WE1&2

Attack Detection - Parameters

Target of attack: eShoplifting, access files/sources, remote command execution, database manipulation, session hijacking, cross site scripting, etc.

•

•GET vs. POST

•

Log manifestation:

•eShoplifting – hard, locate the nonstandard price

•access files/sources – strange/encoded characters in file name values

•remote command execution – pipe (|) and other hazardous characters/patterns (e.g. <!-- ...), DoS/Unix shell commands.

•database manipulation – data contains ‘ or “ with SQL fragments

•session hijacking – multiple attempts to change value of session token

•Cross Site Scripting – HTML tags such as <script>... and <img src=...>


	POST parameters appear in the body of the request, hence are not logged by web servers.