Systems and Security : Attacks, Threats, and Vulnerabilities

1.3 Application Attacks and Indicators

1. Privilege escalation
2. Cross-site scripting
3. Pointer/object dereference
4. Directory traversal
5. Buffer overflows

1. Privilege escalation: A type of attack in which an attacker gains access to a system or application with higher privileges than they were initially granted. This can allow an attacker to perform unauthorized actions or access sensitive information.

2. Cross-Site Scripting (XSS): A type of security vulnerability that occurs when an attacker injects malicious code into a web page viewed by other users. This can allow the attacker to steal sensitive information, manipulate the appearance of the web page, or perform other malicious activities.

3. Pointer/Object Dereference: A type of security vulnerability that occurs when a program accesses memory that it was not intended to access. This can lead to unexpected behavior or a crash, and in some cases, allow an attacker to execute arbitrary code.

4. Directory Traversal: A type of attack that exploits a vulnerability in the way a web server handles requests for files. An attacker can manipulate the request to access files outside of the intended directory, potentially gaining access to sensitive information or executing malicious code.

5. Buffer Overflows: A type of security vulnerability that occurs when a program attempts to store data in a buffer (a temporary storage area) that is too small to hold the data. This can cause the program to overwrite adjacent memory locations, potentially allowing an attacker to execute arbitrary code.

Preventing these types of attacks requires implementing secure coding practices, using proper input validation and sanitization techniques, and regularly testing systems for vulnerabilities through penetration testing and security audits.

Race conditions - Time of check/time of use

1. Race Conditions: A type of security vulnerability that occurs when multiple threads of execution access the same shared resources simultaneously. This can cause unpredictable behavior or incorrect results, and in some cases, allow an attacker to manipulate data or execute malicious code.

2. Time of Check/Time of Use (TOCTOU): A type of security vulnerability that occurs when a program checks the state of a resource (such as a file) and then acts on that resource, without ensuring that the state of the resource remains unchanged in between the check and the action. This can allow an attacker to manipulate the resource and cause unexpected behavior.

Preventing these types of attacks requires using proper synchronization techniques to ensure that multiple threads of execution access shared resources in a controlled manner, and regularly testing systems for race conditions through penetration testing and security audits.

Error handling and Improper input handling

1. Error Handling: Error handling refers to the way in which a software application deals with unexpected or exceptional events that may occur during its execution. Improper error handling can lead to vulnerabilities such as information disclosure, system crashes, or the execution of arbitrary code.

2. Improper Input Handling: Improper input handling occurs when a software application does not validate or sanitize user input correctly. This can lead to vulnerabilities such as buffer overflows, cross-site scripting (XSS), or SQL injection attacks.

Preventing these types of attacks requires careful attention to error handling and input validation, including verifying input data types, length, and format, encoding and escaping user input, and sanitizing user input to remove any potentially malicious content. It is also important to implement proper error handling and exception management in applications to minimize the impact of unexpected events and to prevent the leakage of sensitive information.