has vulnerabilities and seek to take
advantage of`them
- The more critical a server, the longer it takes to patch
Zero-day Exploitation- when a vulnerability no one knows exists is exploited
The time required to deploy & install software patch on production servers and workstations
exposes an IT infrastructure to an additional period of risk
People can trade exploits for malicious intent on places such as, the dark web (most common).
Darkweb / Darknet- an overlay of networks and systems that uses the Internet but requires
specific software and configurations to access it
- Small part of deep web
Jocelyne Suerte
2021-2022
Deep Web - Collection of Info & Systems on internet that is not accessible/indexed through web
search engines
Not all Exploits are Malicious, they can be ..
Shared by researches POC (proof of concept) exploits in public sites, in which researches &
others post exploits for known vulnerabilities
Risk, Assets, Threats, and Vulnerabilities
Risk- the probability or likelihood of the occurrence or realization of a threat
Elements of Risk include.. Assets, Threats and Vulnerabilities
Risk Management Framework (RMF)- adopted by US Government to deal with risk
- Based on the key concepts of mission and risk based, cost-effective, and enterprise
information system security
Asset- any item of economic value (can be real or virtual) owned by an individual or corporation
- Real Ex: Routers, Servers, Hard Drives
- Virtual Ex: Databases, Spreadsheets, Formulas
- If assets are lost, damaged, or compromised there can be an economic cost to the
organization
Residual Risk- The risk left after safeguards and controls are put into place to protect the asset
Threat- sets the stage for risk and is anything that could potentially cause harm, loss, or damage
or compromise an IT asset or data set
- Events that can affect the confidentiality, integrity and availability of the organisation’s
assets
- Threats can result in destruction, disclosure, denial of service, corruption of data, or
modification
Examples of threats:
● Natural Disasters, Weather, and Catastrophic Damage
● Hacker Attacks
● CyberAttack
● Viruses and Malware
2021-2022
Deep Web - Collection of Info & Systems on internet that is not accessible/indexed through web
search engines
Not all Exploits are Malicious, they can be ..
Shared by researches POC (proof of concept) exploits in public sites, in which researches &
others post exploits for known vulnerabilities
Risk, Assets, Threats, and Vulnerabilities
Risk- the probability or likelihood of the occurrence or realization of a threat
Elements of Risk include.. Assets, Threats and Vulnerabilities
Risk Management Framework (RMF)- adopted by US Government to deal with risk
- Based on the key concepts of mission and risk based, cost-effective, and enterprise
information system security
Asset- any item of economic value (can be real or virtual) owned by an individual or corporation
- Real Ex: Routers, Servers, Hard Drives
- Virtual Ex: Databases, Spreadsheets, Formulas
- If assets are lost, damaged, or compromised there can be an economic cost to the
organization
Residual Risk- The risk left after safeguards and controls are put into place to protect the asset
Threat- sets the stage for risk and is anything that could potentially cause harm, loss, or damage
or compromise an IT asset or data set
- Events that can affect the confidentiality, integrity and availability of the organisation’s
assets
- Threats can result in destruction, disclosure, denial of service, corruption of data, or
modification
Examples of threats:
● Natural Disasters, Weather, and Catastrophic Damage
● Hacker Attacks
● CyberAttack
● Viruses and Malware
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Jocelyne Suerte
2021-2022
● Disclosure of Confidential Information
● Denial of service or Distributed Denial of Service attacks (Dos/ DDos)
Threat Actors- the individuals (or a group) who perform an attack or are responsible for a
security incident that impacts or has the potential of impacting an organization or an individual
Types of Threat Actors
- Script Kiddies- use existing scripts or tools to hack because they lack the skill to write
their own scripts
- Organized Crime Groups- Main purpose is to make money, scam people, and steal
information
- State Sponsors and Governments- Agents interested in stealing data (intellectual property
and research and development data) from major manufacturers, government agencies,
and defense contractors
- Hacktivists- people who carry out cybersecurity attacks aimed at promoting a social or
political cause
- Terrorist Groups- groups motivated by political or religious beliefs
Cracker= Criminal Hacker, individuals who seek to compromise the security of a system without
permission from from an authorized party
Ethical Hacker= (the good hackers) performs security tests and other vulnerability assessments
activities to help organizations secure their infrastructure (Also known as White Hat Hackers)
Threat Intelligence- the knowledge about an existing or emerging threats to assets, including
networks and systems
