EC-Council, profile picture
Uploaded byEC-Council
PPTX, PDF385 views

Most Common Application Level Attacks

The document outlines the most common application-level attacks, including SQL injection, cross-site scripting (XSS), parameter tampering, directory traversal, denial-of-service (DoS), session hijacking, and cross-site request forgery (CSRF). It emphasizes the significant risks posed by these attacks, such as unauthorized access to sensitive data and disruption of application interactions. Each type of attack is briefly described, highlighting its method and potential impact on security.

Embed presentation

Download to read offline
Copyright EC-Council 2020. All Rights Reserved.​ Certified Application Security Engineer (CASE) Most Common Application Level Attacks
SQL Injection Attack Cross-Site Scripting (XSS) Attacks Parameter Tampering DirectoryTraversal Denial-of-Service (DoS) Attack Session Attacks Cross-Site Request Forgery (CSRF) Attack Most Common Application Level Attacks
SQL Injection Attack: Most of the prominent data breaches that occur today have been the outcomes of an SQL Injection attack, which has led to regulatory penalties and reputational damages. An effective SQL Injection attack can lead to unapproved access to delicate data, including credit card information, PINs, or other private information regarding a customer.
Cross-Site Scripting (XSS) Attack: This attack disrupts the interaction between users and vulnerable applications. It is based on client-side code injection. The attacker inserts malicious scripts into a legit application to alter its original intention.
Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Parameter Tampering
File path traversal is also known as directory traversal or backtracking. The primary objective of this web application attack is to access files and directories which are not placed under the ‘root directory’. Directory Traversal
It is a type of cyberattack that occurs when an attacker seeks to render a computer or other networks inaccessible to its authorized users by momentarily or permanently interrupting the normal operations of a host linked to the Internet. Denial-of-Service (DoS) Attack DoS
Session hijacking is an attack over user sessions by masquerading as an authorized user. It is generally applicable to browser sessions and web applications hacking. You can understand session hijacking as a form of Man- in-the-Middle (MITM) attack. Session Attack:
Cross site request forgery — also known as CSRF or XSRF — is one of the web-related security threats on the OWASP top-ten list. The main principle behind a CSRF attack is exploitation of a site’s trust for a particular user, clandestinely utilizing the user’s authentication data. Cross-Site Request forgery ( CSRF) Attack:
To Learn More, Visit - https://www.eccouncil.org/programs/certified-application-security-engineer-case/
THANK YOU!

More Related Content

PPTX
What's new in​ CEHv11?
byEC-Council
 
PPTX
Types of Malware (CEH v11)
byEC-Council
 
PPTX
Web server security challenges
byMartins Chibuike Onuoha
 
PPTX
Attack lecture #2 ppt
byvasanthimuniasamy
 
PDF
8 Types of Cyber Attacks That Can Bother CISOs in 2020
bySecPod Technologies
 
PPT
Ch03 Network and Computer Attacks
byphanleson
 
PPT
Types of attacks and threads
bysrivijaymanickam
 
PPT
Software Security Testing
bysrivinayak
 
What's new in​ CEHv11?
byEC-Council
 
Types of Malware (CEH v11)
byEC-Council
 
Web server security challenges
byMartins Chibuike Onuoha
 
Attack lecture #2 ppt
byvasanthimuniasamy
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
bySecPod Technologies
 
Ch03 Network and Computer Attacks
byphanleson
 
Types of attacks and threads
bysrivijaymanickam
 
Software Security Testing
bysrivinayak
 

What's hot

PPTX
Top 10 web server security flaws
bytobybear30
 
PPTX
Web Server Web Site Security
bySteven Cahill
 
PPT
this is test for today
byDreamMalar
 
PPTX
Network attacks
byManjushree Mashal
 
PDF
Web Server Security Guidelines
bywebhostingguy
 
PPTX
Malicion software
byA. Shamel
 
PDF
Phishing Attacks: A Challenge Ahead
byeLearning Papers
 
PPTX
Access control attacks by Yaakub bin Idris
byHafiza Abas
 
PPTX
Security vulnerability
byA. Shamel
 
PPTX
ETHICAL HACKING PPT
bySweta Leena Panda
 
PPT
Information security
bySathyanarayana Panduranga
 
PDF
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
bySoftware Guru
 
PPTX
External Attacks Against Pivileged Accounts
byLindsay Marsh
 
PDF
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
byBeyondTrust
 
PPTX
Security Testing
byBOSS Webtech
 
PPTX
Types of cyber attacks
bykrishh sivakrishna
 
PDF
Security in Computing and IT
byKomalah Nair
 
PDF
Alert logic anatomy owasp infographic
byCMR WORLD TECH
 
PPTX
Ethical Hacking
byMazenetsolution
 
PPT
Watch Your Back: Let’s Talk Web Safety and Personal Identity Theft
bySchipul - The Web Marketing Company
 
