Application Attacks

Overwriting a buffer of memory.

Gaining higher-level access to a system.

Adding malicious information into a data stream.

Replaying captured network data to a server.

Replay attack

Code injection

Privilege escalation

Buffer overflow

Physical access to the server.

Access to raw network data.

Knowledge of the application's source code.

Administrator privileges on the target system.

To flood a system with excessive traffic.

To gain higher-level access to a system.

To encrypt a user's files for ransom.

To trick users into revealing sensitive information.

They require explicit user authentication for each request.

They are typically unauthenticated requests.

They are rare and usually indicate malicious activity.

They only load content from the primary domain visited.

Server-side code

Database code

Client-side code

Network protocol code

The ability to directly modify server-side code.

The web application's trust in the user's browser after authentication.

Weak encryption protocols used for data transmission.

The absence of proper input validation on web forms.

To execute arbitrary code on the web server.

To gain unauthorized access to files and directories outside the web server's intended root.

To flood the web server with traffic, causing a denial of service.

To steal user credentials from the web application's database.