1. Web Application Threats - 1: Most security breaches occur in web applications, rather than in web servers, as web applications might contain bugs due
... [Show More] to coding issues in the development phase. Consequently, web applications are prone to various types of threats, some of which are outlined below:
ª Injection Flaws Injection flaws are the most common application vulnerabilities that allow untrusted user-supplied data to be interpreted and executed as a command or query. The attackers inject malicious code, commands, or scripts into the input gates of flawed web applications in such a manner that the applications interpret and run with the newly supplied malicious input, which in turn allows the attackers to extract sensitive information. Such injection flaws are commonly found in in SQL, NoSQL, and LDAP queries as well as OS commands. Injection flaws have been regarded as the topmost security vulnerability in web applications in 2017 by the Open Web Application Security Project (OWASP).
ª SQL Injection
In this type of attack, the attacker injects malicious SQL commands or queries as input data. This helps them bypass the security measures of the web application and retrieve sensitive content from the database server.
ª Cross Site Scripting In this type of attack, the attackers bypass the client's ID security mechanisms and gain access privileges. Subsequently, they inject the malicious scripts into specific fields in the web pages. These malicious XSS scripts can rewrite the HTML content of a website, hijack user sessions or redirect users to malicious websites, and deface website. XSS is one of OWASP's top 10 web application security vulnerabilities for 2017.
ª Cross Site Request Forgery In this attack method, an authenticated user is made to perform certain tasks on the web application that is chosen by an attacker. For example, an attacker can make a user click on a particular link sent via email or chat. ª Broken Access Control
This is a method in which an attacker identifies a flaw in access-control policies and exploits it to bypass the authentication mechanism. This enables the attacker to gain access to sensitive data, modify access rights, or operate accounts of other users. This is a part of 2017 OWASP top 10 security vulnerabilities.
ª Broken Authentication
Attackers exploit implementation flaws in the authentication and session manage- ment functions of a web application to obtain administrative privileges or imper- sonate other users. Common vulnerable areas include timeouts, secret questions, and password management. Broken authentication is one of OWASP's top 10 web application security vulnerabilities for 2017.
ª Buffer Overflow
The buffer overflow of a web application occurs when it fails to guard its buffer
properly and allows writing beyond its maximum size. Thus, it overwrites adjacent memory locations. There are multiple forms of buffer overflow, including heap buffer overflows and format string attacks. The purpose of these attacks is to corrupt the execution stack of the web application.
ª Cookie Poisoning
Cookie poisoning refers to the modification of a cookie for bypassing security measures or gaining unauthorized access to information. In this type of attack, the attackers bypass the authentication process by altering the information present inside a cookie. Once the attackers gain control over a network, they can modify its content, use the system for a malicious attack, or steal information from the users' systems.
ª Sensitive Data Exposure
Sensitive information, such as account records, credit-card numbers, passwords, or other authenticated information are generally stored by web applications either in a database or on a file system.
If the developers make any mistakes while enforcing encryption techniques on a web application or ignore the security aspects of some parts of the application, attackers can easily exploit those flaws to gain unauthorized access to sensitive information. Sensitive data can be exploited and misused by both insiders and outsiders to perform identity theft, credit-card fraud, and other cybercrimes. This threat is included in OWASP top 10 security vulnerabilities for 2017.
ª Information Leakage
refers to a drawback in a web application where the application unintentionally reveals sensitive information to an unauthorized user. Such information leakage can cause great losses to a company.
Hence, the company needs to employ proper content filtering mechanisms to protect all its information or data sources, such as systems or other network resources, from information leakage.
ª Improper Error Handling
This threat arises when a web application is unable to handle internal errors properly. In such cases, the website returns information, such as database dumps, stack traces, and error codes, in the form of errors.
ª Insufficient Logging & Monitoring Log files keep records of the actions and events that occur while an application/service is running. This vulnerability occurs when the logs do not record security-critical events or provide unclear warnings or error messages. The lack of log monitoring or the maintenance of logs at insecure locations greatly increases the chance of a major security incident. More- over, insufficient logging and monitoring practices leave no audit trail for forensic analysis, making the detection of any malicious behavior exceedingly difficult for
forensic investigators. It is one of 2017 OWASP's top 10 web application security vulnerabilities.
ª Path/Directory Traversal
When attackers exploit HTTP by using directory traversal, they gain unauthorized access to directories, following which they may execute commands outside the web server's root directory.
ª Parameter/Form Tampering
This type of tampering attack aims at manipulating the communication parameters exchanged between a client and server to make changes in application data, such as user IDs and passwords with event logs or the cost and quantity of products.
In order to improve the functionality and control of the application, the system collects such information and stores it in hidden form fields, cookies, or URL query strings.
Hackers use tools such as WebScarab and Paros proxy to launch this type of attack. Successful exploitation might lead to other attacks such as file inclusion and XSS.
ª Denial-of-Service (DoS) A denial of service (DoS) attack aims at terminating the operations of a website or server by making its resources unavailable to clients.
For example, a DoS attack may shut down the functioning of a website related to banking or an email service for a few hours or even days, resulting in the loss of both time and money.
ª Unvalidated Input In this type of attack, attackers tamper with the URL, HTTP requests, headers, hidden fields, form fields, query strings, etc. to bypass a security measures in a system. User login IDs and other related data get stored in cookies, which become a source of attacks. Examples of attacks that cause unvalidated input include SQL injection, cross-site scripting (XSS), and buffer overflows.
ª Security Misconfiguration
The lack of a repeatable security-hardening process at any layer of the application stack, which includes web servers, databases, frameworks, host OSes, application servers, and storage devices, can lead to a security misconfiguration vulnerability. The use of default configurations, passwords, or out-of-date software can increase the risk of an attack. This is included in OWASP 2017 top 10 security vulnerabilities. ª Log Tampering
Web applications maintain logs to track the usage patterns, such as admin login credentials and user login credentials. The attackers usually inject, delete or tamper the web application logs to engage in malicious activities or hide their identities
2. Computer forensics: refers to a set of methodological procedures and tech- niques to identify, gather, preserve, extract, interpret, document and present evi- dence from computing equipment that is acceptable in a court of Law
3. Cybercrime is defined: as any illegal act involving a computing device, net- work, its systems, or its applications. It is categorized into two types based on the line of attack: internal attacks and external attacks
4. Computer crimes: pose new challenges for investigators due to their speed, anonymity, volatile nature of evidence, global origin of the crimes and difference in laws, and limited legal understanding
5. Approaches to manage cybercrime investigations include: civil, criminal, and administrative approaches
6. Digital evidence is: "any information of probative value that is either stored or transmitted in a digital form". It is of two types: volatile (Power off its lost) and non-volatile (now difference if off)
7. Forensic readiness refers to: an organization's ability to optimally use digital evidence in a limited period of time and with minimal investigation costs. Helps maintain Business Continuity. Practice Drills.
'
Plan:
1. Identify potential evidence required.
2. Determine Source
3. Define Policy
4. establish Policy
5. Identify if Full/formal investigation is required.
6. create process for documenting procedure
7. Legal advisory board
8. Keep Incident response team ready.
includes technical and non-technical actions that maximize an organization's com- petence to use digital evidence.
8. Organizations often include computer forensics as part of their: incident response plan to track and prosecute the perpetrators of an incident
9. Which of the following is true regarding computer forensics?: Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them.
10. Which of the following is not an objective of computer forensics?: Doc- ument vulnerabilities allowing further loss of intellectual property, finances, and reputation during an attack. [Show Less]