Time
2 hours 19 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
Hello, everyone, Welcome back to the course. He didn't find me, but thanks to logs, I mean go Vieira hitting the last video we talked about organizes and its challenges.
00:10
The last video We finished our views in previous module. We talked about important things related to have application in Logan and Aziz. This module will be more hints on. We will perform somewhere Application attacks and Jodl organizes.
00:24
To start, we'll talk about Web application attacks.
00:28
Based on this, the Lord objective off this video are understands the difference between infrastructure and application attacks
00:36
each earned those. They're always stopped in project
00:39
reviews, some common Web application attacks
00:42
and understand that you are all components. That's begging.
00:46
First, let's remember some Web application components.
00:50
I don't remember when we talked about J C, P I. P. And it had to be
00:54
that http uses recipe I picked to communicate
00:59
to Web application works. It needs a lot off components.
01:02
Let's check some of them
01:03
in the top layer. We have the Web application
01:07
GHB, and it'd be are related to this layer
01:11
after something that we talked about the Web seven that holds the application
01:15
Web. Seven Softeners like Apache and Jags are in this layer. This two components needs to run in some place. This place is a server wave operational system
01:29
life. Microsoft's Windows are only nerds.
01:33
This is US Tru TV War machines.
01:37
We can add to this earlier the database service and application service.
01:42
And the less layer we have the network hardware in service is that make their communications possible.
01:48
This is only one way to understand the Web application and its components. It is important to know that each components can be attacked.
01:55
And since one publication depends on all these components on attack on each away can affect the Web application to so other three layers under their Web application. Our infrastructure In this course we'll focus on the top layer. The Web application attacks.
02:10
This is a cheap going for a stroke to to support our publication.
02:15
Another design. It's possible,
02:16
but will not be so different from this. Jax is over. Page the user. You send a request to the Web server and they were observant. You access your other components.
02:27
This means that all this infrastructure can help with logs, so if you have more logs, you have more information. During your investigation,
02:35
you have the same Web application in the same infrastructure. How do you think that you can identify a malicious user and an attack?
02:44
You did fine attack. You need to know about the attack and the website. The logs will help you need fighters in time.
02:50
As we said before, the Web applications are trying servant oriented.
02:53
Basing this model, we can cross fire replication attacks in two types,
02:59
clients ever side
03:00
that usually explores a vulnerability. Yours is in point.
03:05
Where is located the Web client. The second classifications is seven side the tights.
03:09
In this case, the target is the server.
03:13
In this car's. We'll focus on service side attacks. Since the website is a target became usage logs identify the attack
03:21
to talk about in tax. We need to talk about vulnerabilities,
03:25
one off definitions off. Pulling our beauty.
03:29
It's from the East,
03:30
which says that vulnerability is a weakness in information. Sister station security procedures in a row controls our implementation that could be exploited or triggered by a thread source to us. Will you change information season for Web application?
03:47
The attacker is someone who tries to exploit the vulnerability and all the fun everything's is the dark. So face here. Some more definitions risk the possibility off something that happened
04:00
garbage to us. Web service and Web applications
04:03
and the attack are basically any action that someone is performing, trying to export of inability or not to cause any impact on the Web application.
04:14
We are talking about the text, but do you know what are the most common Web application attacks?
04:20
To answer this question, we will use our definitions on the lessons lights
04:26
based on the definitions. We need a vulnerability. You have an attack,
04:30
so it's better to ask what are the most come over the abilities.
04:34
To answer this question, we have their own last stopped in Project
04:40
WASP, which means open Web applications. Security Project is a project that catalogs to talk to influence ability on the Web applications.
04:48
In this course, we use diversion. Launch it in 2017
04:53
in the first version is from 2003
04:56
gentle WASP website. If you want more information
05:00
here, we have the cooperation between 2013 and 2017 project.
05:04
