File Inclusion
Allows an attacker to download a file from an arbitrary location or upload an executable or script file to open a backdoor
● Remote File Inclusion
o Executes a script to inject a remote file into the web app or the website
● Local File Inclusion
o Adds a file to the web app or website that already exists on the hosting server
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)
▪ Injects a malicious script into a trusted site to compromise the site’s
visitors
- Attacker identifies input validation vulnerability within a trusted
website - Attacker crafts a URL to perform code injection against the
trusted website - The trusted site returns a page containing the malicious code
injected - Malicious code runs in the client’s browser with permission level
as the trusted site
Session Management
Enables web applications to uniquely identify a user across several
different actions and requests
Cookie
▪ Text file used to store information about a user when they visit a website
● Non-Persistent
o Reside in memory
● Persistent
o Stored in browser cache
Session Hijacking
▪ Disconnects a host and then replaces it with his or her own machine by spoofing the original host IP address
● Session cookie theft
● Nonrandom tokens
Session Prediction
Predicts a session token to hijack the session
Cross-Site Request Forgery (CSRF)
▪ Exploits a session that was started on another site and within the same web browser
- Ensure user-specific tokens are used in all form submissions
- Add randomness and prompt for additional information for
password resets - Require users to enter their current password when changing it
The Victim needs to have a session on a legitimate website(bank) and the malicious website on the same browser at the same time. The attacker can then send requests to the legitimate website through the browser.
Extensible Markup Language (XML)
▪ Used by web apps for authentication, authorization, and other types of data exchange
Lightweight Directory Access Protocol (LDAP)
▪ An open, vendor-neutral, industry standard application protocol for
accessing and maintaining distributed directory information services over an Internet Protocol network
Often used for authentication and storing information about users, groups, and applications.
BGP
Bridge Gateway Protocol
An external gateway protocol that manages how packets are routed from network to network.
-
Section 2: Data Considerations4
-
Section 3: Risk Management4
-
Section 4: Policies and Frameworks12
-
Section 6: Risk Strategies2
-
Section 8: Securing Networks20
-
Section 11: Cloud and Virtualization2
-
Section 12: Software Applications3
-
Section 13: Data Security4
-
Section 14: Authentication and Authorization7
-
Section 15: Cryptography1
-
Section 16: Emerging Technology2
-
Section 17: Enterprise Mobility4
-
Section 18: Endpoint Security Controls6
-
Section 19: Cloud Technologies4
-
Section 20: Operational Technologies7
-
Section 21: Hashing and Symmetric Algorithms4
-
Section 22: Asymmetric Algorithms2
-
Section 23: Public Key Infrastructure12
-
Section 24: Threat and Vulnerability Management5
-
Section 25: Vulnerability Management5
-
Section 26: Risk Reduction5
-
Section 27: Analyzing Vulnerabilities14
-
Section 28: Attacking Vulnerabilities11
-
Section 29: Indicators of Compromise6
-
Section 31: Digital Forensics4
-
Section 32: Digital Forensic Tools22
