SlideShare a Scribd company logo

PACE-IT, Security+3.5: Types of Application Attacks (part 2)

Download as PPTX, PDF
Pace IT at Edmonds Community College
Pace IT at Edmonds Community College

CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)

Education
1 of 12
Types of application attacks II.
Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications  PC Hardware  Network Administration  IT Project Management  Network Design  User Training  IT Troubleshooting Qualifications Summary Education  M.B.A., IT Management, Western Governor’s University  B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
Page 3 – A goal of application attacks. – Divulging weaknesses in some applications. PACE-IT.
Page 4 Types of application attacks II.
Page 5 Often, the hacker’s goal when attacking an application is to create the ability to execute arbitrary code remotely. Arbitrary, in this sense, refers to the fact that the application was not designed to execute the code. If the attacker can gain this ability, the code will often be executed at an administrative account level. Arbitrary code execution/remote code execution represents an extreme security risk, as it often has the ability to make changes to the underlying system. When this occurs, it can be difficult to discover and stop. Types of application attacks II.
Page 6 Types of application attacks II.
Page 7 – Cookie. » Text file that Web developers use to store information about users (on the user’s local system). • If captured, the cookies may reveal sensitive information about either the user or the website, which can lead to an exploit. – Flash cookie/Locally Shared Object (LSO). » A method that Adobe Flash programmers use to store information on a user’s computer. • LSOs can be used to track a user’s Internet activity and represent a threat to privacy. » Most LSOs remain on a user’s system, even if all other cookies are deleted. – Attachment. » A file attachment is a document or application that is attached to an email message. • Is a commonly used threat vector used to deliver malicious applications. Types of application attacks II.
Page 8 – Malicious add-on. » An add-on is software that is installed into browsers to allow for additional features. • If the add-on causes a deterioration in browser performance, it can be considered malicious. » Some add-ons can exploit vulnerabilities present in the browser, creating a security threat; these can be considered malicious. – Header manipulation. » Hackers can modify the header data of an application in order to change how the application functions. • Can be used to modify how a Web server processes information. • Can be used on file headers to conceal information. Types of application attacks II.
Page 9 Session hijacking usually combines both a network and an application attack. With session hijacking, the hacker waits until a communication channel has been opened between at least two parties (e.g., an administrator signs in to a Web server) and then disconnects one of the parties and inserts herself/himself into the communication channel. The attacker typically uses a DoS (denial of service) type attack to disconnect one of the parties. Once inserted into the communication flow, the hacker attempts to gain control of either sensitive information or of the application itself. Types of application attacks II.
Page 10 Types of application attacks II. Often, the goal of an application attack is to create the ability to execute arbitrary code remotely. Arbitrary code/remote code execution represents an extreme security threat, as the code execution usually occurs at the administrative level. This can lead to the hacker being able to make changes to the underlying system. Topic A goal of application attacks. Summary Some threats that are present in applications include: cookies—text files used to store user information, Flash cookies/LSOs—code used by Adobe Flash programmers to store user information, attachments—documents or applications attached to email messages, malicious add-ons—software that is added to Web browsers, and header manipulation—hackers modify the header data of applications. Session hijacking typically combines a network attack with an application attack. Divulging weaknesses in some applications.
Page 11 THANK YOU!
This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

Recommended

PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host SecurityPACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College
 
PACE-IT: Physical Network Security Control
PACE-IT: Physical Network Security ControlPACE-IT: Physical Network Security Control
PACE-IT: Physical Network Security Control
Pace IT at Edmonds Community College
 

Recommended

PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host SecurityPACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College
 
PACE-IT: Physical Network Security Control
PACE-IT: Physical Network Security ControlPACE-IT: Physical Network Security Control
PACE-IT: Physical Network Security Control
Pace IT at Edmonds Community College
 
Pace IT - Common Security Threats
Pace IT - Common Security ThreatsPace IT - Common Security Threats
Pace IT - Common Security Threats
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
Pace IT at Edmonds Community College
 
PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)
Pace IT at Edmonds Community College
 
PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
Pace IT at Edmonds Community College
 
