SlideShare uma empresa Scribd logo

Web attacks

Transferir como PPT, PDF
H
husnara mohammad

Web attacks

Tecnologia
1 de 45
Attacks and VulnerabilitiesVulnerabilities
Topics of Discussion • Reconnaissance Gain information about a system • Vulnerabilities Attributes of a system that can be maliciously exploited • Attacks Procedures to exploit vulnerabilities Reference 1
Topics of Discussion Reconnaissance – War Dialing – War Driving – Port Scanning – Probing – Packet Sniffing
War Dialing (Reconnaissance) • Method Dial a range of phone numbers searching for modem • Motivation Locate potential targets • Detection Detection impossible outside of the telephony infrastructure • Defense Disconnect unessential modems from outgoing phone lines Reference 2
War Driving (Reconnaissance) • Method Surveillance of wireless signals in a region • Motivation Find wireless traffic • Detection Can only be detected by physical surveillance • Defense Limit geographic access to wireless signal Reference 3
Port Scanning (Reconnaissance) • Method Send out a SYN packet, check for response • Motivation Find potential targets • Detection Traffic analysis • Defense Close/silence ports Reference 4
Probing (Reconnaissance) • Method Send packets to ports • Motivation Find specific port information • Detection Traffic analysis • Defense Close/silence ports
Packet Sniffing (Reconnaissance) • Method Capture and analyze packets traveling across a network interface • Motivation Gain access to information traveling on the network • Detection None • Defense Use encryption to minimize cleartext on the network Reference 5
Topics of Discussion Vulnerabilities – Backdoors – Code Exploits – Eavesdropping – Indirect Attacks – Social Engineering
Backdoors (Vulnerabilities) • Bypass normal means of authentication • Hidden from casual inspection • Installed separately or integrated into software Reference 6
Code Exploits (Vulnerabilities) • Use of poor coding practices left uncaught by testing • Defense: In depth unit and integration testing
Eavesdropping (Vulnerability) • Data transmitted without encryption can be captured and read by parties other than the sender and receiver • Defense: Use of strong cryptography to minimize cleartext on the network
Indirect Attacks (Vulnerabilities) • Internet users’ machines can be infected with zombies and made to perform attacks • The puppet master is left undetected • Defense: Train internet users to prevent zombies and penalize zombie owners
Social Engineering (Vulnerability) • Manipulate the weakest link of cybersecurity – the user – to gain access to otherwise prohibited resources • Defense: Train personnel to resist the tactics of software engineering Reference 7
Topics of Discussion Attacks – Password Cracks – Web Attacks – Physical Attacks – Worms & Viruses – Logic Bomb – Buffer Overflow – Phishing – Bots, and Zombies – Spyware, Adware, and Malware – Hardware Keyloggers – Eavesdropping & Playback attacks – DDoS
Password Cracks: Brute Force • Method Trying all combinations of legal symbols as username/password pairs • Motivation Gain access to system • Detection Frequent attempts to authenticate • Defense Lockouts – temporary and permanent Reference 8
Password Cracks: Dictionary Attack • Method Trying all entries in a collection of strings • Motivation Gain access to system, faster than brute force • Detection Frequent attempts to authenticate • Defense – Lockouts – temporary and permanent – Complex passwords Reference 8
Password Cracks: Hybrid Attack • Method Trying all entries in a collection of strings adding numbers and symbols concatenating them with each other and or numbers • Motivation Gain access to system, faster than brute force, more likely than just dictionary attack • Detection Frequent attempts to authenticate • Defense Lockouts – temporary and permanent Reference 8
Password Cracks: l0phtcrack • Method Gain access to operating system’s hash table and perform cracking remotely • Motivation Gain access to system, cracking elsewhere – no lockouts • Detection Detecting reading of hash table • Defense Limit access to system Reference 8
Web Attacks: Source Viewing • Method Read source code for valuable information • Motivation Find passwords or commented out URL • Detection None • Defense None
Web Attacks: URL Modification • Method Manipulating URL to find pages not normally accessible • Motivation Gain access to normally private directories or pages • Detection Check website URL logs • Defense Add access requirements
Web Attacks: Post Data • Method Change post data to get desired results • Motivation Change information being sent in your favor • Detection None • Defense Verify post data on receiving end
