SlideShare a Scribd company logo

Most Common Application Level Attacks

Download as PPTX, PDF
EC-Council, profile picture
EC-Council

The document outlines the most common application-level attacks, including SQL injection, cross-site scripting (XSS), parameter tampering, directory traversal, denial-of-service (DoS), session hijacking, and cross-site request forgery (CSRF). It emphasizes the significant risks posed by these attacks, such as unauthorized access to sensitive data and disruption of application interactions. Each type of attack is briefly described, highlighting its method and potential impact on security.

Education
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
Copyright EC-Council 2020. All Rights Reserved.​ Certified Application Security Engineer (CASE) Most Common Application Level Attacks
SQL Injection Attack Cross-Site Scripting (XSS) Attacks Parameter Tampering DirectoryTraversal Denial-of-Service (DoS) Attack Session Attacks Cross-Site Request Forgery (CSRF) Attack Most Common Application Level Attacks
SQL Injection Attack: Most of the prominent data breaches that occur today have been the outcomes of an SQL Injection attack, which has led to regulatory penalties and reputational damages. An effective SQL Injection attack can lead to unapproved access to delicate data, including credit card information, PINs, or other private information regarding a customer.
Cross-Site Scripting (XSS) Attack: This attack disrupts the interaction between users and vulnerable applications. It is based on client-side code injection. The attacker inserts malicious scripts into a legit application to alter its original intention.
Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Parameter Tampering
File path traversal is also known as directory traversal or backtracking. The primary objective of this web application attack is to access files and directories which are not placed under the ‘root directory’. Directory Traversal
It is a type of cyberattack that occurs when an attacker seeks to render a computer or other networks inaccessible to its authorized users by momentarily or permanently interrupting the normal operations of a host linked to the Internet. Denial-of-Service (DoS) Attack DoS
Session hijacking is an attack over user sessions by masquerading as an authorized user. It is generally applicable to browser sessions and web applications hacking. You can understand session hijacking as a form of Man- in-the-Middle (MITM) attack. Session Attack:
Cross site request forgery — also known as CSRF or XSRF — is one of the web-related security threats on the OWASP top-ten list. The main principle behind a CSRF attack is exploitation of a site’s trust for a particular user, clandestinely utilizing the user’s authentication data. Cross-Site Request forgery ( CSRF) Attack:
To Learn More, Visit - https://www.eccouncil.org/programs/certified-application-security-engineer-case/
THANK YOU!

More Related Content

PPTX
What's new in​ CEHv11?
EC-Council
 
PPTX
Types of Malware (CEH v11)
EC-Council
 
PPTX
Web server security challenges
Martins Chibuike Onuoha
 
PPTX
Attack lecture #2 ppt
vasanthimuniasamy
 
PDF
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
PPT
Ch03 Network and Computer Attacks
phanleson
 
PPT
Types of attacks and threads
srivijaymanickam
 
PPT
Software Security Testing
srivinayak
 
What's new in​ CEHv11?
EC-Council
 
Types of Malware (CEH v11)
EC-Council
 
Web server security challenges
Martins Chibuike Onuoha
 
Attack lecture #2 ppt
vasanthimuniasamy
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
Ch03 Network and Computer Attacks
phanleson
 
Types of attacks and threads
srivijaymanickam
 
Software Security Testing
srivinayak
 

What's hot (20)

PPTX
Top 10 web server security flaws
tobybear30
 
PPTX
Web Server Web Site Security
Steven Cahill
 
PPT
this is test for today
DreamMalar
 
PPTX
Network attacks
Manjushree Mashal
 
PDF
Web Server Security Guidelines
webhostingguy
 
PPTX
Malicion software
A. Shamel
 
PDF
Phishing Attacks: A Challenge Ahead
eLearning Papers
 
PPTX
Access control attacks by Yaakub bin Idris
Hafiza Abas
 
PPTX
Security vulnerability
A. Shamel
 
PPTX
ETHICAL HACKING PPT
Sweta Leena Panda
 
PPT
Information security
Sathyanarayana Panduranga
 
PDF
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Software Guru
 
PPTX
External Attacks Against Pivileged Accounts
Lindsay Marsh
 
PDF
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
BeyondTrust
 
PPTX
Security Testing
BOSS Webtech
 
PPTX
Types of cyber attacks
krishh sivakrishna
 
PDF
Security in Computing and IT
Komalah Nair
 
PDF
Alert logic anatomy owasp infographic
CMR WORLD TECH
 
PPTX
Ethical Hacking
Mazenetsolution
 
PPT
Watch Your Back: Let’s Talk Web Safety and Personal Identity Theft
Schipul - The Web Marketing Company
 
