Skip to main content

CyberAttack

SQL Injection

Principle

Attackers inject malicious SQL statment into database queries, altering the original query logic.

Example

`' OR '1'='1'

Defense

Parameterized queries, ORM frameworks & input validation

Cross-Site Scripting (XSS)

  1. Allow attackers to inject mailcious scripts into web pages viewd by other users
  2. These script execute in the victim's broswer to steal their sensitive data.

Principle

  1. Hacker inject malicious script onto the webpage
  2. User opens the website
  3. User's broswer downloads the website from the broswer
  4. Malicious script runs, could be:
    1. Steal cookies or session tokens
    2. Redirect users to malicious websites

Type

  1. Stored XSS: Malicious script is stored in the server's database (e.g., in the comment session of the forum) and executed whenever a user visits the affected webpage.
  2. Reflected XSS: Malicious script is embedded in a URL or request (e.g., in a query parameter) and executed when the user clicks a crafted link.
  3. DOM-based XSS: The vulnerability lies in client-side scripts that dynamically manipulate the Document Object Model (DOM) with untrusted input, without server interaction.

Defense

  1. Input Sanitation: reject script or HTML tag
  2. Use secure frame, Vue/React
  3. Output encoding
  4. Implement Content Security Policy (CSP) to restrict which scripts can run on a page, For example: Content-Security-Policy: default-src 'self'; script-src 'self' trusted.com

Cross-Site Request Forgery (CSRF)

Attacker use the victim's active session to execute unauthorized requests, such as changing account details and transfering funds.

How the Attack Works

  1. The user is logged into bank.com, and their browser has a valid session cookie.
  2. The attacker lures the user to visit attacker.com (e.g., by clicking a link in a phishing email)
  3. The malicious webpage loads, and the hidden form automatically sends a POST request to http://bank.com/transfer with the attacker’s parameters (amount=1000, to_account=99999).
  4. The browser includes the user’s session cookie with the request because it’s sent to bank.com.
  5. The bank server, unaware that the request is malicious, processes the transfer.

Defense

  1. Use CSRF Token
    • A unique, unpredictable value generated by a server-side application and sent to the client. (usually embedded in header)
    • This token acts as a secret key that the server verifies to ensure that requests are coming from the user's own browser and not from a malicious site.
  2. Verify SameSite Cookie
    • Prevent the cookie from being sent with cross-site requests.
  3. Verify Referer/Origin
    • The server checks the Referer or Origin header to ensure the request comes from bank.com.
    • The attacker's request from attacker.com would have a missing header, causing the server to reject it.
  4. Need one extra step for user to confirm
    • Use MFA for high-risk actions.

Denial-of-Service (DoS)

What is DoS

  1. Aims to disrupt the availbility of a service and system to prevent legitimate users from accessing the targeted resource
  2. By overwhelming it with a flood of illegitimate requests

Principle

  1. Work by exhausting the target's resources to make the service slow and completely unavailable.

Example

  1. The attackers uses a botnet to send millions of HTTP requests per second to a page.

Defense

  1. Rate Limiting: restrict the number of requests a single IP can make in a given time period.
  2. Web Application Firewalls: To filter malicious traffic based on patterns or ruless.
  3. Load Balancers: Distribute traffic across multiple servers to absorb or mitigate attack traffic
  4. DDoS Protection Services: use services like AWS Shield, Cloudflare to detect and migigate large-scale attacks

Man-in-the-Middle (MitM)

What is MitM

  1. The attacker intercepts data transmitted between the client and server without their knowledge

Priniciple

  1. Exploit the vulnerabilities in network portocols or configurations to intercept data transmitted between the client and server.
  2. The attack can gain access to sensitive information
  3. Common methods include DNS spoofing, or compromising unsecured WiFi networks

Example

  1. A user connects to a public WiFi network and logs into their banking website over HTTP.

Defense

  1. Use HTTPS to encrypt data in transit
  2. Avoid public WiFi for sensitive transactions or use VPN to encrypt traffic.