Top 10 web server security flaws
bytobybear30
 
Web Server Web Site Security
bySteven Cahill
 
this is test for today
byDreamMalar
 
Network attacks
byManjushree Mashal
 
Web Server Security Guidelines
bywebhostingguy
 
Malicion software
byA. Shamel
 
Phishing Attacks: A Challenge Ahead
byeLearning Papers
 
Access control attacks by Yaakub bin Idris
byHafiza Abas
 
Security vulnerability
byA. Shamel
 
ETHICAL HACKING PPT
bySweta Leena Panda
 
Information security
bySathyanarayana Panduranga
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
bySoftware Guru
 
External Attacks Against Pivileged Accounts
byLindsay Marsh
 
External Attacks Against Privileged Accounts - How Federal Agencies Can Build...
byBeyondTrust
 
Security Testing
byBOSS Webtech
 
Types of cyber attacks
bykrishh sivakrishna
 
Security in Computing and IT
byKomalah Nair
 
Alert logic anatomy owasp infographic
byCMR WORLD TECH
 
Ethical Hacking
byMazenetsolution
 
Watch Your Back: Let’s Talk Web Safety and Personal Identity Theft
bySchipul - The Web Marketing Company
 

Similar to Most Common Application Level Attacks

PPTX
AW-Infs201101067.pptx
byAnonymousDevil2
 
PDF
Common Web Application Attacks
byAhmed Sherif
 
PPTX
Web Application Security Session for Web Developers
byKrishna Srikanth Manda
 
PDF
Secure Coding BSSN Semarang Material.pdf
bynanangAris1
 
PDF
How to Keep Hackers Out of Your Organisation
byIBM Danmark
 
PPTX
webapplicationattacks-101005070110-phpapp02.pptx
bySyedAliShahid3
 
PDF
Hacking web applications CEHv8 module 13
byWise Person
 
PPT
Security Vulnerabilities
byMarius Vorster
 
PDF
Information Security
byMadushan Sandaruwan
 
PDF
Web application sec_3
byvhimsikal
 
PPTX
bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs
bysarasdivyansh1608
 
PPT
Hack applications
byenrizmoore
 
PPTX
Security vulnerabilities - 2018
byMarius Vorster
 
PPT
Hacking web applications
byphanleson
 
PPT
performing security testing of web applications.web-and- -hacking.ppt
bywaudit1
 
PPTX
Major Web Sever Threat.pptx
bySANDEEPVISHWAKARMA425010
 
PDF
Web Security
byGerald Villorente
 
PPTX
How to Test for The OWASP Top Ten
bySecurity Innovation
 
PDF
Threats, Threat Modeling and Analysis
byIan G
 
PDF
Top 10 Types of Most Common Cybersecurity Attacks (1).pdf
bydaksh908982
 
AW-Infs201101067.pptx
byAnonymousDevil2
 
Common Web Application Attacks
byAhmed Sherif
 
Web Application Security Session for Web Developers
byKrishna Srikanth Manda
 
Secure Coding BSSN Semarang Material.pdf
bynanangAris1
 
How to Keep Hackers Out of Your Organisation
byIBM Danmark
 
webapplicationattacks-101005070110-phpapp02.pptx
bySyedAliShahid3
 
Hacking web applications CEHv8 module 13
byWise Person
 
Security Vulnerabilities
byMarius Vorster
 
Information Security
byMadushan Sandaruwan
 
Web application sec_3
byvhimsikal
 
bhumi verma dentition in mammals -aman.pptxhhdbshdbsbdhsdbhdbhs
bysarasdivyansh1608
 
Hack applications
byenrizmoore
 
Security vulnerabilities - 2018
byMarius Vorster
 
Hacking web applications
byphanleson
 
performing security testing of web applications.web-and- -hacking.ppt
bywaudit1
 
Major Web Sever Threat.pptx
bySANDEEPVISHWAKARMA425010
 
Web Security
byGerald Villorente
 
How to Test for The OWASP Top Ten
bySecurity Innovation
 
Threats, Threat Modeling and Analysis
byIan G
 
Top 10 Types of Most Common Cybersecurity Attacks (1).pdf
bydaksh908982
 

More from EC-Council

PPTX
Skills that make network security training easy
byEC-Council
 
PPTX
Can Cloud Solutions Transform Network Security
byEC-Council
 
PPTX
What makes blockchain secure: Key Characteristics & Security Architecture
byEC-Council
 