Web Attacks: Database Attack • Method Sending dangerous queries to database • Motivation Denial of service • Detection Check database for strange records • Defense Filter database queries Reference 9
Web Attacks: Database Insertion • Method Form multiple queries to a database through forms • Motivation Insert information into a table that might be unsafe • Detection Check database logs • Defense Filter database queries, make them quotesafe Reference 9
Web Attacks: Meta Data • Method Use meta characters to make malicious input • Motivation Possibly reveal script or other useful information • Detection Website logs • Defense Filter input of meta characters Reference 10
Physical Attack: Damage • Method Attack the computer with an axe • Motivation Disable the computer • Detection Video Camera • Defense Locked doors and placed security guards
Physical Attack: Disconnect • Method Interrupt connection between two elements of the network • Motivation Disable the network • Detection Pings • Defense Locked doors and placed security guards
Physical Attack: Reroute • Method Pass network signal through additional devices • Motivation Monitor traffic or spoof a portion of the network • Detection Camera • Defense Locked doors and placed security guards
Physical Attack: Spoof MAC & IP • Method Identify MAC address of target and replicate • Motivation Deny target from receiving traffic • Detection Monitoring ARP requests and checking logs • Defense None as of now
Worms & Virus: File Infectors • Method Infects executables by inserting itself into them • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
Worms & Virus: Partition-sector Infectors • Method – Moves partition sector – Replaces with self – On boot executes and calls original information • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
Worms & Virus: Boot-sector virus • Method Replaces boot loader, and spreads to hard drive and floppies • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
Worms & Virus: Companion Virus • Method Locates executables and mimics names, changing the extensions • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
Worms & Virus: Macro Virus • Method Infects documents, when document is accessed, macro executes in application • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
Worms & Virus: Worms • Method Replicates • Motivation Variable motivations • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 11
Logic Bomb • Method Discreetly install “time bomb” and prevent detonation if necessary • Motivation Revenge, synchronized attack, securing get away • Detection Strange computer behavior • Defense – Keep and monitor logs – Monitor computer systems closely
Buffer Overflow • Method Pass too much information to the buffer with poor checking • Motivation Modify to information and/or execute arbitrary code • Detection Logs • Defense – Check input size before copying to buffer – Guard return address against overwrite – Invalidate stack to execute instructions Reference 12 & 13
Phishing • Method Request information from a mass audience, collect response from the gullible • Motivation Gain important information • Detection Careful examination of requests for information • Defense Distribute on a need to know basis
Bots & Zombies • Method Installed by virus or worm, allow remote unreserved access to the system • Motivation Gain access to additional resources, hiding your identity • Detection – Network analysis – Virus scans – Notice unusual behavior • Defense Install security patches and be careful what you download
Spyware, Adware, and Malware • Method Installed either willingly by the user via ActiveX or as part of a virus package • Motivation – Gain information about the user – Serve users advertisements • Detection – Network analysis – Abnormal computer behavior • Defense Virus / adware / spyware / malware scans
Hardware Keyloggers • Method Attach it to a computer • Motivation Record user names, passwords, and other private information • Detection Check physical connections • Defense Cameras and guards
Eavesdropping • Method – Record packets to the network – Attempt to decrypt encrypted packets • Motivation Gain access to user data • Detection None • Defense Strong cryptography
Playback Attack • Method – Record packets to the network – Resend packets without decryption • Motivation Mimic legitimate commands • Detection Network analysis • Defense Time stamps
DDoS: CPU attack • Method Send data that requires cryptography to process • Motivation Occupy the CPU preventing normal operations • Detection Network analysis • Defense None Reference 14
DDoS: Memory attack • Method Send data that requires the allocation of memory • Motivation Take up resources, crashing the server when they are exhausted • Detection Network analysis • Defense None Reference 14