Top 10 web server security flaws
tobybear30
 
Web Server Web Site Security
Steven Cahill
 
this is test for today
DreamMalar
 
Network attacks
Manjushree Mashal
 
Web Server Security Guidelines
webhostingguy
 
Malicion software
A. Shamel
 
Phishing Attacks: A Challenge Ahead
eLearning Papers
 
Access control attacks by Yaakub bin Idris
Hafiza Abas
 
Security vulnerability
A. Shamel
 
ETHICAL HACKING PPT
Sweta Leena Panda
 
Information security
Sathyanarayana Panduranga
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Software Guru
 
External Attacks Against Pivileged Accounts
Lindsay Marsh
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
BeyondTrust
 
Security Testing
BOSS Webtech
 
Types of cyber attacks
krishh sivakrishna
 
Security in Computing and IT
Komalah Nair
 
Alert logic anatomy owasp infographic
CMR WORLD TECH
 
Ethical Hacking
Mazenetsolution
 
Watch Your Back: Let’s Talk Web Safety and Personal Identity Theft
Schipul - The Web Marketing Company
 
Ad

Similar to Most Common Application Level Attacks (20)

PDF
Recent cyber Attacks
S.M. Towhidul Islam
 
PPTX
webapplicationattacks-101005070110-phpapp02.pptx
SyedAliShahid3
 
PPTX
Major Web Sever Threat.pptx
SANDEEPVISHWAKARMA425010
 
PDF
Are you fighting_new_threats_with_old_weapons
Bhargav Modi
 
PPTX
Types of Cyber Attacks
Rubal Sagwal
 
PDF
Web application sec_3
vhimsikal
 
PDF
Web Application Security Tips
tcellsn
 
PDF
Study of Web Application Attacks & Their Countermeasures
idescitation
 
PDF
cyber security
Naveed Ahmed Siddiqui
 
PPTX
LECTURE-DEC-6_web-application-attacks (1).pptx
JhonFrancisDuarte
 
PPTX
Cyber Security Acronyms Glossary.pptx
SmartScanner
 
PDF
The most Common Website Security Threats
HTS Hosting
 
PPTX
cryptography .pptx
RRamyaDevi
 
PDF
Preventing Web-Proxy Based DDoS using Request Sequence Frequency
IOSR Journals
 
PDF
K017135461
IOSR Journals
 
PDF
XSS, LFI & CSRF vulnerabilities
CTM360
 
PPTX
DOS attack.pptx
HrudayBGowda
 
PPTX
Web security landscape Unit 3 part 2
Dr. SURBHI SAROHA
 
PPTX
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Boston Institute of Analytics
 
PPT
CROSS SITE SCRIPTING.ppt
yashvirsingh48
 
Recent cyber Attacks
S.M. Towhidul Islam
 
webapplicationattacks-101005070110-phpapp02.pptx
SyedAliShahid3
 
Major Web Sever Threat.pptx
SANDEEPVISHWAKARMA425010
 
Are you fighting_new_threats_with_old_weapons
Bhargav Modi
 
Types of Cyber Attacks
Rubal Sagwal
 
Web application sec_3
vhimsikal
 
Web Application Security Tips
tcellsn
 
Study of Web Application Attacks & Their Countermeasures
idescitation
 
cyber security
Naveed Ahmed Siddiqui
 
LECTURE-DEC-6_web-application-attacks (1).pptx
JhonFrancisDuarte
 
Cyber Security Acronyms Glossary.pptx
SmartScanner
 
The most Common Website Security Threats
HTS Hosting
 
cryptography .pptx
RRamyaDevi
 
Preventing Web-Proxy Based DDoS using Request Sequence Frequency
IOSR Journals
 
K017135461
IOSR Journals
 
XSS, LFI & CSRF vulnerabilities
CTM360
 
DOS attack.pptx
HrudayBGowda
 
Web security landscape Unit 3 part 2
Dr. SURBHI SAROHA
 
Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF
Boston Institute of Analytics
 
CROSS SITE SCRIPTING.ppt
yashvirsingh48
 
Ad

More from EC-Council (20)