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.6: Security Enhancement Techniques
PACE-IT, Security+3.6: Security Enhancement TechniquesPACE-IT, Security+3.6: Security Enhancement Techniques
PACE-IT, Security+3.6: Security Enhancement Techniques
Pace IT at Edmonds Community College
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and Training
Pace IT at Edmonds Community College
 
PACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related ConceptsPACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related Concepts
Pace IT at Edmonds Community College
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
Pace IT at Edmonds Community College
 
PACE-IT: Common Network Vulnerabilities
PACE-IT: Common Network VulnerabilitiesPACE-IT: Common Network Vulnerabilities
PACE-IT: Common Network Vulnerabilities
Pace IT at Edmonds Community College
 
PACE-IT: IT Security Measures
PACE-IT: IT Security MeasuresPACE-IT: IT Security Measures
PACE-IT: IT Security Measures
Pace IT at Edmonds Community College
 
PACE-IT: Network Hardening Techniques (part 3)
PACE-IT: Network Hardening Techniques (part 3)PACE-IT: Network Hardening Techniques (part 3)
PACE-IT: Network Hardening Techniques (part 3)
Pace IT at Edmonds Community College
 
PACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic ConceptsPACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic Concepts
Pace IT at Edmonds Community College
 
PACE-IT, Security + 5.1: Summary of Authentication Services
PACE-IT, Security + 5.1: Summary of Authentication ServicesPACE-IT, Security + 5.1: Summary of Authentication Services
PACE-IT, Security + 5.1: Summary of Authentication Services
Pace IT at Edmonds Community College
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud Concepts
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and TechniquesPACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
Pace IT at Edmonds Community College
 

More Related Content

What's hot

What's hot (20)

Pace IT - Common Security Threats
Pace IT - Common Security ThreatsPace IT - Common Security Threats
Pace IT - Common Security Threats
 
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
 
PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)
 
PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)
 
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
 
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
 
PACE-IT, Security+3.6: Security Enhancement Techniques
PACE-IT, Security+3.6: Security Enhancement TechniquesPACE-IT, Security+3.6: Security Enhancement Techniques
PACE-IT, Security+3.6: Security Enhancement Techniques
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
 
PACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and Training
 
PACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related ConceptsPACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related Concepts
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
PACE-IT: Common Network Vulnerabilities
PACE-IT: Common Network VulnerabilitiesPACE-IT: Common Network Vulnerabilities
PACE-IT: Common Network Vulnerabilities
 
PACE-IT: IT Security Measures
PACE-IT: IT Security MeasuresPACE-IT: IT Security Measures
PACE-IT: IT Security Measures
 
PACE-IT: Network Hardening Techniques (part 3)
PACE-IT: Network Hardening Techniques (part 3)PACE-IT: Network Hardening Techniques (part 3)
PACE-IT: Network Hardening Techniques (part 3)
 
PACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic ConceptsPACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic Concepts
 
PACE-IT, Security + 5.1: Summary of Authentication Services
PACE-IT, Security + 5.1: Summary of Authentication ServicesPACE-IT, Security + 5.1: Summary of Authentication Services
PACE-IT, Security + 5.1: Summary of Authentication Services
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud Concepts
 

Viewers also liked

Viewers also liked (14)

PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
 
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and TechniquesPACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
 
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 1)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 1)PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 1)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 1)
 
PACE-IT, Security+ 4.4: Controls to Ensure Data Security
PACE-IT, Security+ 4.4: Controls to Ensure Data SecurityPACE-IT, Security+ 4.4: Controls to Ensure Data Security
PACE-IT, Security+ 4.4: Controls to Ensure Data Security
 
PACE-IT, Security+ 6.2: Cryptographic Methods (part 1)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 1)PACE-IT, Security+ 6.2: Cryptographic Methods (part 1)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 1)
 
PACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security ControlsPACE-IT, Security+2.9: Goals of Security Controls
PACE-IT, Security+2.9: Goals of Security Controls
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
PACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment ToolsPACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment Tools
 
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen TestingPACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
 
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 2)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 2)PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 2)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 2)
 