Recomendados

Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
 
Anatomy Web Attack
Anatomy Web AttackAnatomy Web Attack
Anatomy Web AttackKelly Speiser
 
OWASP Top Ten 2017
OWASP Top Ten 2017OWASP Top Ten 2017
OWASP Top Ten 2017Michael Furman
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in PracticeSecurity Innovation
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Security Innovation
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 

Recomendados

Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
 
Anatomy Web Attack
Anatomy Web AttackAnatomy Web Attack
Anatomy Web AttackKelly Speiser
 
OWASP Top Ten 2017
OWASP Top Ten 2017OWASP Top Ten 2017
OWASP Top Ten 2017Michael Furman
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in PracticeSecurity Innovation
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Security Innovation
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerCiNPA Security SIG
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Vasan Ramadoss
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Application Security Tools
Application Security ToolsApplication Security Tools
Application Security ToolsLalit Kale
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentationAshwini Paranjpe
 
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseThe New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseSecurity Innovation
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesSathyanarayana Panduranga
 
OWASP TOP 10
OWASP TOP 10OWASP TOP 10
OWASP TOP 10Robert MacLean
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
Beyond the OWASP Top 10
Beyond the OWASP Top 10Beyond the OWASP Top 10
Beyond the OWASP Top 10iphonepentest
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Platform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building BetterPlatform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building BetterEqual Experts
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresAung Thu Rha Hein
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP CodingNarudom Roongsiriwong, CISSP
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceTjylen Veselyj
 
Behind The Scenes Of Web Attacks
Behind The Scenes Of Web AttacksBehind The Scenes Of Web Attacks
Behind The Scenes Of Web AttacksMaurizio Abbà
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 

Mais conteúdo relacionado

Mais procurados

Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerCiNPA Security SIG
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Vasan Ramadoss
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
Application Security Tools
Application Security ToolsApplication Security Tools
Application Security ToolsLalit Kale
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseThe New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseSecurity Innovation
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
Beyond the OWASP Top 10
Beyond the OWASP Top 10Beyond the OWASP Top 10
Beyond the OWASP Top 10iphonepentest
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Platform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building BetterPlatform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building BetterEqual Experts
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresAung Thu Rha Hein
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceTjylen Veselyj
 

Mais procurados (20)

Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
Application Security Tools
Application Security ToolsApplication Security Tools
Application Security Tools
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking Authentication
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
 
The New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the ChaseThe New OWASP Top Ten: Let's Cut to the Chase
The New OWASP Top Ten: Let's Cut to the Chase
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
OWASP TOP 10
OWASP TOP 10OWASP TOP 10
OWASP TOP 10
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security Testing
 
Beyond the OWASP Top 10
Beyond the OWASP Top 10Beyond the OWASP Top 10
Beyond the OWASP Top 10
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Platform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building BetterPlatform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building Better
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security Attacks
 
Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & Countermeasures
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
 

Destaque

Behind The Scenes Of Web Attacks
Behind The Scenes Of Web AttacksBehind The Scenes Of Web Attacks
Behind The Scenes Of Web AttacksMaurizio Abbà
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks Ajay Ohri
 
Trends in Web Attacks
Trends in Web AttacksTrends in Web Attacks
Trends in Web AttacksIWMW
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack PresentationKhoa Nguyen
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 

Destaque (9)

Behind The Scenes Of Web Attacks
Behind The Scenes Of Web AttacksBehind The Scenes Of Web Attacks
Behind The Scenes Of Web Attacks
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks
 
Trends in Web Attacks
Trends in Web AttacksTrends in Web Attacks
Trends in Web Attacks
 
Real web-attack-scenario
Real web-attack-scenarioReal web-attack-scenario
Real web-attack-scenario
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack Presentation
 
Hacking Web: Attacks & Tips
Hacking Web: Attacks & TipsHacking Web: Attacks & Tips
Hacking Web: Attacks & Tips
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 

Semelhante a Web attacks

PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPROIDEA
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohan Raj
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
Design and Analyze Secure Networked Systems - 1
Design and Analyze Secure Networked Systems - 1Design and Analyze Secure Networked Systems - 1
Design and Analyze Secure Networked Systems - 1Don Kim
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.pptssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.pptssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.pptssuserde23af
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacksgocybersec
 
hacking lecture 3c.ppt
hacking lecture 3c.ppthacking lecture 3c.ppt
hacking lecture 3c.pptpeter722626
 

Semelhante a Web attacks (20)

PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
ch18 ABCD.pdf
ch18 ABCD.pdfch18 ABCD.pdf
ch18 ABCD.pdf
 
Ethical hacking by shivam
Ethical hacking by shivamEthical hacking by shivam
Ethical hacking by shivam
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
 
Design and Analyze Secure Networked Systems - 1
Design and Analyze Secure Networked Systems - 1Design and Analyze Secure Networked Systems - 1
Design and Analyze Secure Networked Systems - 1
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Network sec 1
Network sec 1Network sec 1
Network sec 1
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacksCambodia CERT Seminar: Incident response for ransomeware attacks
Cambodia CERT Seminar: Incident response for ransomeware attacks
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacks
 
hacking lecture 3c.ppt
hacking lecture 3c.ppthacking lecture 3c.ppt
hacking lecture 3c.ppt
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Mais de husnara mohammad

Mais de husnara mohammad (16)

Ajax
AjaxAjax
Ajax
 
Log4e
Log4eLog4e
Log4e
 
Jsp intro
Jsp introJsp intro
Jsp intro
 
Hibernate
HibernateHibernate
Hibernate
 
J2EE
J2EEJ2EE
J2EE
 
Spring frame work
Spring frame workSpring frame work
Spring frame work
 
Java intro
Java introJava intro
Java intro
 
Php with my sql
Php with my sqlPhp with my sql
Php with my sql
 
Asp dot net
Asp dot netAsp dot net
Asp dot net
 
Hibernate introduction
Hibernate introductionHibernate introduction
Hibernate introduction
 
