41
Typical Web Application Attacks
•Hidden Field Manipulation - eShoplifting
•
•Parameter Tampering  - access OS or sensitive data; fraud
•
•Backdoors and Debug Options – access code/application as developer or admin
•
•Cookie Poisoning - identity theft, illegal transactions
•
•Stealth Commanding - access OS or control application at OS level, site defacement
•
•Forceful Browsing - access sensitive data
•
•Cross-Site Scripting - server-side exploitation, access sensitive data; eHijacking
•
•Buffer Overflow - access sensitive data, or crash site/application
•
•Published/Known Vulnerabilities- access OS; crash site; access sensitive data
•
•Script Source Disclosure – compromise script source
No notes for this slide