Understanding Network Security Fundamentals and Common Web Application Attacks

Slide Note
Embed
Share

Learn about the basics of network security, including common web application attacks such as Cross-Site Scripting (XSS), SQL Injection, and Session Hijacking. Explore important concepts like cookies, markup languages, and ways to enhance security to protect against cyber threats.

amalthea
amalthea Follow

Uploaded on Jul 17, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Network Security Network Security Fundamentals 2 Fundamentals 2 Carrie Estes Collin Donaldson

  2. Application Attacks Zero day attacks zero day Web application attacks Signing up for a class Hardening the web server Enhancing the security May not prevent against web attacks Protecting the network Traditional network security devices can block traditional attacks, but not always web app attacks

  3. Cross-Site Scripting (XSS) Injects scripts into a web app server Direct attacks at clients Does not attack web app to steal content or deface it Victim goes to website, instructions sent to victims computer, instructions execute Requires two criteria It accepts input from the user without validation It uses the input in a response without encoding it

  4. SQL Injection Structured Query Language View and manipulate data in a relational database Targets SQL servers Attacker using SQL would braden.thomas@fakemail.com If Email address unknown pops up, entries are being filtered If Server failure pops up, entries are not being filtered

  5. Markup Languages A markup language is a method for adding annotations to the text so that the additions can be distinguished from the text itself HTML is also a markup language It uses tags embedded in brackets so the browser can format correctly Extensible Markup Language XML carries data and tags are user made XML and SQL injection attacks are very similar A specific type is Xpath injection Attempts to exploit XML Path Language queries that are built from user input

  6. Cookies First Party Cookie Persistent Cookie Third Party Cookie Secure Cookie Session Cookie

  7. Session Hijacking An attack in which an attacker attempts to impersonate the user by using his session token. An attacker can eavesdrop on the transmission to steal the session token cookie. A second option is to attempt to guess the session token cookie. Session Token: A form of verification used when accessing a secure web application.

  8. Buffer Overflow attacks A buffer overflow occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. Attackers use buffer overflow to compromise a computer.

  9. Network Attacks Denial of Service: Makes attempts to keep a computer from performing its normal functions. DDOS attack: Uses multiple computers. Ping flood: Uses the ICMP to flood the victim with packets. The computer is overwhelmed and cannot respond quickly enough. This causes it to drop legitimate connections to other clients. Smurf attack: An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target.

  10. Man in the middle attack Angie is a high school student She is doing poorly in math class Her teacher sends her parents a letter Angie waits for the letter and replaces it with a different letter Her teacher wonders why her parents do not respond to having a conference.

  11. Vulnerability Assessment Asset Identification Threat Evaluation Risk mitigation Diminish the risk Transfer the risk Accept the risk

Related


Types Cyber Attacks: Cyber Security Training Workshop

Types Cyber Attacks: Cyber Security Training Workshop

anara
Understanding Network Denial of Service (DoS) Attacks

Understanding Network Denial of Service (DoS) Attacks

zahra
Cybersecurity Challenges: Attacks on Web Applications and Cost of Security Breaches

Cybersecurity Challenges: Attacks on Web Applications and Cost of Security Breaches

hari
Understanding Malicious Attacks, Threats, and Vulnerabilities in IT Security

