Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.

Published byCharlotte Cole Modified over 8 years ago

Similar presentations

Presentation on theme: "Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing."— Presentation transcript:

1 Carrie Estes Collin Donaldson

2  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing the security  May not prevent against web attacks  Protecting the network  Traditional network security devices can block traditional attacks, but not always web app attacks Application Attacks

3  Injects scripts into a web app server  Direct attacks at clients  Does not attack web app to steal content or deface it  Victim goes to website, instructions sent to victims computer, instructions execute  Requires two criteria  It accepts input from the user without validation  It uses the input in a response without encoding it Cross-Site Scripting (XSS)

4  Structured Query Language  View and manipulate data in a relational database  Targets SQL servers  Attacker using SQL would  braden.thomas@fakemail.com’  If “Email address unknown” pops up, entries are being filtered  If “Server failure” pops up, entries are not being filtered SQL Injection

5  A markup language is a method for adding annotations to the text so that the additions can be distinguished from the text itself  HTML is also a markup language  It uses tags embedded in brackets so the browser can format correctly  Extensible Markup Language  XML carries data and tags are user made  XML and SQL injection attacks are very similar  A specific type is Xpath injection  Attempts to exploit XML Path Language queries that are built from user input Markup Languages

6 Persistent Cookie Secure Cookie First Party Cookie Third Party Cookie Session Cookie Cookies

7 An attack in which an attacker attempts to impersonate the user by using his session token. An attacker can eavesdrop on the transmission to steal the session token cookie. A second option is to attempt to guess the session token cookie. Session Token: A form of verification used when accessing a secure web application. Session Hijacking

8 A buffer overflow occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. Attackers use buffer overflow to compromise a computer. Buffer Overflow attacks

9 Denial of Service: Makes attempts to keep a computer from performing its normal functions. DDOS attack: Uses multiple computers. Ping flood: Uses the ICMP to flood the victim with packets. The computer is overwhelmed and cannot respond quickly enough. This causes it to drop legitimate connections to other clients. Smurf attack: An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target. Network Attacks

10 Angie is a high school student She is doing poorly in math class Her teacher sends her parents a letter Angie waits for the letter and replaces it with a different letter Her teacher wonders why her parents do not respond to having a conference. Man in the middle attack

11 Asset Identification Threat Evaluation Risk mitigation Diminish the risk Transfer the risk Accept the risk Vulnerability Assessment

Download ppt "Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Web Audit Vulnerability cross-site scripting (XSS) concerns by Ron Widitz.

Web Audit Vulnerability cross-site scripting (XSS) concerns by Ron Widitz.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Happy Hacking HTML5! Group members: Dongyang Zhang Wei Liu Weizhou He Yutong Wei Yuxin Zhu.

Happy Hacking HTML5! Group members: Dongyang Zhang Wei Liu Weizhou He Yutong Wei Yuxin Zhu.
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

Similar presentations

Ads by Google