Jetzt loslegen. Gratis!
oder registrieren mit Ihrer E-Mail-Adresse
ATTACKS von Mind Map: ATTACKS

1. SMURF a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address.

2. SYN FLOOD ATTACK a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic

3. SESSION HIJACKING ATTACK session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session

4. Web application vulnerabilities & countermeasure: 1. Cookie poisoning and snooping 2. SQL injection 3. Command injection 4.Buffer overflow 5.Authentication hijacking 6.Directory traversal/Unicode

4.1. Cookie poisoning and snooping Cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft.

4.2. SQL injection SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

4.3. Command injection Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application.

4.4. Buffer overflow A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.

4.5. Authentication hijacking Session hijacking is accomplished most commonly through the use of cross-site scripting (XSS), which when successful can grab the session token/key and send it to a waiting attacker. The attacker can then use the session token as if they were the original authenticated user, bypassing authentication controls and accessing the application.

4.6. Directory traversal/Unicode A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.

5. Physical Countermeasure -Lock screen server