Understanding Malicious Attacks, Threats, and Vulnerabilities in IT Security

ciel
Understanding Web Security Fundamentals in Networking

Understanding Web Security Fundamentals in Networking

klara
Mitigation of DMA-based Rowhammer Attacks on ARM

Mitigation of DMA-based Rowhammer Attacks on ARM

baylee
Principles of Cyber Security

Principles of Cyber Security

gillian
OWASP Bricks - Web Application Security Learning Platform

OWASP Bricks - Web Application Security Learning Platform

aleia
Managing Covid-19 Cyber and Data Protection Risks

Managing Covid-19 Cyber and Data Protection Risks

kaisen
Understanding Denial-of-Service Attacks and Defense Strategies

Understanding Denial-of-Service Attacks and Defense Strategies

delphi
Preventing Active Timing Attacks in Low-Latency Anonymous Communication

Preventing Active Timing Attacks in Low-Latency Anonymous Communication

kmike
Overview of Computer and Network Security Fundamentals

Overview of Computer and Network Security Fundamentals

menaal
Web App Security: Common Attacks and Preventive Measures

Web App Security: Common Attacks and Preventive Measures

drake
Understanding Security Onion: Network Security Monitoring Tools

Understanding Security Onion: Network Security Monitoring Tools

sadhbh
Understanding Control Hijacking Attacks in Software Systems

Understanding Control Hijacking Attacks in Software Systems

kit_631
BCA 601(N): Computer Network Security

BCA 601(N): Computer Network Security

danna
Understanding Network Security: Hijacking, Denial of Service, and IDS

Understanding Network Security: Hijacking, Denial of Service, and IDS

sally
Effective Method to Protect Web Servers Against Breach Attacks

Effective Method to Protect Web Servers Against Breach Attacks

birr_tt
Exploring the Fundamentals of Web Engineering

Exploring the Fundamentals of Web Engineering

smcli
Adversarial Machine Learning

Adversarial Machine Learning

caterina
Python-Based Model for SQL Injection and Web Application Security

Python-Based Model for SQL Injection and Web Application Security

rebel
Understanding Control Hijacking Attacks and Defenses

Understanding Control Hijacking Attacks and Defenses

dawn_o
Understanding Web Hosting and Server Types

Understanding Web Hosting and Server Types

trac_189
Progress of Network Architecture Work in FG IMT-2020

Progress of Network Architecture Work in FG IMT-2020

lonan

More Related Content

Understanding the Fundamentals of Web Front-End Development
Understanding the Fundamentals of Web Front-End Development
Network Slicing with OAI 5G CN Workshop Overview
Network Slicing with OAI 5G CN Workshop Overview
Understanding Weird Logs in Zeek for Network Security Analysis
Understanding Weird Logs in Zeek for Network Security Analysis
Understanding Adversarial Machine Learning Attacks
Understanding Adversarial Machine Learning Attacks
Understanding Snort: An Open-Source Network Intrusion Detection System
Understanding Snort: An Open-Source Network Intrusion Detection System
Understanding Computer Security Principles and Practices
Understanding Computer Security Principles and Practices
Understanding Internet Basics and Web Browsers
Understanding Internet Basics and Web Browsers
Attacks on Fully Random 64QAM Sounding Signal in IEEE 802.11-20/0964r0
Attacks on Fully Random 64QAM Sounding Signal in IEEE 802.11-20/0964r0
Adversarial Machine Learning in Cybersecurity: Challenges and Defenses
Adversarial Machine Learning in Cybersecurity: Challenges and Defenses
Passive Attacks and Reconnaissance in Network Security
Passive Attacks and Reconnaissance in Network Security
Understanding Man-in-the-Middle Attacks and Network Security Threats
Understanding Man-in-the-Middle Attacks and Network Security Threats
Understanding Web Accessibility and Its Importance
Understanding Web Accessibility and Its Importance
Understanding Socket Programming and Application Interface
Understanding Socket Programming and Application Interface
Understanding Amazon EC2: Elastic Compute Cloud Fundamentals
Understanding Amazon EC2: Elastic Compute Cloud Fundamentals
Understanding the Role of Security Champions in Organizations
Understanding the Role of Security Champions in Organizations
Understanding the Roles of a Security Partner
Understanding the Roles of a Security Partner
Overview of Cyber Operations and Security Threats
Overview of Cyber Operations and Security Threats
Understanding ReDoS Attacks in Web Applications
Understanding ReDoS Attacks in Web Applications
Modeling and Generation of Realistic Network Activity Using Non-Negative Matrix Factorization
Modeling and Generation of Realistic Network Activity Using Non-Negative Matrix Factorization
Introduction to Web and HTTP Protocols in Data Communication Networks
Introduction to Web and HTTP Protocols in Data Communication Networks
Understanding Phishing Attacks: Risks, Prevention, and Awareness
Understanding Phishing Attacks: Risks, Prevention, and Awareness
Network Compression Techniques: Overview and Practical Issues
Network Compression Techniques: Overview and Practical Issues
Understanding Buffer Overflow Attacks at Carnegie Mellon
Understanding Buffer Overflow Attacks at Carnegie Mellon
Cyber Threat Detection and Network Security Strategies
Cyber Threat Detection and Network Security Strategies