PACE-IT, Security + 5.3: Security Controls for Account Management
PACE-IT, Security + 5.3: Security Controls for Account ManagementPACE-IT, Security + 5.3: Security Controls for Account Management
PACE-IT, Security + 5.3: Security Controls for Account Management
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 

Similar to PACE-IT, Security+3.5: Types of Application Attacks (part 2)

Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
malbert5
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
toltonkendal
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
Octogence
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docx
healdkathaleen
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
technext1
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
Rishu Mehra
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
Editor IJMTER
 

Similar to PACE-IT, Security+3.5: Types of Application Attacks (part 2) (20)

Research Paper
Research PaperResearch Paper
Research Paper
 
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration
 
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
 
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdfHOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
HOW TO SECURE WEB AND APP DEVELOPMENT USER DATA SECURITY.pdf
 
Running head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docxRunning head Cryptography1Cryptography16.docx
Running head Cryptography1Cryptography16.docx
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
 

Recently uploaded

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
ssuserdda66b
 

Recently uploaded (20)

Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 

PACE-IT, Security+3.5: Types of Application Attacks (part 2)

  • 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications  PC Hardware  Network Administration  IT Project Management  Network Design  User Training  IT Troubleshooting Qualifications Summary Education  M.B.A., IT Management, Western Governor’s University  B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
  • 3. Page 3 – A goal of application attacks. – Divulging weaknesses in some applications. PACE-IT.
  • 4. Page 4 Types of application attacks II.
  • 5. Page 5 Often, the hacker’s goal when attacking an application is to create the ability to execute arbitrary code remotely. Arbitrary, in this sense, refers to the fact that the application was not designed to execute the code. If the attacker can gain this ability, the code will often be executed at an administrative account level. Arbitrary code execution/remote code execution represents an extreme security risk, as it often has the ability to make changes to the underlying system. When this occurs, it can be difficult to discover and stop. Types of application attacks II.
  • 6. Page 6 Types of application attacks II.
  • 7. Page 7 – Cookie. » Text file that Web developers use to store information about users (on the user’s local system). • If captured, the cookies may reveal sensitive information about either the user or the website, which can lead to an exploit. – Flash cookie/Locally Shared Object (LSO). » A method that Adobe Flash programmers use to store information on a user’s computer. • LSOs can be used to track a user’s Internet activity and represent a threat to privacy. » Most LSOs remain on a user’s system, even if all other cookies are deleted. – Attachment. » A file attachment is a document or application that is attached to an email message. • Is a commonly used threat vector used to deliver malicious applications. Types of application attacks II.
  • 8. Page 8 – Malicious add-on. » An add-on is software that is installed into browsers to allow for additional features. • If the add-on causes a deterioration in browser performance, it can be considered malicious. » Some add-ons can exploit vulnerabilities present in the browser, creating a security threat; these can be considered malicious. – Header manipulation. » Hackers can modify the header data of an application in order to change how the application functions. • Can be used to modify how a Web server processes information. • Can be used on file headers to conceal information. Types of application attacks II.
  • 9. Page 9 Session hijacking usually combines both a network and an application attack. With session hijacking, the hacker waits until a communication channel has been opened between at least two parties (e.g., an administrator signs in to a Web server) and then disconnects one of the parties and inserts herself/himself into the communication channel. The attacker typically uses a DoS (denial of service) type attack to disconnect one of the parties. Once inserted into the communication flow, the hacker attempts to gain control of either sensitive information or of the application itself. Types of application attacks II.
  • 10. Page 10 Types of application attacks II. Often, the goal of an application attack is to create the ability to execute arbitrary code remotely. Arbitrary code/remote code execution represents an extreme security threat, as the code execution usually occurs at the administrative level. This can lead to the hacker being able to make changes to the underlying system. Topic A goal of application attacks. Summary Some threats that are present in applications include: cookies—text files used to store user information, Flash cookies/LSOs—code used by Adobe Flash programmers to store user information, attachments—documents or applications attached to email messages, malicious add-ons—software that is added to Web browsers, and header manipulation—hackers modify the header data of applications. Session hijacking typically combines a network attack with an application attack. Divulging weaknesses in some applications.
  • 12. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.