Web Application Threats

00:00

Hi, everyone. Welcome back to the course. So in this video, where to go over some of the different threats to our Web applications.

00:07

So we'll talk about the different types of threats.

00:11

We've got many different threats. So we've got things like cookie poisoning, which is basically where the attacker can change information inside of the cookie so they can bypass authentication procedures and processes. And then from there, they can gain control, potentially gain control over the network, modify content, use our systems for malicious attacks or

00:29

even still information like our intellectual property

00:33

Directorate Reversal attacks is where they're exploiting http by using directory traverse allow. And so essentially, they're ableto access those restricted directories. And then from there they can execute various commands.

00:46

The UN validated input. So essentially they try different inputs. So they made tamper with http request. They made tamper with headers, form fields, hidden fields, query strings, etcetera, etcetera. Um,

01:00

so what they're trying to do is they're trying to attack essentially and get the log in credentials of the users.

01:06

So some examples of that type of attack might be cross site scripting or things like buffer overflows, even sequel injection attacks. Basically, that input is not being validated by this server.

01:17

We got cross site scripting. So are the application We got cross site scripting where basically the Attackers bypassing the authentication mechanism. As for for the client ideas. So basically, they're able to say I am really this client and the and they're not. So they're essentially is injecting malicious scripts into the Web pages of the website.

01:37

And then from there, the Attackers able to gain the privileges that they shouldn't have access to.

01:44

And then we got our injection flaws. So things like, you know, the sequel injection command, injection attacks. Basically, this goes back to that invalidated input where we're not validating that this is legitimate input or legitimate query into the back end database.

02:00

We have our sequel injection attacks. So as we've talked about, this is where we're injecting various commands. So we're not validating the input, though, So this is in particular. This is where injecting sequel command into the back end database and those commands are not being validated and basically shown as to be legitimate.

02:19

And so we might be able to get information or gain access to information that we shouldn't have access to

02:23

through that type of attack.

02:25

We've got parameter and form tampering is basically this is intended to manipulate the parameters that are exchanged between the client and the server. And so the goal here is to modify things like the application data

02:38

eso trying to get trying to modify, like, user credentials or trying to escalate privileges, or maybe even just trying to change the price of a product on the website. Right? So maybe I don't want to pay full price for that thing on Amazon. So I come in here and do a try to do this type of attack to modify the price so I only pay a dollar instead of $500.

02:58

We've got a denial of service attack which we talked about our threat, which we talked about before in this course where essentially we're just trying to overwhelm that website or that Web application or the Web server and cause a loss of functionality, so causing them to not be causing the legitimate users not to be able to access

03:15

that particular application

03:19

and then broken access control, which is basically where a certain flaws been identified by the attacker that's related to the access control eso, for example, that allows the attacker to bypass the authentication and gain access to data they should not be able to access.

03:34

We have cross site request forgery. This is basically where the the attacker

03:39

is forcing the unauthenticated user to do an action that they want them to do on that Web application. So, for example, they might send them a phishing email say, Hey, click this link and the user clicks that link and the redirected, uh, to that malicious site and the attacker basically is able to grab their credentials. From there.

03:59

We have information leak it. So this is where the sensitive data is not secured. So, for example, it could be that I run a sequel injection attack, and I'm able to get all sorts of information from the backend database. Where had you properly configured things that that input should be validated and I should not be able to get that information

04:18

improper air handling. This is again going back to the verbose air messaging where I do a query. I get unauthentic. I get a air message back that tells me information about potentially tables in the database or something. And then from there I can use that information to further perform my attack and achieve my objectives as the attacker

04:38

log tampering. This basically, that's where the Attackers trying to mess up the data in the logs so they could inject their own data. They might delete some of the long information or more likely, if they really don't want to be caught or try to reduce the risk of being caught. They inject a bunch of junk data into the logs versus deleting stuff,

04:56

because when it's deleted, you say, Well, wait a minute. There must have been some kind of some kind of an attack here,

05:00

but when it's a bunch of junk data, you say, Well, sometimes that happens, right? So buffer overflow attacks just simply with the Web application where there hasn't

05:10

the parameters haven't properly been set in the code. So the Attackers able to overflow

05:15

the the allotted area of memory and then potentially execute commands in another part of memory.