- Includes context, mechanisms, indicators of compromise (IoCs)
- Purpose- to inform business decisions regarding the risks and implications associated
with threats
Types of Hackers
● White Hat Hackers= Ethical Hackers
2021-2022
● Disclosure of Confidential Information
● Denial of service or Distributed Denial of Service attacks (Dos/ DDos)
Threat Actors- the individuals (or a group) who perform an attack or are responsible for a
security incident that impacts or has the potential of impacting an organization or an individual
Types of Threat Actors
- Script Kiddies- use existing scripts or tools to hack because they lack the skill to write
their own scripts
- Organized Crime Groups- Main purpose is to make money, scam people, and steal
information
- State Sponsors and Governments- Agents interested in stealing data (intellectual property
and research and development data) from major manufacturers, government agencies,
and defense contractors
- Hacktivists- people who carry out cybersecurity attacks aimed at promoting a social or
political cause
- Terrorist Groups- groups motivated by political or religious beliefs
Cracker= Criminal Hacker, individuals who seek to compromise the security of a system without
permission from from an authorized party
Ethical Hacker= (the good hackers) performs security tests and other vulnerability assessments
activities to help organizations secure their infrastructure (Also known as White Hat Hackers)
Threat Intelligence- the knowledge about an existing or emerging threats to assets, including
networks and systems
- Includes context, mechanisms, indicators of compromise (IoCs)
- Purpose- to inform business decisions regarding the risks and implications associated
with threats
Types of Hackers
● White Hat Hackers= Ethical Hackers
Jocelyne Suerte
2021-2022
● Black Hat Hackers = perform illegal activity
● Gray Hat Hackers = usually follow the law but sometimes venture over to the darker side
The Threat Intelligence Process
Planning and Direction -> Collection -> Processing -> Analysis and Production -> Dissemination
Cyber Threat Intelligence- Makes it easier to find threats
- Focuses on IoCs, IP addresses, URLs, or exploit patterns
Examples of Standards that are being developed for disseminating threat intelligence
- Structured Threat Information eXpression (STIX): designed for sharing cyber attack
information
- Trusted Automated eXchange of Indicator Information (TAXII): open transport
mechanism standardizes the automated exchange of cyber threat information
- Cyber Observable eXpression (Cyb OX): free standardized schema used for,
specification, capture, characterization, and communication of events of stateful
properties that are observable in the operational domain
- Open Indicators of Compromise (Open IOC): open frameworks used for sharing threat
intelligence in a machine-digestible format
- Open Command and Control (Open C2): language used for command and control of
cyber-defense technologies
Threat Intelligence Platform
They aggregate, correlate and and analyze threat intelligence information from real sources, in
near real time.
For analysts in the SOC to defend against todays threats, TIPs need to scale and and support the
growing amount of threat intelligence data generated by a variety of resources (system logs,
threat intelligence feeds)
Modern threat intelligency platforms also use APIs to gather or exchange data
2021-2022
● Black Hat Hackers = perform illegal activity
● Gray Hat Hackers = usually follow the law but sometimes venture over to the darker side
The Threat Intelligence Process
Planning and Direction -> Collection -> Processing -> Analysis and Production -> Dissemination
Cyber Threat Intelligence- Makes it easier to find threats
- Focuses on IoCs, IP addresses, URLs, or exploit patterns
Examples of Standards that are being developed for disseminating threat intelligence
- Structured Threat Information eXpression (STIX): designed for sharing cyber attack
information
- Trusted Automated eXchange of Indicator Information (TAXII): open transport
mechanism standardizes the automated exchange of cyber threat information
- Cyber Observable eXpression (Cyb OX): free standardized schema used for,
specification, capture, characterization, and communication of events of stateful
properties that are observable in the operational domain
- Open Indicators of Compromise (Open IOC): open frameworks used for sharing threat
intelligence in a machine-digestible format
- Open Command and Control (Open C2): language used for command and control of
cyber-defense technologies
Threat Intelligence Platform
They aggregate, correlate and and analyze threat intelligence information from real sources, in
near real time.
For analysts in the SOC to defend against todays threats, TIPs need to scale and and support the
growing amount of threat intelligence data generated by a variety of resources (system logs,
threat intelligence feeds)
Modern threat intelligency platforms also use APIs to gather or exchange data
Jocelyne Suerte
2021-2022
Threat Intelligence Platforms support...
