Web Application Attacks

Web application attacks are malicious activities that target web applications by exploiting
vulnerabilities in their design or implementation.

These attacks can result in unauthorized access, data theft, or other harmful consequences.

Common types of web application attacks include SQL injection, cross-site scripting (XSS), cross-
site request forgery (CSRF), and file inclusion attacks.

Attackers may use automated tools or manually craft their attacks to bypass security measures
and gain access to sensitive information or systems.

Organizations can prevent or mitigate web application attacks by implementing strong security
measures, such as input validation, user authentication, and regular vulnerability testing.

[Link] banu , Associate Professor, SCOPE, VIT University

Consequences of Web Application
Attacks
Data breaches: Attackers may gain unauthorized access to sensitive data, such as personal information, financial
data, or intellectual property, leading to data breaches. This can result in severe financial, reputational, and legal
consequences for the affected organization.

Identity theft: Attackers may steal personal information during web application attacks, leading to identity theft.
Victims of identity theft may face financial losses, credit issues, and time-consuming recovery processes.

Financial loss: Web application attacks may lead to direct financial losses for businesses, either through theft of
funds, fraud, or the costs associated with remediation and recovery.

Damage to reputation: A successful web application attack can damage an organization’s reputation, leading to
loss of customer trust, negative publicity, and reduced business opportunities.
Legal consequences: Organizations that fail to protect their web applications may face legal consequences, such as
fines, lawsuits, or regulatory penalties, particularly if the attack results in a data breach involving personal
information.
Business disruption: Web application attacks can disrupt business operations by causing system downtime,
impacting the availability of online services, or compromising critical infrastructure.
[Link] banu , Associate Professor, SCOPE, VIT University
Application Attacks
1. Cross site Scripting(XSS)
2. Cross site Request forgery(CSRF)
3. XML external entity(XXE)
4. SQL injection
5. Fuzz testing
6. DDOS –Distributed Denial of Service
7. Brut Force
8. Path traversal

[Link] banu , Associate Professor, SCOPE, VIT University

Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is a type of web application attack that involves injecting malicious
scripts into web pages that are viewed by other users.

This is typically accomplished by injecting the script into a form input field or URL parameter
that is then stored in the web application’s database.

When another user views the page that contains the malicious script, the script is executed in
their browser, allowing the attacker to steal data or perform other malicious actions on the
user’s behalf.

XSS attacks can be prevented by properly sanitizing user input, using content security policy
(CSP) headers, and escaping untrusted data.

[Link] banu , Associate Professor, SCOPE, VIT University

Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) is a type of web application attack that tricks a user into
executing an unwanted action on a web application that they are already authenticated
with.

This is typically accomplished by sending a specially crafted link or script to the user, which
then performs the unwanted action when clicked.

For example, a CSRF attack could be used to make unauthorized purchases or change
account settings.

CSRF attacks can be prevented by using anti-CSRF tokens, which are unique tokens that are
generated by the web application for each user session and must be included in every
request to the application.

[Link] banu , Associate Professor, SCOPE, VIT University

Cross-Site Request Forgery (CSRF)

[Link] banu , Associate Professor, SCOPE, VIT University

XML External Entity (XXE)
XML External Entity (XXE) is a type of web application attack that involves exploiting
vulnerabilities in XML parsers used by a web application.

This can allow an attacker to read sensitive data or execute unauthorized actions on the
web application’s server.

XXE attacks typically involve injecting specially crafted XML payloads that exploit the XML
parser’s ability to read external entities.

XXE attacks can be prevented by disabling external entity parsing or using secure XML
parsers that properly sanitize input data.

[Link] banu , Associate Professor, SCOPE, VIT University

XML External Entity (XXE)

[Link] banu , Associate Professor, SCOPE, VIT University

Injection Attacks
Injection attacks involve inserting malicious code into a web application, typically in the
form of input data such as SQL queries, commands, or scripts.

Injection attacks are successful when an application fails to properly validate and sanitize
input data.

These attacks can be prevented by properly validating and sanitizing input data and
using parameterized queries to access databases

[Link] banu , Associate Professor, SCOPE, VIT University

Injection Attacks

[Link] banu , Associate Professor, SCOPE, VIT University

Fuzz Testing
Fuzz testing, also known as fuzzing, is a technique used to discover vulnerabilities in a web
application by sending it random or invalid input data.