Selenium
SeleniumSelenium
Selenium
 
Sql introduction
Sql introductionSql introduction
Sql introduction
 
Ruby on Rails
Ruby on RailsRuby on Rails
Ruby on Rails
 
C++ basics
C++ basicsC++ basics
C++ basics
 
Ajax basic intro
Ajax basic introAjax basic intro
Ajax basic intro
 
Backbone js
Backbone jsBackbone js
Backbone js
 

Último

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Último (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Web attacks

  • 2. Topics of Discussion • Reconnaissance Gain information about a system • Vulnerabilities Attributes of a system that can be maliciously exploited • Attacks Procedures to exploit vulnerabilities Reference 1
  • 3. Topics of Discussion Reconnaissance – War Dialing – War Driving – Port Scanning – Probing – Packet Sniffing
  • 4. War Dialing (Reconnaissance) • Method Dial a range of phone numbers searching for modem • Motivation Locate potential targets • Detection Detection impossible outside of the telephony infrastructure • Defense Disconnect unessential modems from outgoing phone lines Reference 2
  • 5. War Driving (Reconnaissance) • Method Surveillance of wireless signals in a region • Motivation Find wireless traffic • Detection Can only be detected by physical surveillance • Defense Limit geographic access to wireless signal Reference 3
  • 6. Port Scanning (Reconnaissance) • Method Send out a SYN packet, check for response • Motivation Find potential targets • Detection Traffic analysis • Defense Close/silence ports Reference 4
  • 7. Probing (Reconnaissance) • Method Send packets to ports • Motivation Find specific port information • Detection Traffic analysis • Defense Close/silence ports
  • 8. Packet Sniffing (Reconnaissance) • Method Capture and analyze packets traveling across a network interface • Motivation Gain access to information traveling on the network • Detection None • Defense Use encryption to minimize cleartext on the network Reference 5
  • 9. Topics of Discussion Vulnerabilities – Backdoors – Code Exploits – Eavesdropping – Indirect Attacks – Social Engineering
  • 10. Backdoors (Vulnerabilities) • Bypass normal means of authentication • Hidden from casual inspection • Installed separately or integrated into software Reference 6
  • 11. Code Exploits (Vulnerabilities) • Use of poor coding practices left uncaught by testing • Defense: In depth unit and integration testing
  • 12. Eavesdropping (Vulnerability) • Data transmitted without encryption can be captured and read by parties other than the sender and receiver • Defense: Use of strong cryptography to minimize cleartext on the network
  • 13. Indirect Attacks (Vulnerabilities) • Internet users’ machines can be infected with zombies and made to perform attacks • The puppet master is left undetected • Defense: Train internet users to prevent zombies and penalize zombie owners
  • 14. Social Engineering (Vulnerability) • Manipulate the weakest link of cybersecurity – the user – to gain access to otherwise prohibited resources • Defense: Train personnel to resist the tactics of software engineering Reference 7
  • 15. Topics of Discussion Attacks – Password Cracks – Web Attacks – Physical Attacks – Worms & Viruses – Logic Bomb – Buffer Overflow – Phishing – Bots, and Zombies – Spyware, Adware, and Malware – Hardware Keyloggers – Eavesdropping & Playback attacks – DDoS
  • 16. Password Cracks: Brute Force • Method Trying all combinations of legal symbols as username/password pairs • Motivation Gain access to system • Detection Frequent attempts to authenticate • Defense Lockouts – temporary and permanent Reference 8
  • 17. Password Cracks: Dictionary Attack • Method Trying all entries in a collection of strings • Motivation Gain access to system, faster than brute force • Detection Frequent attempts to authenticate • Defense – Lockouts – temporary and permanent – Complex passwords Reference 8
  • 18. Password Cracks: Hybrid Attack • Method Trying all entries in a collection of strings adding numbers and symbols concatenating them with each other and or numbers • Motivation Gain access to system, faster than brute force, more likely than just dictionary attack • Detection Frequent attempts to authenticate • Defense Lockouts – temporary and permanent Reference 8
  • 19. Password Cracks: l0phtcrack • Method Gain access to operating system’s hash table and perform cracking remotely • Motivation Gain access to system, cracking elsewhere – no lockouts • Detection Detecting reading of hash table • Defense Limit access to system Reference 8
  • 20. Web Attacks: Source Viewing • Method Read source code for valuable information • Motivation Find passwords or commented out URL • Detection None • Defense None
  • 21. Web Attacks: URL Modification • Method Manipulating URL to find pages not normally accessible • Motivation Gain access to normally private directories or pages • Detection Check website URL logs • Defense Add access requirements
  • 22. Web Attacks: Post Data • Method Change post data to get desired results • Motivation Change information being sent in your favor • Detection None • Defense Verify post data on receiving end