● Threat Intelligence Collection: Collects and aggregates multiple data formats including,
CSV, STIX, XML, JSON, IODEK, OpenIOC, and proprietary threat intelligence feeds
● Data Correlation: Automatically analyzing and correlating threat intelligence data
● Enrichment and Contextualization: provides enriched content around threats in order to
enable SOC analysts and incident responders to have as much data as possible about the
attack and the threat actor
● Analyze: automates the analysis of threat indicators to enable the identification of the
adversary’s tactics, techniques and procedures (TTPs). Often TIPs can leverage the
adversary tactics and techniques included in MITRE’s ATT&CK framework
● Integration with other security systems: Modern TIPs provide the ability to integrate with
many different security solutions (SIEM & SOAR)
● Act: threat intelligence platform should enable security professionals to create tools and
applications that can help respond to and mitigate cybersecurity threats and attacks
Vulnerabilities are typically identified by a Common Vulnerabilities and Exposure (CVE)
identifier.
- CVE: an identifier for publicly known security vulnerabilities (created and maintained by
MITRE)
Injection Based Vulnerabilities
● SQL injection vulnerabilities
● HTML injection vulnerabilities
● Command injection vulnerabilities
Code Injection Vulnerabilities- exploited by forcing an application or system to process invalid
data
An attacker takes advantage of this type of vulnerability to inject code into a vulnerable
system and change the course of execution
2021-2022
Threat Intelligence Platforms support...
● Threat Intelligence Collection: Collects and aggregates multiple data formats including,
CSV, STIX, XML, JSON, IODEK, OpenIOC, and proprietary threat intelligence feeds
● Data Correlation: Automatically analyzing and correlating threat intelligence data
● Enrichment and Contextualization: provides enriched content around threats in order to
enable SOC analysts and incident responders to have as much data as possible about the
attack and the threat actor
● Analyze: automates the analysis of threat indicators to enable the identification of the
adversary’s tactics, techniques and procedures (TTPs). Often TIPs can leverage the
adversary tactics and techniques included in MITRE’s ATT&CK framework
● Integration with other security systems: Modern TIPs provide the ability to integrate with
many different security solutions (SIEM & SOAR)
● Act: threat intelligence platform should enable security professionals to create tools and
applications that can help respond to and mitigate cybersecurity threats and attacks
Vulnerabilities are typically identified by a Common Vulnerabilities and Exposure (CVE)
identifier.
- CVE: an identifier for publicly known security vulnerabilities (created and maintained by
MITRE)
Injection Based Vulnerabilities
● SQL injection vulnerabilities
● HTML injection vulnerabilities
● Command injection vulnerabilities
Code Injection Vulnerabilities- exploited by forcing an application or system to process invalid
data
An attacker takes advantage of this type of vulnerability to inject code into a vulnerable
system and change the course of execution
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Jocelyne Suerte
2021-2022
Examples of code injection vulnerabilities include the following:
■ SQL injection
■ HTML script injection
■ Dynamic code evaluation
■ Object injection
■ Remote file inclusion
■ Uncontrolled format string
■ Shell injection
SQL injection (SQLi) vulnerabilities can be catastrophic because they can allow an
attacker to view, insert, delete, or modify records in a database.
- In-band SQL injection- attackers obtains the data by using the same channel that is used
to inject the SQL code (most basic form of an SQL attack) data is dumped directly in a
web application
- Out-of-Band SQL injection- attacker obtains data using a different channel (email, text,
instant message) could be sent to the attacker with the results of the query
- Blind/Inferential SQL injection- attacker does not make application display or transfer
any data, attacker is able to reconstruct the information by sending specific statements
and discerning the behavior of the application and database.
Command Injection- an attack in which an attacker tries to execute commands that they
shouldn’t be able to execute on a system via a vulnerable application. These attacks are possible
when an application doesn’t validate data supplied by the yser (web forms, cookies, HTTPs
headers). System passes that data into a system shell.
- Tries to send os commands so that application can execute it with the privileges of the
vulnerable application
Authentication Based Vulnerabilities- attacker can bypass authentication in vulnerable systems
by using several methods
- Credential brute forcing
- Session hijacking
- Redirecting
- Exploiting default credentials
- Exploiting weak credentials
- Exploiting Kerberos vulnerabilities
2021-2022
Examples of code injection vulnerabilities include the following:
■ SQL injection
■ HTML script injection
■ Dynamic code evaluation
■ Object injection
■ Remote file inclusion
■ Uncontrolled format string
■ Shell injection
SQL injection (SQLi) vulnerabilities can be catastrophic because they can allow an
attacker to view, insert, delete, or modify records in a database.
