Types of Security Threats

There are these requirements:

Secrecy - only authorized users have access

Integrity - only authorized users can make changes
Availability - the assets are not kept from authorized users

General Categories

1. Interruption - prevents availability

2. Interception - breaks the secrecy or confidentiality of the data
3. Modification - attacks the integrity
4. Fabrication - attacks the authenticity
Passive vs Active Security Threats
 Security attack
SECURITY ATTACKS

There are four general categories of attack which are listed below.

1.Interruption
An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on
availability e.g., destruction of piece of hardware, cutting of a communication line or

Disabling of file management system.

2.Interception
• An unauthorized party gains access to an asset. This is an
attack on confidentiality. Unauthorized party could be a person,
a program or acomputer.e.g., wire tapping to capture data in the
network, illicit copying of files.
3.Modification

• An unauthorized party not only gains access to but tampers with an

asset. This is an attack on integrity. e.g., changing values in data file,
altering a program, modifying the contents of messages being
transmitted in a network
terminology
An attack is the deliberate act that exploits vulnerability.
It is accomplished by a threat agent to damage or steal an
organization’s information or physical asset.
An exploit is a technique to compromise a system.
Vulnerability is an identified weakness of a controlled system whose
controls are not present or are no longer effective. An attack is then the
use of an exploit to achieve the compromise of a controlled system.
Vulnerability:Weakness or fault that can lead to an exposure.
 Threat: object, person, or other entity representing a constant danger to an asset

 Management effectively protects its information through policy, education,

training, and technology controls

 Secure systems require secure software

• Malicious code: includes execution of viruses, worms, Trojan horses, and active
Web scripts with intent to destroy or steal information

• Back door: gaining access to system or network using known or previously

unknown/newly discovered access mechanism
Risk:Probability that “something bad” happens times expected damage to
the organization – Unlike vulnerabilities/exploits; e.g., a web service
running on a server may have a vulnerability, but if it’s not connected to
the network, risk is 0.0
Exposure:a successful attack
Vector:how the attack was carried out, e.g., malicious email attachment
Malware:malicious code such as viruses, worms, Trojan horses, bots,
backdoors, spyware, adware, etc.
 Disclosure:responsible, full, partial, none, delayed, etc.
Authentication:determining the identity of a person, computer, or
service on a computer
 Authorization:determining whether an entity (person, program,
computer) has access to object
– Can be implicit (email account access) or explicit(attributes specifying
users/groups who can read/write/execute file)
Backdoors:Hidden bypass of system authentication
Denial-of-service (DoS) attacks:Attackers’ traffic floods take down
Internet services (one type)
Threats to Info. Security
• It is highly illegal to attack/test any web app with
out permission
 introduction
• Nowadays, web applications are common around the world. Nearly every
major company or organization has a web presence. Maximum of these
companies and organizations use web applications to provide various
services to users. Some of these web applications employ database driven
content. The back-end database often contains confidential and sensitive
information such security numbers, credit card number, financial data,
medical data. Typically the web user supplies information, such as a
username and password and web applications receive user request and
interact with the back-end database and returned relevant data to the
user.
• SQL injection is a technique (like other web attack mechanisms) to
attack data driven applications. This attack can bypass a firewall and
can affect a fully patched system. The attacker takes the advantage of
poorly filtered or not correctly escaped characters embedded in SQL
statements into parsing variable data from user input. The attacker
injects arbitrary data, most often a database query, into a string that’s
eventually executed by the database through a web application (e.g. a
login form).
• Through SQL Injection attacker can obtain unauthorized access to a
database and can create, read, update, alter, or delete data stored in
the back-end database. Currently, almost all SQL databases such as
Oracle, MySQL, PostgreSQL, MSSQL Server, MS Access are potentially
vulnerable to SQL injection attacks. In its most common form, a SQL
injection attack gives access to sensitive information such as social
security numbers, credit card number or other financial data.
Why SQL injection?

- Identify injectable parameters.

- Identify the database type and version.
- Discover database schema.
- Extracting data.
- Insert, modify or delete data.
- Denial of service to authorized users by locking or deleting tables.
- Bypassing authentication.
- Privilege escalation.
- Execute remote commands by calling stored functions within the
DBMS which are reserved for administrators
 SQL injection method
Here are some methods through which SQL statements are injected
into vulnerable systems
Injected through user input.
 Injection through cookie fields contains attack strings.
 Injection through Server Variables.
 Vulnerabilities
• In computer security, a vulnerability is a weakness which allows an attacker
to reduce a system's information assurance. Web-based forms allow some
access to the back-end database to allow entry of data and a response, this
kind of attack bypasses firewalls and endpoint defenses. Any web form,
even a simple logon form or search box (where a user can input data),
might provide access to back-end database by means of SQL injection
Vulnerability, continue
• The common reason that an application is vulnerable to SQL injection
is improper filtering and lack of validation for user input. Input forms
are quite common to collect data from a user. So, practically it is not
feasible to close all the entry points to bar SQL injection. To prevent
attacks developers must apply proper filtration/validation on all forms
Vulnerable Applications
• – Almost all SQL databases are potentially vulnerable such as MS SQL
Server, DB2, Oracle, PostgreSQL, MySQL, MS Access, Sybase, Informix,
etc
Accessed through applications using :
 ASP, JSP, PHP Perl and CGI scripts that access databases XML, XSL
and XSQL JavaScript Database specific web applications Many other
• What is SQL?
 Structured Query Language
  Almost all modern web applications use a database backend to store
data
Majority of databases use a variant of SQL as a querying language to
retrieve information from the database
 MySQL, MSSQL, Postgresql, DB 2
  Flexible and robust but if not carefully implemented can make a
server extremely vulnerable.
 What is SQL Injection (SQLi)
SQL Injection (SQLi) is a type of an injection attack that makes it
possible to execute malicious SQL statements. These statements
control a database server behind a web application. Attackers can use
SQL Injection vulnerabilities to bypass application security measures.
They can go around authentication and authorization of a web page
or web application and retrieve the content of the entire SQL
database. They can also use SQL Injection to add, modify, and delete
records in the database
An SQL Injection vulnerability may affect any website or web application
that uses an SQL database such as MySQL, Oracle, SQL Server, or others.
Criminals may use it to gain unauthorized access to your sensitive data:
customer information, personal data, trade secrets, intellectual property,
and more. SQL Injection attacks are one of the oldest, most prevalent, and
most dangerous web application vulnerabilities. The OWASP organization
(Open Web Application Security Project) lists injections in their OWASP Top
10 2017 document as the number one threat to web application security
How and Why Is an SQL Injection Attack
Performed
• To make an SQL Injection attack, an attacker must first find vulnerable
user inputs within the web page or web application. A web page or
web application that has an SQL Injection vulnerability uses such user
input directly in an SQL query. The attacker can create input content.
Such content is often called a malicious payload and is the key part of
the attack. After the attacker sends this content, malicious SQL
commands are executed in the database
• SQL is a query language that was designed to manage data stored in
relational databases. You can use it to access, modify, and delete data.
Many web applications and websites store all the data in SQL
databases. In some cases, you can also use SQL commands to run
operating system commands. Therefore, a successful SQL Injection
attack can have very serious consequences
• Second-Order Injection where hidden statements to be executed at
another time by another function