  • 23. Web Attacks: Database Attack • Method Sending dangerous queries to database • Motivation Denial of service • Detection Check database for strange records • Defense Filter database queries Reference 9
  • 24. Web Attacks: Database Insertion • Method Form multiple queries to a database through forms • Motivation Insert information into a table that might be unsafe • Detection Check database logs • Defense Filter database queries, make them quotesafe Reference 9
  • 25. Web Attacks: Meta Data • Method Use meta characters to make malicious input • Motivation Possibly reveal script or other useful information • Detection Website logs • Defense Filter input of meta characters Reference 10
  • 26. Physical Attack: Damage • Method Attack the computer with an axe • Motivation Disable the computer • Detection Video Camera • Defense Locked doors and placed security guards
  • 27. Physical Attack: Disconnect • Method Interrupt connection between two elements of the network • Motivation Disable the network • Detection Pings • Defense Locked doors and placed security guards
  • 28. Physical Attack: Reroute • Method Pass network signal through additional devices • Motivation Monitor traffic or spoof a portion of the network • Detection Camera • Defense Locked doors and placed security guards
  • 29. Physical Attack: Spoof MAC & IP • Method Identify MAC address of target and replicate • Motivation Deny target from receiving traffic • Detection Monitoring ARP requests and checking logs • Defense None as of now
  • 30. Worms & Virus: File Infectors • Method Infects executables by inserting itself into them • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
  • 31. Worms & Virus: Partition-sector Infectors • Method – Moves partition sector – Replaces with self – On boot executes and calls original information • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
  • 32. Worms & Virus: Boot-sector virus • Method Replaces boot loader, and spreads to hard drive and floppies • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
  • 33. Worms & Virus: Companion Virus • Method Locates executables and mimics names, changing the extensions • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
  • 34. Worms & Virus: Macro Virus • Method Infects documents, when document is accessed, macro executes in application • Motivation Damage files and spread • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 10
  • 35. Worms & Virus: Worms • Method Replicates • Motivation Variable motivations • Detection Virus scan or strange computer behavior • Defense Antivirus, being cautious on the internet Reference 11
  • 36. Logic Bomb • Method Discreetly install “time bomb” and prevent detonation if necessary • Motivation Revenge, synchronized attack, securing get away • Detection Strange computer behavior • Defense – Keep and monitor logs – Monitor computer systems closely
  • 37. Buffer Overflow • Method Pass too much information to the buffer with poor checking • Motivation Modify to information and/or execute arbitrary code • Detection Logs • Defense – Check input size before copying to buffer – Guard return address against overwrite – Invalidate stack to execute instructions Reference 12 & 13
  • 38. Phishing • Method Request information from a mass audience, collect response from the gullible • Motivation Gain important information • Detection Careful examination of requests for information • Defense Distribute on a need to know basis
  • 39. Bots & Zombies • Method Installed by virus or worm, allow remote unreserved access to the system • Motivation Gain access to additional resources, hiding your identity • Detection – Network analysis – Virus scans – Notice unusual behavior • Defense Install security patches and be careful what you download
  • 40. Spyware, Adware, and Malware • Method Installed either willingly by the user via ActiveX or as part of a virus package • Motivation – Gain information about the user – Serve users advertisements • Detection – Network analysis – Abnormal computer behavior • Defense Virus / adware / spyware / malware scans
  • 41. Hardware Keyloggers • Method Attach it to a computer • Motivation Record user names, passwords, and other private information • Detection Check physical connections • Defense Cameras and guards
  • 42. Eavesdropping • Method – Record packets to the network – Attempt to decrypt encrypted packets • Motivation Gain access to user data • Detection None • Defense Strong cryptography
  • 43. Playback Attack • Method – Record packets to the network – Resend packets without decryption • Motivation Mimic legitimate commands • Detection Network analysis • Defense Time stamps
  • 44. DDoS: CPU attack • Method Send data that requires cryptography to process • Motivation Occupy the CPU preventing normal operations • Detection Network analysis • Defense None Reference 14
  • 45. DDoS: Memory attack • Method Send data that requires the allocation of memory • Motivation Take up resources, crashing the server when they are exhausted • Detection Network analysis • Defense None Reference 14