- In-band SQL injection- attackers obtains the data by using the same channel that is used
to inject the SQL code (most basic form of an SQL attack) data is dumped directly in a
web application
- Out-of-Band SQL injection- attacker obtains data using a different channel (email, text,
instant message) could be sent to the attacker with the results of the query
- Blind/Inferential SQL injection- attacker does not make application display or transfer
any data, attacker is able to reconstruct the information by sending specific statements
and discerning the behavior of the application and database.
Command Injection- an attack in which an attacker tries to execute commands that they
shouldn’t be able to execute on a system via a vulnerable application. These attacks are possible
when an application doesn’t validate data supplied by the yser (web forms, cookies, HTTPs
headers). System passes that data into a system shell.
- Tries to send os commands so that application can execute it with the privileges of the
vulnerable application
Authentication Based Vulnerabilities- attacker can bypass authentication in vulnerable systems
by using several methods
- Credential brute forcing
- Session hijacking
- Redirecting
- Exploiting default credentials
- Exploiting weak credentials
- Exploiting Kerberos vulnerabilities
Jocelyne Suerte
2021-2022
Credential Brute-Force Attacks and Password Cracking:
Online brute-force attacks: In this type of attack, the attacker actively tries to log in to
the application directly by using many different combinations of credentials. Online
brute-force attacks are easy to detect because you can easily inspect for large numbers of
attempts by an attacker.
Offline brute-force attacks: In this type of attack, the attacker can gain access to
encrypted data or hashed passwords. These attacks are more difficult to prevent and
detect than online attacks. However, offline attacks require significantly more computation
effort and resources from the attacker
Weak credential lead to credential compromise. The more complex a password is, the better.
Multi-Factor Authentication is even better. This reduces the amount of Brute force attacks.
Weak Crytographic algorithms (RC4, MD5, DES) allow attackers to easily crack passwords
- Statistical Analysis and rainbow tables can be used against systems that don’t protect
passwords with an one-way hashing function
- Rainbow table- table to reverse cryptographic functions so that cracking pw is easier
- Weak Encryption or Hashing Algorithms inroduce avenues of attack
- An organization should implement techniques on systems and applications to throttle
login attempts and prevent brute-force attacks.
Session Hijacking- several ways a session hijack can be performed such as..
- Predicting session tokens: if attackers can predict these they can easily hijack the web
session to further compromise the system or data
- Session Sniffing: can occur through collecting packets of unencrypted web sessions
- Man in the Middle Attacks (MITM): attacker sits in the path between the client and the
web server
2021-2022
Credential Brute-Force Attacks and Password Cracking:
Online brute-force attacks: In this type of attack, the attacker actively tries to log in to
the application directly by using many different combinations of credentials. Online
brute-force attacks are easy to detect because you can easily inspect for large numbers of
attempts by an attacker.
Offline brute-force attacks: In this type of attack, the attacker can gain access to
encrypted data or hashed passwords. These attacks are more difficult to prevent and
detect than online attacks. However, offline attacks require significantly more computation
effort and resources from the attacker
Weak credential lead to credential compromise. The more complex a password is, the better.
Multi-Factor Authentication is even better. This reduces the amount of Brute force attacks.
Weak Crytographic algorithms (RC4, MD5, DES) allow attackers to easily crack passwords
- Statistical Analysis and rainbow tables can be used against systems that don’t protect
passwords with an one-way hashing function
- Rainbow table- table to reverse cryptographic functions so that cracking pw is easier
- Weak Encryption or Hashing Algorithms inroduce avenues of attack
- An organization should implement techniques on systems and applications to throttle
login attempts and prevent brute-force attacks.
Session Hijacking- several ways a session hijack can be performed such as..
- Predicting session tokens: if attackers can predict these they can easily hijack the web
session to further compromise the system or data
- Session Sniffing: can occur through collecting packets of unencrypted web sessions
- Man in the Middle Attacks (MITM): attacker sits in the path between the client and the
web server
Jocelyne Suerte
2021-2022
- Man in the browser (MITB) attacks: similar to MITM attack but in this case, a browser
(extension or a plug-in) is compromised and used to intercept and manipulate web
sessions between the user and the web server
- Lack of validating and filtering invalid session id numbers can lead to exploitation of
other web vulnerabilities (SQL injection, if session ids are stored on regional database or
persistent XSS if session ids are stored and reflected back afterward by the web
application).
Default Credentials- These defaults passwords make it easy for attackers to access ones system,
so manufacturers requirer users to change the default credentials. Examples of things with
default credentials are.. Routers, Switches, WAP’s, Firewalls.
Insecure Direct Object Reference Vulnerabilities- can be exploited when web applications allow
direct access to things based on user input. This occurs when an application does not sanitize
user input and does not perform appropriate authorization checks. To exploit this vulnerability an
attacker must map out all locations in the application where user input is used to reference
objects directly.