In this course, we use examples off some attacks like injection broken education, security, Miss Configuration Cross site scripting
05:15
using components with vulnerabilities
05:17
And the less talk is not an attack but is related to our course
05:23
to talk about Web attacks. We need to understand that you are a Rh components.
05:28
You are el is Uniform resource located.
05:31
It is a type off universal resource in the fire
05:35
User agents use that you are here to request information from the Web server.
05:41
Each Web application Have one resource locator and this make possible tribes ever host Main applications
05:48
You are is also know as Web address
05:53
and has multiple parts.
05:55
Let's understand its components
05:58
scheme that identifies the protocol. Oh, host of the me that could be followed or not by apart
06:03
Bath that identifies the resource already want to access.
06:08
And the query. They're used to pass some information.
06:11
It received a cyber logging page. We can find the components
06:15
this game. A protocol in this case is a GPS.
06:19
Www dot cyber. Dora Qi is the host. Order me. You can see here that we do not have the part information.
06:28
It will use the four for three because of https scheme.
06:32
After the flash is the past and after the question mark is the query.
06:38
It is important to know that the most off the attacks are performing in the past are in the choir components. If you want to know more about, check this to websites.
06:47
I'm not important. V is encoding.
06:50
You are ask. You won't be sent over network using asking, Carter said.
06:57
To respect this rule, some off the Curtis need to be included in our ski
07:01
the including works changing then supported character for 1% followed by two numbers. The two numbers are the Exodus mortgages off the encoded character,
07:13
for example, they space is covered 2% 20. Like this example,
07:18
another use is to convert different right seasons
07:23
that doesn't use leading chars like Iraq or Chinese
07:28
House, including is used to perform attacks,
07:31
although a percent in their requests doesn't mean that this is a malicious request. Percent is used to go in bad actions.
07:41
For example, the cyber request has percent, but it's safe
07:46
to make things clear. Let's see this request.
07:49
We have this big requests here with men percent.
07:54
If you know about Ehskyoo, you can ask notice some Eskimo words like select where in others could you find this words?
08:01
It's hard to find right.
08:03
There are many percents
08:05
to help. We can decode it. There are many sides that can help with the Cody.
08:11
After the D call, we'll be able to find what it really means.
08:15
Now. It's easy to see their scare words in the really quest letting this course we'll learn that this requires is asking of injection attack.
08:24
One more thing.
08:24
A cheap car using you do many requests. Tracks. It's one page. This means that they use it. We request different paths. Enquiries
08:33
here. An example. Often user request one website.
08:37
One knocks is generated three lines off logs. Other requests are from same I p address. Same there in time. But oh are different requests.
08:46
It is a common behavior in the Martin Web pages.
08:50
Many requests to load a single Web page.
08:54
No, you know of application will help you to identify this behavior.
08:56
Post assessment question.
08:58
Considering a baseball before structure on the Web server are susceptible to attacks,
09:05
this is information to our force.
09:07
Doesn't formations force? Remember, that Web application depends on many components, and off them can be targets.
09:15
Next question.
09:16
Which of these vulnerabilities are present. You know what stopped in Project 2017? The answer is injection and secure Miss Configuration.
09:26
The other options are related infrastructure attacks
09:28
and for the last question,
09:31
check this off formation
09:33
Web request with a percent sign on AIDS are malicious.
09:37
This information is true or force
09:39
this often missions force
09:41
percent is not always my leashes.
09:43
It can be used to transfer a different word season or supported characters.
09:50
Video summary
09:50
In this lesson, we talked about difference between Web application and infrastructure attacks based in a layer approach.
09:58
The definition off, an attack and vulnerability
10:03
they owe us stopped in project
10:05
and the reviews you are air components at decoding
10:09
either Next video way start all organizes,
10:13
starting with different abilities skins.

Up Next

Identifying Web Attacks Through Logs

This course will review web application infrastructure, web servers, and the logs associated with them. We will also simulate 10 attack scenarios and identify the attack through logs that are generated by the web server.

Instructed By

Instructor Profile Image
Igor Vieira
Information Security Analyst
Instructor