PPTX
6 Most Popular Threat Modeling Methodologies
byEC-Council
 
PPTX
Journey from CCNA to Certified Network Defender v2
byEC-Council
 
PDF
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
byEC-Council
 
PPTX
Red Team vs. Blue Team
byEC-Council
 
PDF
Why Threat Intelligence Is a Must for Every Organization?
byEC-Council
 
PDF
Why Digital Forensics as a Career?
byEC-Council
 
PPTX
Cryptography in Blockchain
byEC-Council
 
PPTX
A Brief Introduction to Penetration Testing
byEC-Council
 
PPTX
Computer Hacking Forensic Investigator - CHFI
byEC-Council
 
PPTX
Pasta Threat Modeling
byEC-Council
 
PPTX
Blockchain: Fundamentals & Opportunities​
byEC-Council
 
PPTX
Cybersecurity Audit
byEC-Council
 
PPTX
Third Party Risk Management
byEC-Council
 
PPTX
Types of malware threats
byEC-Council
 
PPTX
Business Continuity & Disaster Recovery
byEC-Council
 
PPTX
Threat Intelligence Data Collection & Acquisition
byEC-Council
 
PPTX
Information Security Management
byEC-Council
 
Skills that make network security training easy
byEC-Council
 
Can Cloud Solutions Transform Network Security
byEC-Council
 
What makes blockchain secure: Key Characteristics & Security Architecture
byEC-Council
 
6 Most Popular Threat Modeling Methodologies
byEC-Council
 
Journey from CCNA to Certified Network Defender v2
byEC-Council
 
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
byEC-Council
 
Red Team vs. Blue Team
byEC-Council
 
Why Threat Intelligence Is a Must for Every Organization?
byEC-Council
 
Why Digital Forensics as a Career?
byEC-Council
 
Cryptography in Blockchain
byEC-Council
 
A Brief Introduction to Penetration Testing
byEC-Council
 
Computer Hacking Forensic Investigator - CHFI
byEC-Council
 
Pasta Threat Modeling
byEC-Council
 
Blockchain: Fundamentals & Opportunities​
byEC-Council
 
Cybersecurity Audit
byEC-Council
 
Third Party Risk Management
byEC-Council
 
Types of malware threats
byEC-Council
 
Business Continuity & Disaster Recovery
byEC-Council
 
Threat Intelligence Data Collection & Acquisition
byEC-Council
 
Information Security Management
byEC-Council
 

Recently uploaded

PPTX
How to Change Shipping Label Size in Odoo 18 Inventory
byCeline George
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PDF
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PDF
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
PPTX
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PPTX
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
PDF
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
PDF
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PDF
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
PDF
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
PDF
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PDF
Structure-of-the-Atom PPT.pdf/CBSE CLASS 11 CHEMISTRY/ PREPARED BY K SANDEEP ...
bySandeep Swamy
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PPTX
How to Add an Icon in Systray in Odoo 18
byCeline George
 
PDF
java full stack programming and interview questions
byrajuashokit
 
PDF
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
How to Change Shipping Label Size in Odoo 18 Inventory
byCeline George
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
Chapter 05 Drugs Acting on the Central Nervous System: Anticonvulsant (Antiep...
bySandeshSul
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
Structure-of-the-Atom PPT.pdf/CBSE CLASS 11 CHEMISTRY/ PREPARED BY K SANDEEP ...
bySandeep Swamy
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
How to Add an Icon in Systray in Odoo 18
byCeline George
 
java full stack programming and interview questions
byrajuashokit
 
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 

Most Common Application Level Attacks

  • 1.
    Copyright EC-Council 2020.All Rights Reserved.​ Certified Application Security Engineer (CASE) Most Common Application Level Attacks
  • 2.
    SQL Injection Attack Cross-SiteScripting (XSS) Attacks Parameter Tampering DirectoryTraversal Denial-of-Service (DoS) Attack Session Attacks Cross-Site Request Forgery (CSRF) Attack Most Common Application Level Attacks
  • 3.
    SQL Injection Attack: Mostof the prominent data breaches that occur today have been the outcomes of an SQL Injection attack, which has led to regulatory penalties and reputational damages. An effective SQL Injection attack can lead to unapproved access to delicate data, including credit card information, PINs, or other private information regarding a customer.
  • 4.
    Cross-Site Scripting (XSS) Attack: Thisattack disrupts the interaction between users and vulnerable applications. It is based on client-side code injection. The attacker inserts malicious scripts into a legit application to alter its original intention.
  • 5.
    Web parameter tamperingattack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Parameter Tampering
  • 6.
    File path traversalis also known as directory traversal or backtracking. The primary objective of this web application attack is to access files and directories which are not placed under the ‘root directory’. Directory Traversal
  • 7.
    It is atype of cyberattack that occurs when an attacker seeks to render a computer or other networks inaccessible to its authorized users by momentarily or permanently interrupting the normal operations of a host linked to the Internet. Denial-of-Service (DoS) Attack DoS
  • 8.
    Session hijacking isan attack over user sessions by masquerading as an authorized user. It is generally applicable to browser sessions and web applications hacking. You can understand session hijacking as a form of Man- in-the-Middle (MITM) attack. Session Attack:
  • 9.
    Cross site requestforgery — also known as CSRF or XSRF — is one of the web-related security threats on the OWASP top-ten list. The main principle behind a CSRF attack is exploitation of a site’s trust for a particular user, clandestinely utilizing the user’s authentication data. Cross-Site Request forgery ( CSRF) Attack:
  • 10.
    To Learn More, Visit- https://www.eccouncil.org/programs/certified-application-security-engineer-case/
  • 11.