Web Security Cheat Sheet
posted by John Spacey, February 28, 2011A quick cheat sheet of web security threats.
Eavesdropping
Spying on someone who is using a website to steal data, passwords etc... Eavesdropping may be physical or electronic.Packet Sniffing
Viewing messages between a user's browser and a website. Website traffic may traverse public or unsecured networks — unencrypted http traffic can easily be viewed by third parties. Unencrypted Wifi connections are often the target of Packet Sniffers.Spam
Annoying or fraudulent bulk email that is often used to steal website credentials.DNS Poisoning
The Domain Name System (DNS) is like a phone book for the internet. It maps domain names to IP addresses. DNS servers are distributed — most networks have their own DNS. DNS Poisoning occurs when attackers gain access to a DNS server and change domains to point to their own sites.IP Spoofing
IP packets can easily be changed to appear to be from a different IP.Man in the Middle Attacks
A form of eavesdropping where the attacker gets in the middle of a conversation between two victims. The victims think they are talking to each other but in fact they are both talking to the man in the middle.Cross-site Scripting
Injection of client-side scripts into web pages. Attackers find a vulnerability in a website that allows them to place their own client side code into pages.SQL Injection
User input that that causes the server to execute embedded SQL code.Malicious Bots
Web robots that attack a website — stealing content, automatically creating accounts, posting spam etc...Phishing
Fake websites designed to steal data such as passwords. Often used in conjunction with spam or DNS poisoning.Malware
A catch-all term for all malicious software — viruses, trojan horses, spyware, adware, scareware, crimeware and any unwanted programs that get installed without user permission.Worms
Self-replicating malware.Compromised Keys
Stolen encryption keys make encrypted data readable to third parties.Compromised Passwords
Passwords are often stolen by malware or phishing sites. Passwords may also be guessed by web robots using lists of common passwords.Data Modification
Changing data such as http headers to deceive a target website. IP Spoofing is one example of data modification.Denial-of-Service Attack
Causing a website to go down by making a large number of requests to the site. Usually responses are ignored — so that the attacker is using far less resources than the victim site.When multiple computers are involved in the attack it is referred to as a Distributed Denial-of-Service (DDos) attack. Often zombie computers that have been taken over by malware are used in DDos attacks.
Cross-site Request Forgery
Exploits the trust that a site has in a user's browser by tricking that browser or user into submitting requests.Example: a website about golf that puts links to a bank website into their pages. The user clicks the links thinking that they are navigating the golf website but in fact they made requests to their banking site. The banking site trusts the user's browser (session cookies) and executes the requests.
Malicious File Execution
Hostile data in user uploaded files.Buffer Overflow
A buffer overflow occurs when a program puts too much data in an area of memory.Buffer overflow is one of the most common threats to web sites. Attackers send data to the application that is designed to trigger the buffer overflow.
Buffer overflow can corrupt data, crash the website or cause the execution of malicious code.
Integer Overflow
Inputting unexpected integer values such as negative integers or very large numbers. Integer overflow can cause a website to crash or have unexpected behaviour.Content Spoofing
User input that injects content into a website such as links to other sites.LDAP Injection
User input that that causes the server to execute embedded LDAP commands.Mail Command Injection
User input that that causes the server to execute embedded mail commands.OS Commanding
User input that that causes the server to execute embedded operating system commands.Path Traversal
Manipulating URLs to cause the web site to expose contents of directories or execute files on the server.Predictable Resource Location
Finding hidden web server resources such as temp files, backup files, administration tools, logs,configuration files, demos and samples. Such resources may expose vulnerabilities that can be exploited.Abuse of Functionality
Leveraging the functionality of the web site itself in an attack. Example: using password recovery functions to steal credentials etc..Fingerprinting
Profiling the web server (often with automated tools) to discover vulnerabilities and avenues of attack.Null Byte Poisoning
Adding URL-encoded null byte characters to user input. Null bytes are often used as string termination points or delimiter characters by system level functions. Null byte poisoning can change the behaviour of the website or allow the attacker to run malicious commands on the server.Brute Force
Brute force attacks involve automatic, repeated attempts to guess encryption keys, passwords or vulnerabilities.Tip of the Iceberg
The security threats listed here are just the tip of the iceberg. There are thousands of security threats to web servers and many variations of each threat. New threats are evolving all the time.
|
CxO level executives are demanding metrics for EA — can you deliver? |
|
Learn about common root causes of security risks. |
|
This is the way to prove to your stakeholders that your recommendations are not just whims. |
|
Learn about the 10 most important patterns for SOA success. |
Recently on Simplicable
| Do "Real" Architects Dislike Technology Architecture?posted by Anna MarGo to any job site and query architect — you'll be hard pressed to find the adverts for construction architects in the sea of job postings for technology architects. |
| 101 Game Design Principles for Social Mediaposted by Anna MarThe convergence of social media, software and gaming. |
| Business Capability Mapposted by Anna MarThe most important diagram in all of business architecture — without it your EA efforts are in vain. |
| 101 Principles of Enterprise Architectureposted by Anna MarThis is the way to prove to your stakeholders that your recommendations are not just whims. |
