Many common security threats prevail in the Internet domain that tries to steal the user’s sensitive information. It alters the web server’s database or destroys the credibility of the particular web application.
Some of the topmost security threats include Denial of Service attacks, Session Hijacking attempts, Cross-Site Scripting (XSS), Phishing, Buffer Overflow etc.
What are the common security threats?
1. Denial of Service – Security Threats
A denial-of-service attack (DoS attack) refers to an attack on the Server or Network to make it unavailable to its intended users. It’s done by blocking or crippling the resources.
The attack generally aims to indefinitely interrupt or suspend the services of the host. Hence, denying access to that resource for genuine users.
This attack can take place even in the absence of the software vulnerabilities of a system.
It is really a challenge to avoid or prevent such attacks. Since it is extremely hard to precisely differentiate the requests of genuine users from those of the attackers.
Consequently, the effectiveness of solutions which rely on detecting and filtering requests of the attacker is limited.
There are a variety of other technical and non-technical tests that need to be understood well. This is for designing solutions that fundamentally address the problem.
2. Session Hijacking – Security Threats
The second security threat is Session Hijacking. Web-based applications frequently use sessions to enhance the customer-friendly experience for their users. This is achieved by implementing various kinds of session management techniques.
Session management works on the following concept. The server generates a session identifier ID which is sent to the user’s browser at some early point in the user interaction.
It ensures that the same ID is sent back by the browser along with each subsequent request.
Session IDs are identification tokens for the users. It is used by the servers to maintain the session data (e.g., variables).
The widely used methods for maintaining sessions in a web environment are Uniform Resource Locator (URL) arguments, Hidden form fields and Cookies.
Though each one has its own strength, cookies prove to be the best among the lot.
Quite often, the session IDs play the role of authenticators apart from being the identification tokens.
A Session ID is a piece of data that is used in web applications(often over the HyperText Transfer Protocol (HTTP)) to identify a session. Within a set time frame, a series of related messages are exchanged.
During login, the users authenticate, based on their credentials. Here, the session ID is used for intermediate communication between the client and the server. It enables accessing their sessions by serving as temporary, static passwords.
For example, when a buyer visits an online store, the articles selected by him get added into a virtual shopping cart.
He finalizes the order by going to the store’s checkout page. This typically involves ongoing communication between the client and the server.
Thus, the Session ID is one solution available to keep track of the shopper’s cart and to carry out any required changes.
On the first visit to a site, the visitor is assigned a session ID, which is different from a user ID. Sessions expire within minutes or hours, as set by the server application. Otherwise, they become invalid on the completion of a particular task.
Since the session IDs keep the identification of the user who has logged onto a website, an attacker tries to hijack the session. In addition, the attackers attempt to gain potential privileges.
When an attacker manages to obtain a valid session ID, he can use it to directly enter that session without even raising the user’s suspicion.
Most cross site-scripting exploits focus on getting the session ID stored in the browser’s cookie storage.
This type of attack, where the attacker intrudes into the user’s session by hijacking his session ID, is called session hijacking.
A countermeasure against session hijacking is the Session shield. It is a proxy outside the browser that inspects all outgoing requests and incoming responses.
The Session shield detects the session identifiers, stripes them out and stores their values in its own database.
It scans the outgoing requests again and adds back the relevant session identifiers to them.
In case of a session hijacking attack, even though the browser executes the session hijacking code, the session information is not obtained from the cookie storage. The session shield has already filtered it out.
3.Cross-Site Scripting (XSS) Security Threat
Cross-Site Scripting (XSS) is one of the commonly found security threats, which enables the attackers to inject a client-side script into the web pages viewed by other users, and uses the known vulnerabilities of Servers, Web-based applications and the related plug-in systems.
The attackers fold malicious content into any one of the compromised sites, thereby gaining secure privileges to sensitive page contents, session cookies and any other sensitive information maintained by the browser. Therefore, XSS classifies as a special case of injection.
The common user infects in any of the following two ways: either getting tricked to click a specially crafted link or getting attacked when the user visits the web page embedded with malicious code.
This shows the importance of online security procedures, and how the users are solely dependent on it.
4. SQL Injection – Security Threats
SQL injection security threat, commonly known as an attack vector for websites, is a technique to inject codes that exploit the security vulnerability in any software application.
This is used to attack any SQL database. Databases form the core of modern websites.
They store key information like the list of materials and cost, employee information, financial details of the company, etc., and deliver specific contents to authorized users like customers, employees, suppliers, and other stakeholders, by the way of customized forms and other applications.
The SQL Injection Attack (SQLIA) takes advantage of the improper coding in any of these web applications, to inject SQL commands into the code, gain access to the data in the database, and run the harmful code in the database system to reveal confidential information.
Three types of SQL injections are used to read information from a database. They are redirection and reshaping a query, error message based and blind injection.
The Blind injection method allows access to a database server for an unauthorized attacker, who uses the common coding blunders. Here, the program allows SQL queries from the client to get executed without validating the inputs.
Once entry is gained through malicious code, the attacker is free to extract, edit or delete the database contents. In some cases, even penetration beyond the database into the layer of the Operating System is possible.
5. Buffer Overflow – Security Threats
Buffer overflow is caused by a program, which overruns the buffer’s boundary and overwrites the adjacent memory while entering data into a buffer memory.
This situation is triggered by malicious inputs that are designed specifically to alter the normal program’s behaviour. Otherwise, to execute a specific code to cause buffer malfunction including memory access errors, system crash, and breach of system security.
These are some of the probable common security threats in a web application. Thus, these common security threats play a vital role, deceiving individuals and organizations in a tremendous way.
Here’s a few links of favorite resources on this topic..