Understanding Application Attacks

LDAP Injection

HTML Injection

SQL Injection

XML Injection

The extra data overflows into adjacent memory

The application encrypts the data

The application automatically corrects the overflow

The data is ignored

Encrypting the data

Bypassing antivirus software

Capturing the information to replay

Finding the right network to attack

Accessing the application without a password

Decreasing the security level of an application

Increasing the privileges of a user within an application

Gaining unauthorized access to a network

To redirect network traffic

To delete application data

To obtain higher access rights within an application

To gain access to a user's email

By using cryptographic tokens

By disabling cookies

By using a firewall

By encrypting all data

An attack that involves phishing emails

An attack that uses malware to gain access

An attack that targets the server's database

An attack that exploits the trust a website has in a user's browser

To authenticate user sessions

To log user activities

To prevent unauthorized requests

To encrypt user passwords

An attack that modifies the directory structure of a server

An attack that exploits web server misconfigurations to access restricted directories

An attack that deletes files from a server

An attack that encrypts server data

../

/etc/passwd

/home/user/

/var/www/