APPENDIX B:
GLOSSARY OF WEB APPLICATION SECURITY THREATS
Hacking the Code: ASP.NET Web Application Security
This unique book walks you through the many threats to your web application code, from managing and authorizing users and encrypting private data to filtering user input and securing XML.
Hacking the Code: ASP.NET Web Application Security
By James C. Foster
Appendix B:
Glossary of Web Application Security Threats
Appendix B: Glossary of Web Application Security Threats
Account Hijacking
Taking over the account of a legitimate user, sometimes denying the rightful user access to his or her account.
Account Hopping
Manipulating an existing authentication token to gain access to another user s account.
Brute Force Attack
The process of discovering user credentials by trying every possible character combination. Brute force attacks can be optimized by first trying dictionary words, common passwords, or predictable character combinations.
Backdoor Attack
Exploiting poorly implemented protection mechanisms by circumventing authentication or accessing content directly.
Banner Grabbing
The process of connecting to TCP ports and reading return banners to determine the type of service and software platform.
Buffer Overflow
Overwriting a buffer by sending more data than a buffer can handle, resulting in the application crashing or executing code of the attacker s choice.
Buffer Overrun
See Buffer Overflow.
Command Injection
Injecting special shell metacharacters or otherwise manipulating input to cause the server to run shell commands or other code of the attacker s choice.
Console Attack
An attack launched physically from the system s local console.
Content Spoofing
Creating fake web content that mimics a web site to deceive a user into revealing login credentials or other sensitive information.
Cookie Manipulation
Modifying a browser cookie to exploit a security flaws in a web application.
Cookie Hijacking
Stealing the authentication cookie of a legitimate user to authenticate as and impersonate that user.
Cross-Site Request Forgery (CSRF)
Exploiting a site s trust of a user to perform a transaction in...
Copyright Syngress Publishing, Inc. 2004 under license agreement with Books24x7