good

1. Web
Applicatio
n Attack
Cyber Security

2. Group Members
Ayesha Fayaz 22 Arid 4354
Areeba Noor 22 Arid 4353
Khansa Rehman 22 Arid 4368
Mahnoor Nadeem 22 Arid 4369

3. What is Web Application Attack?
• An application attack consists of cyber criminals gaining access to
unauthorized areas. Attackers most commonly start with a look at
the application layer, hunting for application vulnerabilities written
within code. Though attacks target certain programming
languages more than others, a wide range of applications
representing various languages receive attacks: .NET, Ruby, Java,
Node.js, Python, and many more. Vulnerabilities are found in
both custom code and open-source frameworks and libraries.

4. How attacks
exploit
application
security
vulnerabiliti
es
Application vulnerabilities create
opportunities for cyber criminals
to exploit applications in
production. These exploits
target both custom code and
open-source frameworks and
libraries. Some of the methods
cyber criminals employ include:
Attacks due to application
security vulnerabilities written
into code
Attacks due to vulnerabilities
from outdated certificates
Attacks due to vulnerabilities
from lack of authentications

5. Attacks due
to
application
security
vulnerabilitie
s written
into code
• 85% of developers revealed that the
average application has 10 or more
vulnerabilities. There are a number of
reasons this application security risk is so
great, starting with the fact that developers
are under increasing pressure to shorten
release cycles. Legacy application security
tools are inaccurate and generate piles of
false positives that waste valuable time on
the part of security teams—in triage and
diagnosis. When vulnerabilities are not
identified and remediated, bad actors use
probes and targeted attacks to pinpoint
and exploit them—often with deleterious
consequences.

6. Attacks due to
vulnerabilities
from outdated
certificates
• Applications are able to communicate and
transfer data through application programming
interfaces (APIs). With data constantly on the
move, the security risk of interception of data in
transit by a bad actor increases. Using
secure sockets layer (SSL) code, data is encrypted
into an unreadable form, making it more secure
as it travels from application to application.
However, SSL code certificates do not last forever,
needing an update at least every two years to
avoid expiration. If the SSL certificate expires,
application communication can no longer take
place over secured HTTPS connections and data
moves across APIs in plaintext. Attackers can
exploit this vulnerability by intercepting data in
plaintext via a number of advanced application
attacks.

7. Attacks due to vulnerabilities from lack
of authentications
• Authentication and session ID vulnerabilities are common weaknesses in
web applications. Authentication acts as a protective barrier that controls
user access, and stronger authentication—such as two-factor authentication
(2FA)—adds an extra layer of security. However, many applications still use
weak or single-step logins, making it easier for attackers to break in and
steal user data. Session IDs, which keep users logged in and track their
activity, can also become a target if not managed properly. If these session
IDs are predictable or not regularly refreshed, attackers can hijack them
using methods like brute force. Once hijacked, an attacker can access user
accounts without logging in through the usual steps. Poor session
management increases the chances of unauthorized access and data
breaches. To prevent these risks, applications must use strong
authentication methods and regularly update and secure session IDs.

8. Most common web application attacks
Cross-Site
Scripting
(XXS)
SQL
Injection
▸ Parameter
Tampering
Command
Injection
▸ Session
Managemen
t
Cookie
Poisoning
Directory
Traversal
Cross-Site
Request
Forgery
Buffer
Overflows

9. Cross-Site Scripting (XSS):
• XSS allows attackers to inject malicious scripts into trusted
websites.
These scripts run in the user's browser and can steal session
cookies, data, or perform actions.
It usually occurs when input isn’t properly sanitized.
Attackers send fake links with malicious code.
Once clicked, the code executes in the user's browser.
This gives control over user sessions or private data.

10. SQL Injection:
• SQL Injection happens when attackers insert malicious SQL
queries into input fields.
This can let them access, modify, or delete database records.
Poorly handled database queries are the main cause.
Attackers can bypass login pages or drop entire tables.
It's one of the most dangerous and common web vulnerabilities.
Proper validation and use of prepared statements can prevent it.

