https://luminoussheep.net/mediawiki/index.php?action=history&feed=atom&title=Attack_Vectors 2026-04-16T19:05:41Z Revision history for this page on the wiki MediaWiki 1.43.8 https://luminoussheep.net/mediawiki/index.php?title=Attack_Vectors&diff=75&oldid=prev 2021-09-14T21:36:10Z

<p>Created page with &quot;References http://java.boot.by/scea5-guide/ch08s03.html === Input Validation === * data type * format * length * range * nulls * special characters e.g. [ % * | &#039; ** square...&quot;</p> <p><b>New page</b></p><div>References<br /> http://java.boot.by/scea5-guide/ch08s03.html<br /> <br /> <br /> === Input Validation ===<br /> * data type<br /> * format<br /> * length<br /> * range<br /> * nulls<br /> * special characters e.g. [ % * | &#039; <br /> ** square brackets special in sql server?<br /> <br /> === Output sanitation ===<br /> * prevent special tags being output by user generated content<br /> * change content<br /> * malicious scripts<br /> * screen this on input?<br /> <br /> === Buffer overflow ===<br /> * typically attack on input parameters<br /> * may also target output sanitisation, data injection<br /> <br /> === Data Injection ===<br /> * inject malicious code along with normal user data<br /> * pop up windows - window injection<br /> ** hijack pop up window from a second site<br /> * data passed to DB - sql injection<br /> * prevent with input validation<br /> ** input, query strings, cookies - sever side validation<br /> <br /> === XSS Cross site scripting ===<br /> * links or scripts included in user generated content<br /> * javascript, vbscript, activex, html, flash<br /> * gathers data from other users<br /> * steel accounts, change privileges, steel information, poison content<br /> <br /> === Improper error handling ===<br /> * disclosure of errors on failure<br /> * information leaked can be used to generate an attack<br /> * display user friendly messages <br /> ** e.g. unique reference that can be looked up in logs<br /> * don&#039;t display stack trace or internal details of error<br /> <br /> === Insecure data transfer/storage ===<br /> * use cryptographic techniques for sensitive data<br /> * prevents eves dropping<br /> * prevent tampering<br /> <br /> === Weak session identifiers ===<br /> * session identifiers before authorised <br /> * session identifier passed over insecure channels<br /> * failure to validate the session identifier<br /> * failure to expire session<br /> <br /> === Weak security tokens ===<br /> * poor passwords - guessable<br /> * echoing back passwords e.g. in cookie without proper encryption<br /> * use strong/multifactor authentication<br /> ** digital certificates, biometrics, smart cards<br /> * validate passwords<br /> <br /> === Weak password exploits ===<br /> * weaknesses: guessable, captured from keystrokes, password cracking tools<br /> * most common security issue<br /> * see above - weak security tokens<br /> <br /> === Weak encryption ===<br /> * faster computers =&gt; algorithms/key lengths becoming viable to brute force attacks<br /> * weaknesses in algorithms discovered e.g. MD5<br /> * use longer key lengths - approved algorithms e.g. AES, SHA<br /> <br /> === Session theft ===<br /> * steeling/snooping/reusing/guessing sessionid/session cookie<br /> * invalidate session after use<br /> * encrypt session information<br /> ** use secure channel SSL/TLS<br /> <br /> === Insecure configuration ===<br /> * particularly web tier<br /> * certificate configuraion/encryption settings<br /> * default/debugging accounts<br /> * unnecessary/insecure plugins/options<br /> * unnecessary ports<br /> * authentication configuration<br /> * credential management<br /> <br /> === Broken access control ===<br /> * ability to view source<br /> * restricted files<br /> * configuration data<br /> * penetration test<br /> <br /> === Policy failures ===<br /> * organisations policy must have all required rules<br /> * rules must not conflict - appropriate qualification<br /> * issues for design<br /> <br /> === Audit and Loggin ===<br /> * Key to non-repudiation<br /> * Required to diagnose/foil attacks<br /> * required to resolve bugs/race conditions<br /> * Should be secured and restricted access<br /> <br /> === DOS DDOS (distributed) denial of service ===<br /> * impact logging<br /> * router filtering<br /> * fault tolerant redundant servers<br /> * host name verification<br /> * secure pipe, intercepting web agent, intercepting validator patterns<br /> <br /> === MITM man in the middle ===<br /> * SSL/TLS IPSEC or secure pipe pattern<br /> <br /> === Multiple sign on ===<br /> * user has to log in multiple times<br /> * possible to exploit multiple simultaneous sessions/ loss of productivity forcing logout from each application<br /> * use SSO to resolve<br /> <br /> === Deployment problems ===<br /> * review and test infrastructure security policies<br /> * verify application policies consistent with infrastructure policies<br /> <br /> === Code quality ===<br /> * coding review<br /> * secure code scanning</div>

Martin