The goal of fuzz testing is to identify how the web application responds to different inputs and to
find errors and crashes.

Fuzz testing can be performed manually or with the help of automated tools.

Fuzz testing can uncover vulnerabilities that may not be detected by other security testing
methods such as penetration testing.

To perform effective fuzz testing, a tester needs to understand the web application’s input and
output mechanisms and the types of data that the application processes.
[Link] banu , Associate Professor, SCOPE, VIT University
Fuzz Testing

[Link] banu , Associate Professor, SCOPE, VIT University

DDoS (Distributed Denial-of-Service)
A Distributed Denial-of-Service (DDoS) attack is a type of web application attack that
involves overwhelming a web application with a large volume of traffic from multiple
sources, such as botnets or compromised devices.

This can cause the web application to become unavailable to legitimate users.

DDoS attacks can be prevented by using network security devices, such as firewalls and
intrusion prevention systems, that can detect and block malicious traffic.

Additionally, web application developers can use content delivery networks (CDNs) and
load balancers to distribute traffic across multiple servers to help mitigate the effects of
DDoS attacks.

[Link] banu , Associate Professor, SCOPE, VIT University

DDoS (Distributed Denial-of-Service)

[Link] banu , Associate Professor, SCOPE, VIT University

Brute Force Attack

A brute force attack is an automated method of guessing a username and password

combination to gain unauthorized access to a web application.

Attackers use software tools to try different combinations of usernames and passwords until
they successfully guess the correct one.

To prevent brute force attacks, web applications can implement rate-limiting and account
lockout policies.

Rate-limiting limits the number of login attempts from a single IP address, while account
lockout temporarily blocks access to an account after a certain number of failed login
attempts.
Brute Force Attack

[Link] banu , Associate Professor, SCOPE, VIT University

Path Traversal[catalog crossing]
Path traversal is a type of web application attack that involves manipulating file
paths in a web application in order to access unauthorized files or directories
on the server.

Path traversal attacks typically occur when a web application does not properly
validate user input, allowing an attacker to traverse up and down directory
structures to access sensitive files.

Path traversal attacks can be prevented by properly validating user input and
sanitizing file paths, as well as using secure file access methods that restrict
access to sensitive files and directories.
[Link] banu , Associate Professor, SCOPE, VIT University
Path Traversal

[Link] banu , Associate Professor, SCOPE, VIT University

Web Application Security
Strategies
Secure coding practices: Adopt secure coding practices, such as the OWASP(Open Source
Foundation for Application Security) Top 10 guidelines, to ensure that web applications are
built with security in mind. This includes measures like input validation, output encoding,
and secure authentication mechanisms.

Regular security testing: Perform regular security testing, such as penetration testing and
vulnerability scanning, to identify and address security vulnerabilities in web applications.

Access control: Implement access controls to ensure that only authorized users can access
sensitive data or functionality within web applications. This includes measures like role-
based access control and multi-factor authentication.

[Link] banu , Associate Professor, SCOPE, VIT University

Secure communication: Use secure communication protocols, such as HTTPS, to ensure that data transmitted
between web applications and users is encrypted and protected from interception.

Server and network security: Implement server and network security measures, such as firewalls and intrusion
detection systems, to protect web applications from attacks like DDoS and SQL injection.

Regular updates and patches: Keep web applications and supporting software up-to-date with the latest security
patches and updates to address known vulnerabilities.

User education: Educate users on best practices for safe web browsing, such as avoiding clicking on suspicious
links or downloading attachments from unknown sources.

Incident response planning: Develop and test incident response plans to ensure that web application security
incidents are identified and addressed in a timely and effective manner.

[Link] banu , Associate Professor, SCOPE, VIT University

Case study

Make a Case Study on Microsoft Outage on July 19, 2024 and answer the
following.

What was the Outage?

What is Crowd Strike Falcon?
Is this a Cyber attack?
Reasons for the Outage?
Root Cause Analysis
Recovery time and impact
Impact on various industry sector- explain
Risk Assessment
Recent Attacks

https://
[Link]/resources/cyberglossary/recent-cyber-attacks

https://
[Link]/news/security/2024/10-major-cyberattacks-and-data-b
reaches-in-2024-so-far?page=4