Applications are also vulnerable to attacks. This section explores some of the more common attacks and how they can best be mitigated.
Attacks carried out through web applications are becoming increasingly common. Threat actors exploit vulnerabilities in the coding of a web-based application to gain access to a database or server.
Cross-site scripting (XSS) is a common threat to many web applications. This is how it works:
- Cybercriminals exploit the XSS vulnerability by injecting scripts containing malicious code into a web page.
- The web page is accessed by the victim, and the malicious scripts unknowingly pass to their browser.
- The malicious scripts can access cookies, session tokens, or other sensitive information about the user, which is sent back to the cybercriminal.
- Armed with this information, the cybercriminal can impersonate the user.
Most modern websites use a database, such as a Structured Query Language (SQL) or an Extensible Markup Language (XML) database, to store and manage data. Injection attacks seek to exploit weaknesses in these databases.
The following are common types of injection attacks.
An XML injection attack can corrupt the data on the XML database and threaten the security of the website.
It works by interfering with an application’s processing of XML data or query entered by a user.
Cybercriminals can manipulate this query by programming it to suit their needs. This will grant them access to all of the sensitive information stored on the database and allow them to make any number of changes to the website.
Cybercriminals can carry out an SQL injection attack on websites or any SQL database by inserting a malicious SQL statement in an entry field.
This attack takes advantage of a vulnerability in which the application does not correctly filter the data entered by a user for characters in an SQL statement.
As a result, the cybercriminal can gain unauthorized access to information stored on the database, from which they can spoof an identity, modify existing data, destroy data or even become an administrator of the database server itself.
A dynamic link library (DLL) file is a library that contains a set of code and data for carrying out a particular activity in Windows. Applications use this type of file to add functionality that is not built-in, when they need to carry out this activity.
DLL injection allows a cybercriminal to trick an application into calling a malicious DLL file, which executes as part of the target process.
The Lightweight Directory Access Protocol (LDAP) is an open protocol for authenticating user access to directory services. An LDAP injection attack exploits input validation vulnerabilities by injecting and executing queries to LDAP servers, giving cybercriminals an opportunity to extract sensitive information from an organization’s LDAP directory.