Security Theory
SQL Injection
"A SQL Injection attack consists of insertion or "injection"
of a SQL query via the input data from the client to the
application. A successful SQL injection exploit can read
sensitive data from the database, modify database data (Insert
/Update/Delete), execute administration operations on the
database (such as shutdown the DBMS), recover the content of a
given file present on the DBMS file system and in some cases
issue commands to the operating system. SQL injection attacks
are a type of injection attack, in which SQL commands are
injected into data-plane input in order to effect the
execution of predefined SQL commands."
-www.owasp.org
Cross-Site Scripting (XSS)
"Cross-Site Scripting (XSS) attacks are a type of injection, in which
malicious scripts are injected into otherwise benign and trusted web
sites. XSS attacks occur when an attacker uses a web application to
send malicious code, generally in the form of a browser side script,
to a different end user. Flaws that allow these attacks to succeed
are quite widespread and occur anywhere a web application uses input
from a user within the output it generates without validating or
encoding it.
XSS can be used by an attacker to send a malicious script to an unsuspecting
user.
The end user’s browser has no way to know that the script should not
be
trusted, and will execute the script. Because it thinks the script
came from
a trusted source, the malicious script can access any cookies,
session
tokens, or other sensitive information retained by the browser and
used with
that site. These scripts can even rewrite the content of the HTML
page."
-www.owasp.org
Cross-Site Request Forgery (CSRF)
"Cross-Site Request Forgery (CSRF) is an attack that forces an end
user to execute unwanted actions on a web application in which
they're currently authenticated. CSRF attacks specifically target
state-changing requests, not theft of data, since the attacker has no
way to see the response to the forged request. With a little help of
social engineering (such as sending a link via email or chat), an
attacker may trick the users of a web application into executing
actions of the attacker's choosing. If the victim is a normal user, a
successful CSRF attack can force the user to perform state changing
requests like transferring funds, changing their email address, and
so forth. If the victim is an administrative account, CSRF can
compromise the entire web application."
-www.owasp.org
Command Injection
"Command injection is an attack in which the goal is execution of
arbitrary commands on the host operating system via a vulnerable
application. Command injection attacks are possible when an
application passes unsafe user supplied data (forms, cookies, HTTP
headers etc.) to a system shell. In this attack, the
attacker-supplied operating system commands are usually executed with
the privileges of the vulnerable application. Command injection
attacks are possible largely due to insufficient input validation."
-www.owasp.org
Web Shell
"A web shell is a script that can be uploaded to a web server to
enable remote administration of the machine. Infected web servers can
be either Internet-facing or internal to the network, where the web
shell is used to pivot further to internal hosts."
-www.us-cert.gov
Path Traversal
"A path traversal attack (also known as directory traversal) aims to
access files and directories that are stored outside the web root
folder. By manipulating variables that reference files with
“dot-dot-slash (../)” sequences and its variations or by using
absolute file paths, it may be possible to access arbitrary files and
directories stored on file system including application source code
or configuration and critical system files. It should be noted that
access to files is limited by system operational access control (such
as in the case of locked or in-use files on the Microsoft Windows
operating system)."
-www.owasp.org
XML External Entity
"An XML External Entity attack is a type of attack against an
application that parses XML input.
This attack occurs when XML input containing a reference to an
external entity is processed by
a weakly configured XML parser. This attack may lead to the
disclosure of confidential data,
denial of service, server side request forgery, port scanning from
the perspective of the
machine where the parser is located, and other system impacts."
-www.owasp.org
Insecure Deserialization
"Insecure Deserialization is a vulnerability which occurs when
untrusted data is used to abuse the
logic of an application, inflict a denial of service (DoS) attack,
or even execute arbitrary code upon
it being deserialized. Web applications make use of serialization
and deserialization on a regular basis
and most programming languages even provide native features to
serialize data (especially into common formats like JSON and XML).
It’s frequently possible for an attacker to abuse these
deserialization features when the application is deserializing
untrusted
data which the attacker controls. Successful insecure
deserialization attacks could allow an attacker to carry out
denial-of-service (DoS) attacks, authentication bypasses, and
remote code execution attacks."
-www.acunetix.com
Cloud Security
Delivering IT services via the Cloud evolves out to be a time saver, a money saver and allow for better efficiencies but it poses a downside with the security of those services. Cloud essentiallly provides these services relying on virtualization technology. While virtualization reduces some security risks, others are increased because the attack surface in a Cloud service increases. The range can be broadly categorised into Hypervisor Security, isolation of network and its security, Data security(in trasnist and data at rest), security of Monitoring and Incident response.