11. Parameter Tampering:
• Attackers manipulate URL parameters or hidden form fields.
They change values to gain unauthorized access or modify data.
For example, changing a user ID in the URL to view another user’s
data.
It targets insecure data transmission between client and server.
Can affect transactions, account details, or app logic.
Validating and securing parameters server-side helps prevent it.

12. Command Injection:
• This attack injects system commands into an application.
The application then unknowingly executes those commands on
the server.
It usually happens when user input is passed to OS functions.
Attackers may use it to steal data or take full control of the server.
Command injection can be used to open shells or install malware.
Input validation and command sanitization are crucial defenses.

13. Session Management:
• Poor session management can let attackers hijack active sessions.
Weak or predictable session IDs are easy to steal.
Attackers can impersonate users and access their data.
Session fixation and session timeout issues are common
problems.
Secure and random session tokens must be used.
Sessions should be invalidated on logout or after inactivity.

14. Cookie Poisoning:
• This attack involves modifying cookies to gain unauthorized
access.
Cookies store user info; if unencrypted, they can be easily
tampered with.
An attacker may alter cookie values to escalate privileges.
It may lead to identity theft or data breaches.
Encrypting and validating cookies helps prevent this.
Secure, HttpOnly, and SameSite flags also improve safety.

15. Directory Traversal:
• Attackers try to access files outside the web root folder.
They use special characters like ../ to move up directories.
This can expose configuration files, passwords, or system data.
It’s often due to poor input validation in file path handling.
Can lead to full server compromise if sensitive files are accessed.
Validation and sandboxing file paths prevent this.

16. Cross-Site Request Forgery
(CSRF):
• CSRF tricks users into performing unwanted actions on a site
they’re logged into.
It uses the user's authentication to submit malicious requests.
For example, transferring funds or changing passwords without
their knowledge.
Attackers usually embed malicious code in links or images.
Tokens and re-authentication help protect against CSRF.
It’s dangerous because it happens without the user realizing it.

17. Buffer Overflows:
• This occurs when data exceeds a program’s memory buffer size.
Excess data overwrites adjacent memory, leading to crashes or
exploits.
Attackers use it to execute arbitrary code or corrupt memory.
It often leads to remote code execution and full system
compromise.
Mostly targets C/C++ applications with poor bounds checking.
Using safe functions and modern compilers helps prevent it.

18. Implications of Application
Attacks
• Application attacks expose sensitive user data, risking loss of privacy and trust.
The average cost of a data breach is very high—around $3.86 million as per
IBM’s 2020 report.
Brands suffer reputational damage that can last long after fixing the issue.
Yahoo’s massive breach affected 1 billion accounts, mainly personal info like
emails and birthdates.
Equifax’s 2017 breach was worse, stealing millions of Social Security numbers
due to a software vulnerability.
Attacks also cause downtime, productivity loss, revenue loss, and reduce
customer loyalty.

19. Defending Against Web
Application Attacks
• Securing applications during development and after deployment is essential.
Protection includes finding and fixing vulnerabilities early and monitoring live
apps.
The traditional method of security testing at the end of development is slow
and costly.
Modern development with Agile and DevOps requires continuous, integrated
security practices.
Tools and methods must evolve to keep up with faster release cycles and
growing app complexity.
Proactive defense minimizes risk, reduces damage, and improves overall
application safety.

20. Web
Application
Security in
Development
• Old methods tested security only at the end,
often delaying fixes and increasing costs.
Penetration testing doesn’t scale well for
modern fast development cycles.
Static Application Security Testing (SAST)
scans code early but can produce many false
positives.
Dynamic Application Security Testing (DAST)
finds issues during runtime but is hard to
scale.
Both require expensive experts and can
miss real vulnerabilities or waste resources.
Interactive Application Security Testing
(IAST) helps by giving real-time, accurate
feedback to developers.

21. Application Protection in
Production
• Perimeter defenses like Web Application Firewalls (WAFs) block attacks from outside.
WAFs generate many alerts, but many are false positives that waste security team
time.
Runtime Application Self-Protection (RASP) runs inside the app for more accurate
detection.
RASP integrates with the app’s code and monitors continuously for threats during
runtime.
It requires less management and gives faster, more precise responses to
vulnerabilities.
RASP helps reduce stress on security and development teams by improving
protection accuracy.

22. Thankyou