Server side web applications

attacks
Web server

 Web servers are where websites are stored.

 They are computers that run an operating system and are connected to a database to run
multiple applications.
 A web server’s primary responsibility is to show website content by storing, processing,
and distributing web pages to users.
Web Server Attack:

 Any attempt by a malicious actor to undermine the security of a Web-based application is

referred to as a Web Application Attack or Web Server Attack. 
 Web application attacks can either target the application itself in order to get access to
sensitive data, or they can use the application as a staging area for attacks against the
program’s users.
Major web server and web application attacks

 Denial-of-Service (DoS) / Distributed Denial-of-service (DDoS)

 Cross-site scripting (XSS)
 SQL injection
 Cross site request forgery
 MITM Attack
1. DENIAL-OF-SERVICE (DOS) / DISTRIBUTED
DENIAL-OF-SERVICE (DDOS): 

 Denial of Service is when an internet hacker causes the web to provide a response to a
large number of requests.
 This causes the server to slow down or crash and users authorized to use the server will be
denied service or access.
1. DENIAL-OF-SERVICE (DOS) / DISTRIBUTED
DENIAL-OF-SERVICE (DDOS): 

 A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims
to render a computer or other device unavailable to its intended users by interrupting the
device's normal functioning. DoS attacks typically function by overwhelming or flooding a
targeted machine with requests until normal traffic is unable to be processed, resulting in
denial-of-service to addition users. A DoS attack is characterized by using a single
computer to launch the attack.
 A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from
many distributed sources, such as a botnet DDoS attack.
 Government services, credit card companies under large corporations are common victims
of this type of attack
How does a DoS attack work?

 The primary focus of a DoS attack is to oversaturate the capacity of a targeted machine,
resulting in denial-of-service to additional requests.
 The multiple attack vectors of DoS attacks can be grouped by their similarities.
What is the difference between a DDoS
attack and a DOS attack?
 The distinguishing difference between DDoS and DoS is the number of connections
utilized in the attack. Some DoS attacks, such as “low and slow” attacks like Slowloris,
derive their power in the simplicity and minimal requirements needed to them be effective.
 DoS utilizes a single connection, while a DDoS attack utilizes many sources of attack
traffic, often in the form of a botnet. Generally speaking, many of the attacks are
fundamentally similar and can be attempted using one more many sources of malicious
traffic..
DoS attacks typically fall in 2 categories:

 Buffer overflow attacks

 An attack type in which a memory buffer overflow can cause a machine to consume all available hard
disk space, memory, or CPU time. This form of exploit often results in sluggish behavior, system
crashes, or other deleterious server behaviors, resulting in denial-of-service.
 Flood attacks
 By saturating a targeted server with an overwhelming amount of packets, a malicious actor is able to
oversaturate server capacity, resulting in denial-of-service. In order for most DoS flood attacks to be
successful, the malicious actor must have more available bandwidth than the target.
What are some historically significant DoS
attacks?
 A few common historic DoS attacks include:
 Smurf attack - a previously exploited DoS attack in which a malicious actor utilizes the
broadcast address of vulnerable network by sending spoofed packets, resulting in the
flooding of a targeted IP address.
 Ping flood - this simple denial-of-service attack is based on overwhelming a target with 
ICMP (ping) packets. By inundating a target with more pings than it is able to respond to
efficiently, denial-of-service can occur. This attack can also be used as a DDoS attack.
 Ping of Death - often conflated with a ping flood attack, a ping of death attack involves
sending a malformed packet to a targeted machine, resulting in deleterious behavior such
as system crashes.
How can you tell if a computer is
experiencing a DoS attack?
 While it can be difficult to separate an attack from other network connectivity errors or
heavy bandwidth consumption, some characteristics may indicate an attack is underway.
 Indicators of a DoS attack include:
 Atypically slow network performance such as long load times for files or websites
 The inability to load a particular website such as your web property
 A sudden loss of connectivity across devices on the same network
 cross-site scripting (XSS)

Server side web applications attacks

What is cross-site scripting (XSS)?

 Cross-site scripting (also known as XSS) is a web security vulnerability that allows an
attacker to compromise the interactions that users have with a vulnerable application.
 Cross-site scripting (XSS) is an attack where the attacker attaches code onto a legitimate
website that will execute when the victim loads the website. That malicious code can be
inserted in several ways. Most popularly, it is either added to the end of a url or posted
directly onto a page that displays user-generated content. In more technical terms, cross-
site scripting is a client-side code injection attack.
How does XSS work?

 Cross-site scripting works by manipulating a vulnerable web site so that it returns

malicious JavaScript to users. When the malicious code executes inside a victim's browser,
the attacker can fully compromise their interaction with the application.
What are the types of XSS attacks?

 There are three main types of XSS attacks. These are:

 Reflected XSS, where the malicious script comes from the current HTTP request.
 Stored XSS, where the malicious script comes from the website's database.
 DOM-based XSS, where the vulnerability exists in client-side code rather than server-side
code.
What can XSS be used for?

 Impersonate or masquerade as the victim user.

 Carry out any action that the user is able to perform.
 Read any data that the user is able to access.
 Capture the user's login credentials.
 Perform virtual defacement of the web site.
 Inject trojan functionality into the web site.
How to prevent XSS attacks

 Filter input on arrival. At the point where user input is received, filter as strictly as possible
based on what is expected or valid input.
 Encode data on output. At the point where user-controllable data is output in HTTP
responses, encode the output to prevent it from being interpreted as active content. Depending
on the output context, this might require applying combinations of HTML, URL, JavaScript,
and CSS encoding.
 Use appropriate response headers. To prevent XSS in HTTP responses that aren't
intended to contain any HTML or JavaScript, you can use the Content-Type and X-
Content-Type-Options headers to ensure that browsers interpret the responses in the
way you intend.
 Content Security Policy. As a last line of defense, you can use Content Security Policy (CSP)
to reduce the severity of any XSS vulnerabilities that still occur.
SQL injection(SQLI)
Server side web applications attacks
What is SQL injection (SQLi)?

 SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere
with the queries that an application makes to its database. It generally allows an attacker to
view data that they are not normally able to retrieve. This might include data belonging to
other users, or any other data that the application itself is able to access. In many cases, an
attacker can modify or delete this data, causing persistent changes to the application's
content or behavior.
How to detect SQL injection vulnerabilities

 The majority of SQL injection vulnerabilities can be found quickly and reliably using Burp
Suite's web vulnerability scanner.
 Submitting the single quote character ' and looking for errors or other anomalies.
 Submitting some SQL-specific syntax that evaluates to the base (original) value of
the entry point, and to a different value, and looking for systematic differences in
the resulting application responses.
 Submitting Boolean conditions such as OR 1=1 and OR 1=2, and looking for
differences in the application's responses.
Types of SQL Injection Attacks

 Classic (In-Band)
 Blind
 Out-of-Band
Preventing a SQL Injection Attack

 Use parameterized queries:

 Validate all data
 Use stored procedures:
 Restrict the access privileges of the database user
 Escape the input fields
 Use non-standard names for tables and columns