Codecademy Logo

Application Attacks

Print Cheatsheet

Mitigating SQL Injection Attacks: Input Sanitization

One way SQL injections can be mitigated is through input sanitization. Sanitization is the process of removing dangerous characters from user input.

Dangerous characters might include:

  • ;
  • \--

This is important because they allow attackers to extend SQL queries to gain more information from a database.

Careful, this method is not the perfect defense against SQL injections. Removing characters may have no effect in some queries and, if an attacker finds a way to bypass the sanitization process, they can easily inject data into your system.

SELECT username, email FROM users WHERE id = '1' AND '1' = '2';

SQL Injection

A SQL injection is a serious vulnerability affecting applications that use SQL as their database language. Through cleverly constructed text inputs that modify the backend SQL query, threat actors can force the application to output private data or respond in ways that provide intel. SQL injections attacks can ultimately be used to steal information and even take complete control of a system.

A login form with "lorenzo_33" as the username and "password'; DROP TABLE Accounts;--" as the password.

Cross-Site-Scripting (XSS)

Cross-Site Scripting (XSS) is a part of the OWASP Top Ten.

XSS is when an application allows untrusted data, potentially user-supplied data, into a web page without proper validation or sanitization.

It’s dangerous because it can allow attackers to execute malicious scripts in a victim’s browser leading to hijacked sessions, or malicious page alterations or redirections.

The code is an example of some code that may be used as part of a XSS attack. It could be inserted into a URL.

<script>alert(1);</script>

Data Validation and Sanitation

Data validation and data sanitation are two techniques used to properly handle input data.

It’s important to handle input to prevent exploitation of system or software vulnerabilities such as those seen in SQL injection attacks.

Lightweight Directory Access Protocol (LDAP) Injection Attack

The Lightweight Directory Access Protocol (LDAP) injection attack, a similar attack technique to SQL injection, is carried out by injecting malicious input into a web page with the intent of altering the LDAP query executed on the backend.

Directory Traversal Attack

The directory traversal attack takes place when an attacker uses “dot-slash” (./) notation to gain access to files or folders they are not authorized to access.

For example, a directory traversal attack targeting a Linux system may exploit a web request intended for /var/www/htmlpage and instead append ../../../etc/hosts to the end of the request to attempt and gain access to the hosts file of that system.

/var/www/htmlpage/../../../etc/hosts

What is a pointer?

A pointer is a variable that stores the hexadecimal address of the variable it is pointing to.

Null Pointer

A null pointer refers to when code attempts to read a memory location specified by a pointer, but nothing is there.

Null Pointer Exploitation

Attempting to dereference a null pointer will usually cause the program to crash, but can sometimes allow for arbitrary code execution.

Memory Leaks

A memory leak occurs when allocated memory is not released after it’s done being used. A memory leak can lead to system instability or overflows.

Memory Leak & Denial of Service (DoS)

Memory leaks and resource exhaustion can be leveraged by an attacker to create a denial of service (DoS) attack.

Resource Exhaustion

Resource exhaustion is a computing term that refers to an exhaustion of resources such as memory, fixed disk capacity, network utilization, and more.

Buffer Overflow Attack

A buffer overflow attack is caused when an attacker intentionally passes data that overfills a buffer. This can allow an attacker to fill the buffer with data of their choosing.

Integer Overflow Attack

An integer overflow attack is caused when an attacker causes a program to calculate a value too large to be stored as an integer data type, causing the value to ‘wrap around’. This can allow an attacker to cause unexpected behavior in an application.

A Dynamic Link Library (DLL) Injection attack is when an attacker is able to attach a malicious DLL file to a legitimate program.

This can allow driver manipulation to occur and allow an attacker to open new network connections, access files, and more.

Shimming

An attacker could carry out a DLL injection by shimming.

Shimming is when a DLL is injected into a program to “translate” outdated function calls into function calls supported by the current OS.

DLL Injection and Code Refactoring

An attacker could carry out a DLL Injection by refactoring code.

When using this technique, attackers will attempt to evade detection by refactoring the DLLs used in the application’s source code so they don’t match antivirus signatures for known malicious files.

Initialization Vector

An Initialization vector (IV) is an input into a cryptographic algorithm that sets the algorithm’s initial state.

An IV usually needs some level of randomness or uniqueness, and this varies based on the cryptographic algorithm.

Birthday Attack

A birthday attack is a type of cryptographic, brute-force attack that attempts to exploit collisions in hash functions based on the probability theorem. Specifically, the attack leverages the theorem named the birthday paradox problem where it’s stated that, when given ‘n’ people in a room, there is an increased possibility that some of them share the same birthday. By applying this theory against digital signature hash digests, a matched collision may be found for a given number.

Secure Socket Layer (SSL) Stripping

Secure Socket Layer (SSL) Stripping is a cryptographic cyber attack in which an attacker downgrades a user’s web connection from HTTPS to the less secure HTTP.

This circumvents the security that’s enforced by the SSL certificates found on sites using HTTPS.

HTTP Strict Transport Security

The HTTP Strict Transport Security (HSTS) response header can protect against SSL stripping attacks by forcing the server to respond with an HTTPS connection instead of HTTP.

Session Replay Attack

A Session Replay Attack is a cyber attack in which an attacker eavesdrops on a secure network, intercepts legitimate encrypted messages or information, then delays or resends (aka “replay”) the intercepted message to impersonate an authorized user to perform malicious activities.

This is dangerous because the attacker possesses a legitimate message they could use to trick others that they are a legitimate user.

Session-Replay-Prevention

Time-stamping tickets or requests, identifying suspicious languages or time zones, and using other device intelligence can help prevent Session Replay attacks.

Pass the Hash Attack

A Pass the Hash (PtH) Attack is when an attacker steals an accounts cached credentials (such as a hashed password) from a session or database so the attacker can use (“pass”) the credentials on another system.

In some cases, the attacker can use the hashed password to log into other systems that accept NTLM hashes as authentication credentials. This is often used for gaining lateral access to other systems on a network.

Pass the Hash Prevention

Pass the Hash attacks can be prevented by utilizing the Principle of Least Privilege, Password Management Systems, and Separation of Privilege models such as RBAC.

Principle of Least Privilege

The principle of least privilege says that applications and users should have the minimum permission and access to internal and external system resources required only for their function.

Initialization Vector Attack

Initialization Vector (IV) attacks are attacks in which the attacker is able to predict the IV used during an encryption process. By guessing the IV, an attacker may be enabled to access data that is supposed to be secure.