INFORMATION SECURITY

Name:
Muhammad Aon Balouch

Class:
BS IT 4th

Roll. No:
LDBTT-19-36 (morning)
 1. Cross-Site Scripting (XSS) Attacks:
Cross-site scripting, commonly referred to as XSS, occurs when
hackers execute malicious JavaScript within a victim’s browser.

Unlike Remote Code Execution (RCE) attacks, the code is run

within a user’s browser. Upon initial injection, the site typically
isn’t fully controlled by the attacker. Instead, the bad actor
attaches their malicious code on top of a legitimate website,
essentially tricking browsers into executing their malware
whenever the site is loaded.

The Use of JavaScript in Cross-

Site Scripting:
JavaScript is a programming language which runs on web pages
inside your browser. This client-side code adds functionality and
interactivity to the web page, and is used extensively on all major
applications and CMS platforms.

Unlike server-side languages such as PHP, JavaScript code

inside your browser cannot impact the website for other visitors. It
is sandboxed to your own navigator and can only perform actions
within your browser window.

While JavaScript is client side and does not run on the server, it
can be used to interact with the server by performing background
requests. Attackers can use these background requests to add
unwanted spam content to a web page without refreshing it,
gather analytics about the client’s browser, or perform actions
asynchronously.
How Do Cross-Site Scripting
Attacks Work?
When attackers inject their own code into a web page, typically
accomplished by exploiting a vulnerability on the website’s
software, they can then inject their own script, which is executed
by the victim’s browser.

Since the JavaScript runs on the victim’s browser page, sensitive

details about the authenticated user can be stolen from the
session, essentially allowing a bad actor to target site
administrators and completely compromise a website.

Another popular use of cross-site scripting attacks are when the

vulnerability is available on most publicly available pages of a
website. In this case, attackers can inject their code to target the
visitors of the website by adding their own ads, phishing prompts,
or other malicious content.
 2. Directory traversal:
Directory traversal (also known as file path traversal) is a web
security vulnerability that allows an attacker to read arbitrary files
on the server that is running an application. This might include
application code and data, credentials for back-end systems, and
sensitive operating system files. In some cases, an attacker might
be able to write to arbitrary files on the server, allowing them to
modify application data or behavior, and ultimately take full control
of the server.

How to Avoid Path Traversal

Vulnerabilities:
All but the most simple web applications have to include local
resources, such as images, themes, other scripts, and so on.
Every time a resource or file is included by the application, there
is a risk that an attacker may be able to include a file or remote
resource you didn’t authorize.
How to identify if you are vulnerable

 Be sure you understand how the underlying operating system will

process filenames handed off to it.
 Don’t store sensitive configuration files inside the web root
 For Windows IIS servers, the web root should not be on the system
disk, to prevent recursive traversal back to system directories.
 3. Snooping Attacks
Snooping, in a security context, is unauthorized access to another person's
or company's data. The practice is similar to eavesdropping but is not
necessarily limited to gaining access to data during its transmission. Snooping
can include casual observance of an e-mail that appears on another's
computer screen or watching what someone else is typing. More sophisticated
snooping uses software programs to remotely monitor activity on a computer
or network device.

Malicious hackerkeyloggers to monitor keystrokes, capture passwords and

login information, and to intercept e-mail and other private communications
and data transmissions. Corporations sometimes snoop on employees
legitimately to monitor their use of business computers and track Internet
usage; governments may snoop on individuals to collect information and avert
crime and terrorism.

Although snooping has a negative connotation in general, in computer

technology snooping can refer to any program or utility that performs a
monitoring function. For example, a snoop server is used to capture network
traffic for analysis, and the snooping protocol monitors information on a
computer bus to ensure efficient processing.
 4. SQL injection:
SQL injection is a web security vulnerability that allows an
attacker to interfere with the queries that an application makes to
its database. It generally allows an attacker to view data that they
are not normally able to retrieve. This might include data
belonging to other users, or any other data that the application
itself is able to access. In many cases, an attacker can modify or
delete this data, causing persistent changes to the application's
content or behavior.

In some situations, an attacker can escalate an SQL injection

attack to compromise the underlying server or other back-end
infrastructure, or perform a denial-of-service attack.

What is the impact of a successful SQL injection

attack?
A successful SQL injection attack can result in unauthorized
access to sensitive data, such as passwords, credit card details,
or personal user information. Many high-profile data breaches in
recent years have been the result of SQL injection attacks,
leading to reputational damage and regulatory fines. In some
cases, an attacker can obtain a persistent backdoor into an
organization's systems, leading to a long-term compromise that
can go unnoticed for an extended period.
 5. Botnet:
A botnet is a number of Internet-connected devices, each of
which is running one or more bots. Botnets can be used to
perform Distributed Denial-of-Service (DDoS) attacks, steal
datasend spam, and allow the attacker to access the device and
its connection. The owner can control the botnet using command
and control (C&C) software. The word "botnet" is
a portmanteau of the words "robot" and "network". The term is
usually used with a negative or malicious connotation.

A botnet is a logical collection of Internet-connected devices such as

computers, smartphones or IoT devices whose security have been
breached and control ceded to a third party. Each compromised device,
known as a "bot", is created when a device is penetrated by software from
a malware (malicious software) distribution. The controller of a botnet is
able to direct the activities of these compromised computers through
communication channels formed by standards-based network protocols,
such as IRC and Hypertext Transfer Protocol (HTTP).
Botnets are increasingly rented out by cyber criminals as commodities for a
variety of purposes.

How does a botnet attack work?

Botnet owners can have access to several thousand computers at
a time and can command them to carry out malicious activities.
Cybercriminals initially gain access to these devices by using
special Trojan viruses to attack the computers’ security systems,
before implementing command and control software to enable
them to carry out malicious activities on a large scale. These
activities can be automated to encourage as many simultaneous
attacks as possible. Different types of botnet attacks can include:

 Distributed Denial of Service (DDoS) attacks that cause

unplanned application downtime
 Validating lists of leaked credentials (credential-stuffing
attacks) leading to account takeovers
 Web application attacks to steal data
 Providing an attacker access to a device and its connection
to a network

In other cases, cybercriminals will sell access to the botnet

network, sometimes known as a “zombie” network, so that other
cybercriminals can make use of the network for their own
malicious activities, such as activating a spam campaign.