PACE-IT, Security+3.5: Types of Application Attacks (part 2)

Types of application attacks II.

Page 2

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Page 3


– A goal of application attacks.

– Divulging weaknesses in some applications.

PACE-IT.

Page 4

A goal of application attacks.Types of application attacks II.

Page 5

A goal of application attacks.

Often, the hacker’s goal when attacking an application is to create the ability to execute arbitrary code remotely.

Arbitrary, in this sense, refers to the fact that the application was not designed to execute the code. If the attacker can gain this ability, the code will often be executed at an administrative account level.Arbitrary code execution/remote code execution represents an extreme security risk, as it often has the ability to make changes to the underlying system. When this occurs, it can be difficult to discover and stop.


Page 6

Divulging weaknesses in some applications.Types of application attacks II.

Page 7

Divulging weaknesses in some applications.

– Cookie.» Text file that Web developers use to store information

about users (on the user’s local system).• If captured, the cookies may reveal sensitive

information about either the user or the website, which can lead to an exploit.

– Flash cookie/Locally Shared Object (LSO).

» A method that Adobe Flash programmers use to store information on a user’s computer.

• LSOs can be used to track a user’s Internet activity and represent a threat to privacy.

» Most LSOs remain on a user’s system, even if all other cookies are deleted.

– Attachment.» A file attachment is a document or application that is

attached to an email message.• Is a commonly used threat vector used to deliver

malicious applications.


Page 8


– Malicious add-on.» An add-on is software that is installed into browsers to

allow for additional features.• If the add-on causes a deterioration in browser

performance, it can be considered malicious.» Some add-ons can exploit vulnerabilities present in the

browser, creating a security threat; these can be considered malicious.

– Header manipulation.» Hackers can modify the header data of an application

in order to change how the application functions.• Can be used to modify how a Web server processes

information.• Can be used on file headers to conceal information.


Page 9


Session hijacking usually combines both a network and an application attack.

With session hijacking, the hacker waits until a communication channel has been opened between at least two parties (e.g., an administrator signs in to a Web server) and then disconnects one of the parties and inserts herself/himself into the communication channel.The attacker typically uses a DoS (denial of service) type attack to disconnect one of the parties. Once inserted into the communication flow, the hacker attempts to gain control of either sensitive information or of the application itself.


Page 10

What was covered.Types of application attacks II.

Often, the goal of an application attack is to create the ability to execute arbitrary code remotely. Arbitrary code/remote code execution represents an extreme security threat, as the code execution usually occurs at the administrative level. This can lead to the hacker being able to make changes to the underlying system.

Topic

A goal of application attacks.

Summary

Some threats that are present in applications include: cookies—text files used to store user information, Flash cookies/LSOs—code used by Adobe Flash programmers to store user information, attachments—documents or applications attached to email messages, malicious add-ons—software that is added to Web browsers, and header manipulation—hackers modify the header data of applications. Session hijacking typically combines a network attack with an application attack.


Page 11

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.