05:21

So other types of Web application threats are things like platform exploits, where the user can build various Web applications using different platforms like cold fusion or B s Web logic. And so with that, there's we just know that there's different vulnerabilities with those different platforms. So

05:41

this is where the attacker uses that third party,

05:44

uh, type of platform to exploit that to then attack the Web application.

05:48

We've got broken session management where

05:51

we may not be taking care of our credentials during that session. And so the Attackers able to gain access to those credentials

05:59

security, Miss Configurations, which we talked about before in this course. And it sounds Children, making sure that we probably have the application configured. Make sure that there's no hard coded credentials. Make sure the software itself is up to date. Make sure that we're not using the default accounts or or at least default credentials on the accounts.

06:18

Broken account management.

06:20

So this could be something where we don't have good procedures in place for, like a forgotten or lost password, so that our password reset policy is vulnerable. And that allows the attacker to reset your password and gain access to your account insecure storage,

06:35

where we're not protecting that sensitive information so potentially like credit card information

06:42

or just credit log in credential information or account records were not protecting that properly, so the Attackers able to gain access to that information

06:49

insecure direct object references. So basically, where developers are exposing internal implementation objects in the code, so things like might be things like the file directories files themselves could be exposing database records or things like key through references.

07:08

We have insecure cryptographic storage, So basically we're just using weaker encryption. We're not using proper encryption

07:14

or with us storing our keys properly, and the attack was able to get that the information. They're able to grab the keys and then potentially decrypt them and get access to our sense of the data. We got authentication hijacking.

07:27

This is where the attacker could do impersonation or credential stuffing or session hijacking attacks, even like the theft of services attacks, network access attacks where the Attackers able to gain access to the Web application and then cookie sniffing, where the attacker can

07:44

identify some of the users like surfing habits

07:47

and so kind of like, where they going, what websites Here they going thio And then from there they can use that information to potentially perform like a watering hole attack right where they in a DNS poisoning attack where they redirect

08:01

the user to that malicious site and the user interest in the credentials. And from there, the attacker has that they can log in to get sensitive information.

08:09

We've also got Web services attack where the Attackers exploiting different, vulnerable Web services, insufficient SSL and TLS authentication attacks. We've got hidden manipulation attacks where the attacker essentially compromises like e commerce website. So they manipulate the hidden fields on, then just change the data that's stored in them.

08:30

So again, going back to altering things like the price of the product.

08:33

So I don't have to pay the $500 to Amazon and then exploiting the Dems is well, so the D M C protocol attacks where the attacker then eyes kind of in that trusted network. So we got zero trust these days. But in previous years, that would be considered a trusted part of the network. And from there then that allows the attacker to perform their attacks.

08:52

Um, validated redirection forward. So

08:54

essentially again, going back to the attacker does a phishing email as a user click on the link, redirects them to a malicious site

09:03

and then finally, things like failing to restrict U R L access. So basically allowing the attacker to access your ales directly and then redirect to malicious sites attack obfuscation. So, essentially the Attackers hiding themselves and hiding the attack, and this allows them to

09:20

perform more attacks against a Web application itself.

09:24

Security management exploits. So where the Attackers actually directly targeting any security management system you have in place so they might be able to modify things like protection policies, delete policies that you have or add new policies to give themselves further access section session fixation attacks where

09:41

they tricked the legitimate Web server

09:45

and user into using a specific session I d. That's not an actual valid session I'd on then just maliciously executing files, right? So malicious file execution against vulnerabilities that they found on that Web application. So just a quick, quick question here for you.

10:01

Using this attack, the attacker can directly modify protection policies. Is that section infestation?

10:07

Is that security management or cookie poisoning?