Cyber Security Web Application Attacks

This page provides a practical, in-depth look at the most common and dangerous attacks that specifically target web applications. It builds on the foundational knowledge of web app security by explaining the exact mechanics of how attackers exploit vulnerabilities in application code. The core idea is that these attacks abuse the normal functions of a web application to steal data, take control, or disrupt services.

Key Learning Points Overview

The page focuses on explaining the technical details of critical vulnerabilities from the OWASP Top 10.

1. SQL Injection (SQLi)

• What it is: An attack that allows an attacker to interfere with the queries that an application makes to its database.
• How it works:
  • The attacker identifies an unsanitized user input field (e.g., a login form, search bar).
  • They insert a malicious SQL query as input (e.g., entering ‘ OR ‘1’=’1 in a password field).
  • If the application fails to validate the input, it executes the malicious query as part of its own SQL command.
• Impact:
  • Bypass authentication and log in without a password.
  • View, modify, or delete sensitive data from the database.
  • In extreme cases, take control of the database server.
• Example: The page likely shows how the input ‘ OR ‘1’=’1 can transform a SQL query from:
  SELECT * FROM users WHERE username = ‘admin’ AND password = ‘password’
  to:
  SELECT * FROM users WHERE username = ‘admin’ AND password = ” OR ‘1’=’1′
  Because ‘1’=’1′ is always true, this query returns all users, allowing the attacker to log in.

2. Cross-Site Scripting (XSS)

• What it is: An attack that allows an attacker to inject malicious client-side scripts into a web page viewed by other users.
• How it works:
  • The attacker finds a website that displays user input without proper validation (e.g., a comment section, forum post).
  • They submit a malicious script (often JavaScript) as their input.
  • When another user views the page, the script executes in their browser.
• Impact:
  • Steal the victim’s session cookies, allowing the attacker to impersonate them.
  • Perform actions on behalf of the user.
  • Redirect the user to a malicious website.
  • Deface the website.

3. Cross-Site Request Forgery (CSRF)

• What it is: An attack that tricks a logged-in user into unknowingly submitting a malicious request to a website they are authenticated to.
• How it works:
  1. The user is logged into a trusted site (e.g., their bank).
  2. The user visits a malicious site created by the attacker.
  3. The malicious site contains a hidden form or script that automatically submits a request to the trusted site (e.g., a request to transfer money).
  4. The user’s browser sends their session cookies with this request, making the trusted site think it’s a legitimate user action.
• Impact: Perform unauthorized state-changing actions, such as changing a password, transferring funds, or making a purchase.

4. Other Key Attacks Mentioned

The page also covers other critical vulnerabilities:

• Insecure Deserialization: Exploiting how an application converts serialized data (a format used for transmission) back into an object. Can lead to remote code execution.
• Security Misconfigurations: Attacks that exploit default accounts, unused pages, unpatched flaws, or unprotected files and directories.

Study Material & Learning Plan

Here’s a structured plan to master these web application attacks.

Phase 1: Understand the Mechanics (Read and Comprehend)

1. Goal: Grasp exactly how each attack works from start to finish.
2. Action: Read the page carefully. For each attack, trace the steps of the attacker and the application.
3. Self-Check Questions:
   • SQLi: Why does the input ‘ OR ‘1’=’1 allow an attacker to bypass a login?
   • XSS: What is the fundamental difference between the target of an SQLi attack (the database) and an XSS attack (another user’s browser)?
   • CSRF: Why is the user being logged into the trusted site a critical prerequisite for a CSRF attack to work?

Phase 2: Connect the Attack to the Defense (Analytical Thinking)

1. Goal: For each major attack, identify the primary mitigation strategy.
2. Action: Create a table with two columns: Web Attack and Primary Defense.
   • Example Rows:
     • Attack: SQL Injection -> Defense: Prepared Statements (Parameterized Queries). This ensures user input is treated as data, not executable code.
     • Attack: Cross-Site Scripting (XSS) -> Defense: Input Sanitization & Output Encoding. Sanitize input to remove harmful scripts, and encode output so the browser displays it as text, not executable code.
     • Attack: Cross-Site Request Forgery (CSRF) -> Defense: Anti-CSRF Tokens. Use unique, secret tokens for each form submission that must be validated by the server, proving the request came from a legitimate form on the site.

Phase 3: Hands-On Observation (Safe Exploration)

⚠️ Critical Warning: Only practice these techniques in a dedicated, legal lab environment like OWASP Juice Shop, DVWA, or a virtual machine you own.

1. Goal: See these vulnerabilities in a controlled setting.
2. Actions:
   • Set up a Vulnerable Web App Lab: Install a deliberately vulnerable application like OWASP Juice Shop or Damn Vulnerable Web Application (DVWA) on your local machine.
   • Experiment Safely:
     • Try the ‘ OR ‘1’=’1 payload in a login field and see it work.
     • Find an XSS vulnerability and pop up an alert box.
     • Observe how defenses break these attacks when enabled.

Phase 4: Deep Dive on One Attack

1. Goal: Gain a deeper technical understanding of one attack vector.
2. Action: Choose one attack (e.g., SQL Injection) and research it further.
   • What are “Union-Based” and “Error-Based” SQLi?
   • How do automated tools like SQLmap exploit these vulnerabilities?
   • What does a prepared statement look like in a programming language like PHP or Python?