OWASP- The Open Web Application Security Project (OWASP) is a nonprofit charitable
organization that leads several industrywide initiatives to promote the security of
applications and software. The organization lists the top 10 most common vulnerabilities
against applications
The OWASP top ten-
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and data integrity failures
- Security logging and monitoring failures
- Server-side request forgery
Buffer overflow- When more data is being transmitted into a fixed-length buffer than what it can
handle (too much data)
2021-2022
- Man in the browser (MITB) attacks: similar to MITM attack but in this case, a browser
(extension or a plug-in) is compromised and used to intercept and manipulate web
sessions between the user and the web server
- Lack of validating and filtering invalid session id numbers can lead to exploitation of
other web vulnerabilities (SQL injection, if session ids are stored on regional database or
persistent XSS if session ids are stored and reflected back afterward by the web
application).
Default Credentials- These defaults passwords make it easy for attackers to access ones system,
so manufacturers requirer users to change the default credentials. Examples of things with
default credentials are.. Routers, Switches, WAP’s, Firewalls.
Insecure Direct Object Reference Vulnerabilities- can be exploited when web applications allow
direct access to things based on user input. This occurs when an application does not sanitize
user input and does not perform appropriate authorization checks. To exploit this vulnerability an
attacker must map out all locations in the application where user input is used to reference
objects directly.
OWASP- The Open Web Application Security Project (OWASP) is a nonprofit charitable
organization that leads several industrywide initiatives to promote the security of
applications and software. The organization lists the top 10 most common vulnerabilities
against applications
The OWASP top ten-
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and data integrity failures
- Security logging and monitoring failures
- Server-side request forgery
Buffer overflow- When more data is being transmitted into a fixed-length buffer than what it can
handle (too much data)
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Jocelyne Suerte
2021-2022
Cross-site Scripting (XSS)- one of the most common web application vulnerabilities
- Reflected XSS
- Stored/Persistent XSS
- DOM- based XSS
Attackers can use obfuscation techniques in XSS attacks by encoding tags or malicious portions
of the script using Unicode so that the link or html content is disguised to the end user browsing
the site.
Reflected/Non-Persistent XSS- when malicious code or scripts are injected by a vulnerable web
application using any method that yields a response as part of a HTTP request
Methods of delivery for XSS exploits are phishing emails, messaging applications and search
engines.
Stored/Persistent XSS attacks- occur when malicious code or script is permanently stored on a
vulnerable/malicious server (using a database) Typically on blogs or forums. Ex. User requests
stored information from vulnerable/malicious server, which caused the injection of the requested
malicious script into the victim’s browser
Document Object Model (DOM)- cross platform and language independent API (application
programming interface) that treats a HTML, XHTML, or XML document as a tree structure.
Usually reflected XSS attacks that are trigged by sending a link with inputs that are shown to the
browser. Payload is never sent to server, only to the browser.
DOM based XSS attack- attacker sends a malicious URL to victim, and after the victim clicks
the link, it may load a malicious website or site that has a DOM route handler. After the site is
rendered, the attack begins.
W
On pg 65
2021-2022
Cross-site Scripting (XSS)- one of the most common web application vulnerabilities
- Reflected XSS
- Stored/Persistent XSS
- DOM- based XSS
Attackers can use obfuscation techniques in XSS attacks by encoding tags or malicious portions
of the script using Unicode so that the link or html content is disguised to the end user browsing
the site.
Reflected/Non-Persistent XSS- when malicious code or scripts are injected by a vulnerable web
application using any method that yields a response as part of a HTTP request
Methods of delivery for XSS exploits are phishing emails, messaging applications and search
engines.
Stored/Persistent XSS attacks- occur when malicious code or script is permanently stored on a
vulnerable/malicious server (using a database) Typically on blogs or forums. Ex. User requests
stored information from vulnerable/malicious server, which caused the injection of the requested
malicious script into the victim’s browser
Document Object Model (DOM)- cross platform and language independent API (application
programming interface) that treats a HTML, XHTML, or XML document as a tree structure.
Usually reflected XSS attacks that are trigged by sending a link with inputs that are shown to the
browser. Payload is never sent to server, only to the browser.
DOM based XSS attack- attacker sends a malicious URL to victim, and after the victim clicks
the link, it may load a malicious website or site that has a DOM route handler. After the site is
rendered, the attack begins.
W
On pg 65
Jocelyne Suerte
2021-2022
2021-2022
1 out of 12
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.