PPTX
Skills that make network security training easy
EC-Council
 
PPTX
Can Cloud Solutions Transform Network Security
EC-Council
 
PPTX
What makes blockchain secure: Key Characteristics & Security Architecture
EC-Council
 
PPTX
6 Most Popular Threat Modeling Methodologies
EC-Council
 
PPTX
Journey from CCNA to Certified Network Defender v2
EC-Council
 
PDF
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
EC-Council
 
PPTX
Red Team vs. Blue Team
EC-Council
 
PDF
Why Threat Intelligence Is a Must for Every Organization?
EC-Council
 
PDF
Why Digital Forensics as a Career?
EC-Council
 
PPTX
Cryptography in Blockchain
EC-Council
 
PPTX
A Brief Introduction to Penetration Testing
EC-Council
 
PPTX
Computer Hacking Forensic Investigator - CHFI
EC-Council
 
PPTX
Pasta Threat Modeling
EC-Council
 
PPTX
Blockchain: Fundamentals & Opportunities​
EC-Council
 
PPTX
Cybersecurity Audit
EC-Council
 
PPTX
Third Party Risk Management
EC-Council
 
PPTX
Types of malware threats
EC-Council
 
PPTX
Business Continuity & Disaster Recovery
EC-Council
 
PPTX
Threat Intelligence Data Collection & Acquisition
EC-Council
 
PPTX
Information Security Management
EC-Council
 
Skills that make network security training easy
EC-Council
 
Can Cloud Solutions Transform Network Security
EC-Council
 
What makes blockchain secure: Key Characteristics & Security Architecture
EC-Council
 
6 Most Popular Threat Modeling Methodologies
EC-Council
 
Journey from CCNA to Certified Network Defender v2
EC-Council
 
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
EC-Council
 
Red Team vs. Blue Team
EC-Council
 
Why Threat Intelligence Is a Must for Every Organization?
EC-Council
 
Why Digital Forensics as a Career?
EC-Council
 
Cryptography in Blockchain
EC-Council
 
A Brief Introduction to Penetration Testing
EC-Council
 
Computer Hacking Forensic Investigator - CHFI
EC-Council
 
Pasta Threat Modeling
EC-Council
 
Blockchain: Fundamentals & Opportunities​
EC-Council
 
Cybersecurity Audit
EC-Council
 
Third Party Risk Management
EC-Council
 
Types of malware threats
EC-Council
 
Business Continuity & Disaster Recovery
EC-Council
 
Threat Intelligence Data Collection & Acquisition
EC-Council
 
Information Security Management
EC-Council
 

Recently uploaded (20)

PPTX
CARE OF UNCONSCIOUS PATIENTS .pptx
AneetaSharma15
 
PPTX
Tips Management in Odoo 18 POS - Odoo Slides
Celine George
 
PPTX
PROTIEN ENERGY MALNUTRITION: NURSING MANAGEMENT.pptx
PRADEEP ABOTHU
 
PDF
Health-The-Ultimate-Treasure (1).pdf/8th class science curiosity /samyans edu...
Sandeep Swamy
 
PPTX
HEALTH CARE DELIVERY SYSTEM - UNIT 2 - GNM 3RD YEAR.pptx
Priyanshu Anand
 
PPTX
Sonnet 130_ My Mistress’ Eyes Are Nothing Like the Sun By William Shakespear...
DhatriParmar
 
PPTX
How to Manage Leads in Odoo 18 CRM - Odoo Slides
Celine George
 
PPTX
Python-Application-in-Drug-Design by R D Jawarkar.pptx
Rahul Jawarkar
 
PPTX
BASICS IN COMPUTER APPLICATIONS - UNIT I
suganthim28
 
PPTX
Information Texts_Infographic on Forgetting Curve.pptx
Tata Sevilla
 
PPTX
INTESTINALPARASITES OR WORM INFESTATIONS.pptx
PRADEEP ABOTHU
 
PPTX
How to Apply for a Job From Odoo 18 Website
Celine George
 
PDF
What is CFA?? Complete Guide to the Chartered Financial Analyst Program
sp4989653
 
