Professional Documents
Culture Documents
Cyber Security & Web Attacks.
Cyber Security & Web Attacks.
“Security used to be an option sometimes, but now it's a necessity all the time. “
Abstract — Network outages, data compromised by hackers, III. THE MOST WANTED CYBER CRIMINALS IN THE
computer viruses and other incidents affect our lives in ways that WORLD.
range from inconvenient to life-threatening. As the number of
mobile users, digital applications and data networks increase, so On FBI’s Most Wanted List for cyber
do the opportunities for exploitation. criminals you will currently find 19 individuals,
each being responsible for consumer losses
What is Cyber Security and what are different Web Attacks? ranging from $350,000 to more than $100
million. They are from all over the world and
--------------- Let’s Find Out! ---------------- huge rewards are offered for their capture.
Starting in September of 2011, the FBI began
investigating a modified version of the Zeus
Trojan, known as GameOver Zeus (GOZ), which
we covered in depth. Thousands of corporations
were infected with GameOver Zeus and as many
as 1.2 million computers were infected prior to
the take down of Zeus. It is believed GameOver
Zeus is responsible for financial losses of more
than $100 million USD.
SOFTWARE VULNERABILITIES.
A. SQL Injection
Injection vulnerabilities are rated as the number one
problem on the list of top 10 security issues put out by Open
Web Application Security Project (OWASP) and continue to
be a major source of concern for application and web
developers looking to utilize the benefits of storing usable
information in a local database.
Due to the predictable nature of these types of
applications, an attacker can craft a string using specific
Structured Query Language (SQL) commands, and know it
can be used to force the database to give up the goods. These
strings can be entered in places like search boxes, login forms,
and even directly into a url to negate simple client-side
security measures on the page itself.
C. Local File Inclusion
By targeting ‘include’ parameters in PHP code,
intruders can request an alternative file be used in
the specified request instead of the file meant to
go along with the program. This can lead to
unintended access to internal files and logs.
Where a script should work like this –
http://site.com/web-app.php?nextStep=goodfile.php
–A vulnerable application can be changed to
target an sensitive system file, or worse,
something that is infected –
http://site.com/web-app.php?nextstep=/etc/passwd
Where this can get even messier is when dealing
with a highly sophisticated intruder that knows X. A FEW THINGS TO CONSIDER AS A WEBSITE
how to manipulate internal files. By sending
OWNER:
malicious payloads to the site, without intending
for them to work, a hacker can load log files with
their own code. By pointing a vulnerable include Who can you engage if you are unfamiliar with
parameter to a code injected log file by using an the terms presented in this post?
LFI technique, a devastating attack can be
launched. How does your Host offer you security services,
if at all?
How do you know if your website currently
houses one of these vulnerabilities?
How do you know a vulnerability is not currently
being exploited?
What are you doing right now to protect your
website?
i. https://blog.sucuri.net
ii. www.thestudymaterial.com
iii. http://www.umuc.edu/cybersecurity
iv. www.forensicscontrol.com
v. http://www.ijais.org/research/volume9/number5/senhaji-
2015-ijais-451408.pdf
vi. http://pubs.sciepub.com/iteces/3/1/1/iteces-3-1-1.pdf
vii. http://www.sersc.org/journals/IJSIA/vol9_no3_2015/30.pdf
viii. http://www.academicscience.co.in/admin/resources/project/
paper/f201503111426090873.pdf
ix. http://www.ibs.ro/~bela/Papers/IEEESystems.pdf