Dr. Drew Hwang, CIS, Cal Poly Pomona
Secure Web Development
Anatomy of Attacks
Ethical Hacking Tools
OWASP Top 10
MS Threat Model
One More Viewpoint
Anatomy of Attacks
Steps in Web Application Attacks (Microsoft)
Survey and Assess
The first step an attacker usually takes is to survey the potential target to identify and assess its characteristics. The attacker uses the information gathered in the survey and assess phase to plan an initial attack. For example, an attacker can detect a cross-site scripting (XSS) vulnerability by testing to see if any controls in a Web page echo back output.
Exploit and Penetrate
: The next step is to exploit and penetrate. For an attacker, the easiest way into an application is through the same entrance that legitimate users use, for example, through the application's logon page or a page that does not require authentication.
: After attackers are able to get in, they manage to escalate the privileges. They specifically look for administration privileges provided by accounts that are members of the Administrators group. They also seek out the high level of privileges offered by the local system account.
: Having gained access to a system, the attackers then take steps to make future access easier and to cover up their evil tracks. Common approaches for making future access easier include planting back-door programs or using an existing account that lacks strong protection.
: Attackers who cannot gain access often mount a denial of service attack to prevent others from using the application. For other attackers, the denial of service option is their goal from the outset.
Improving Web Application Security
Steps in Web Application Attacks (Security Innovation)
: The hacker attempts to learn as much information about the target machine and target's organization as possible.
Based on vulnerabilities found in the Data Gathering phase, the hacker tries to find the most powerful vulnerability with the least amount of difficulty and the least possibility of being traced or discovered.
: The hacker tries to elevate his privileges to administrator or root to install a rootkit, cover tracks, and gather more sensitive information.
Cover Tracks and Install Tools
: Many tools may be utilized to aid the hacker in covering their tracks including destroying logs, installing backdoors, key loggers, and other rogue applications.
Gather Sensitive Information
: Once each of these steps has been completed the hacker can finally reap the fruits of his efforts.