PPTX
Kanban Cards _ Mass Action in Odoo 18.2 - Odoo Slides
Celine George
 
PPTX
CDH. pptx
AneetaSharma15
 
PPTX
Virus sequence retrieval from NCBI database
yamunaK13
 
PPTX
Introduction to pediatric nursing in 5th Sem..pptx
AneetaSharma15
 
PPTX
How to Track Skills & Contracts Using Odoo 18 Employee
Celine George
 
PDF
Virat Kohli- the Pride of Indian cricket
kushpar147
 
PPTX
Five Point Someone – Chetan Bhagat | Book Summary & Analysis by Bhupesh Kushwaha
Bhupesh Kushwaha
 
CARE OF UNCONSCIOUS PATIENTS .pptx
AneetaSharma15
 
Tips Management in Odoo 18 POS - Odoo Slides
Celine George
 
PROTIEN ENERGY MALNUTRITION: NURSING MANAGEMENT.pptx
PRADEEP ABOTHU
 
Health-The-Ultimate-Treasure (1).pdf/8th class science curiosity /samyans edu...
Sandeep Swamy
 
HEALTH CARE DELIVERY SYSTEM - UNIT 2 - GNM 3RD YEAR.pptx
Priyanshu Anand
 
Sonnet 130_ My Mistress’ Eyes Are Nothing Like the Sun By William Shakespear...
DhatriParmar
 
How to Manage Leads in Odoo 18 CRM - Odoo Slides
Celine George
 
Python-Application-in-Drug-Design by R D Jawarkar.pptx
Rahul Jawarkar
 
BASICS IN COMPUTER APPLICATIONS - UNIT I
suganthim28
 
Information Texts_Infographic on Forgetting Curve.pptx
Tata Sevilla
 
INTESTINALPARASITES OR WORM INFESTATIONS.pptx
PRADEEP ABOTHU
 
How to Apply for a Job From Odoo 18 Website
Celine George
 
What is CFA?? Complete Guide to the Chartered Financial Analyst Program
sp4989653
 
Kanban Cards _ Mass Action in Odoo 18.2 - Odoo Slides
Celine George
 
CDH. pptx
AneetaSharma15
 
Virus sequence retrieval from NCBI database
yamunaK13
 
Introduction to pediatric nursing in 5th Sem..pptx
AneetaSharma15
 
How to Track Skills & Contracts Using Odoo 18 Employee
Celine George
 
Virat Kohli- the Pride of Indian cricket
kushpar147
 
Five Point Someone – Chetan Bhagat | Book Summary & Analysis by Bhupesh Kushwaha
Bhupesh Kushwaha
 

Most Common Application Level Attacks

  • 1. Copyright EC-Council 2020. All Rights Reserved.​ Certified Application Security Engineer (CASE) Most Common Application Level Attacks
  • 2. SQL Injection Attack Cross-Site Scripting (XSS) Attacks Parameter Tampering DirectoryTraversal Denial-of-Service (DoS) Attack Session Attacks Cross-Site Request Forgery (CSRF) Attack Most Common Application Level Attacks
  • 3. SQL Injection Attack: Most of the prominent data breaches that occur today have been the outcomes of an SQL Injection attack, which has led to regulatory penalties and reputational damages. An effective SQL Injection attack can lead to unapproved access to delicate data, including credit card information, PINs, or other private information regarding a customer.
  • 4. Cross-Site Scripting (XSS) Attack: This attack disrupts the interaction between users and vulnerable applications. It is based on client-side code injection. The attacker inserts malicious scripts into a legit application to alter its original intention.
  • 5. Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Parameter Tampering
  • 6. File path traversal is also known as directory traversal or backtracking. The primary objective of this web application attack is to access files and directories which are not placed under the ‘root directory’. Directory Traversal
  • 7. It is a type of cyberattack that occurs when an attacker seeks to render a computer or other networks inaccessible to its authorized users by momentarily or permanently interrupting the normal operations of a host linked to the Internet. Denial-of-Service (DoS) Attack DoS
  • 8. Session hijacking is an attack over user sessions by masquerading as an authorized user. It is generally applicable to browser sessions and web applications hacking. You can understand session hijacking as a form of Man- in-the-Middle (MITM) attack. Session Attack:
  • 9. Cross site request forgery — also known as CSRF or XSRF — is one of the web-related security threats on the OWASP top-ten list. The main principle behind a CSRF attack is exploitation of a site’s trust for a particular user, clandestinely utilizing the user’s authentication data. Cross-Site Request forgery ( CSRF) Attack:
  • 10. To Learn More, Visit - https://www.eccouncil.org/programs/certified-application-security-engineer-case/