Division of threat areas:
Application server
- DDoS (ang. Distributed Denial of Service)
Applications hosted on public servers (each provider has its own security, e.g. mirror servers) are susceptible to attacks. This type of vulnerability means that the site may be susceptible to high network traffic loads. A given host (IP address) may be burdened with many open connections to it at one time. Under the influence of the influx of information and open network sockets, the application server becomes polluted and stops responding.
Strona 94
http://cybersecurity.umcs.lublin.pl/wp-content/uploads/kmazur/WSEI2019/6.pdf
- Path Traversal/Directory Traversal
Applications written in PHP are susceptible to attacks on files and directories. This manifests itself in uncontrolled access to resources on the server. Each file system on operating systems has its own way of securing resources. Unfortunately, in some cases, you can accidentally give access to prohibited resources through poor application security. A way to do this is, for example, using escape characters ‘../’ – i.e. exiting to directories above. It is possible for a website/application user to gain access to server configuration files. This can lead to information leakage or application server immobilization.
- Misconfiguration Attack
Type attacks manifest themselves in the incorrect configuration of the production environment. They are the cause of many errors, failures and data leaks. They can appear in the server, programming, database and application environments. Each programming framework has its configuration files and production flags. It is important to always expose the application with production flags.
Przykład framework Symfony:
Clear your Symfony Cache
Make sure you clear and warm-up your Symfony cache:
$ APP_ENV=prod APP_DEBUG=0 php bin/console cache:clearDatabase server
- Excessive privileges
In database applications, great emphasis is placed on user permissions for commands executed on the database. If the database user has too much permissions, information may leak out or information saved in the database may be deleted.
- Privilage abuse
This type of attack is called privilege embezzlement. It can occur, for example, through access to an administrator account.
- SQL Injection
This type of attack manifests itself as a syntax injection attack involving database manipulation. It is mainly injected into forms.
This is text '1=1; DROP DATABASE;'- Weak authentication mechanism
In default configured applications, the database administrator account is passwordless. In order for the web application to access the database, credentials must be provided. It is important to configure the application in production mode so that external users do not gain access to the database user’s credentials. Otherwise, uncontrolled manipulation of the database may occur.
- Theft of a copy of the database
Most web applications have database backup mechanisms, e.g. incremental. This is useful when uncontrolled commands are executed on the database (script/cron crashes), someone accidentally deletes or modifies data, or data is lost due to mechanical problems with the server. Copies are usually saved on the same server as the application or are scattered. If they are unencrypted, the user (hacker) gains access to confidential company data.
Client-server architecture
- Cross-site scripting (XSS)
This attack involves embedding infected JavaScript fragments into the code content.
- Saved
This is a type of attack that involves embedding malicious code, usually in a database. This involves, for example, providing a JavaScript fragment in a comment. It is saved in the database. The infected code is visible on the website. This can lead to manipulation of the appearance of the page.
- Reflected
This involves infecting a link to a page. A vulnerable JS code can be provided in the page link. This can lead to manipulation of the website.
- Based on the DOM model
This attack involves infecting the DOM tree of the page (the structure of the HTML page). This often leads to the destruction of the page structure.
- Cross-site request forgery (CSRF)
The attack involves persuading a user to perform an action that the person did not intend to perform. For example, an attacker can provide a crafted link that can perform an unintended action.
- Brute force attack
These are cryptographic attacks. They consist of brute force cracking, for example, an application password. These attacks are manifested by the high computing power of machines used to crack security.
- Cross-Origin Reqource Sharing Policy (CORS)
This mechanism involves the exchange of information between different sources. Problems with it often arise during the integration of the application frontend written in the framework and the backend written in it as well. This involves securing the information flowing in the application.
- Unicode Encoding
This attack is based on a character encoding problem. This can lead to incorrect encoding of content. This often manifests itself as a problem in the logical layer of the application. Logical errors appear on the page and problems, for example, with sorting or displaying data.
- Man-in-the-middle
This attack involves intercepting information sent between two points. For example, Wireshark is used for this purpose. Information leakage can occur, for example, when we use unsecure protocols, such as HTTP (a secure version of HTTPS).
- Social engineering
The weak point of every enterprise is people. In most enterprises, rooms such as server rooms are locked with electronic locks. Uncontrolled access to such resources can result in access to the physical layer of the application, e.g. data loss or theft.