Server Takeover
One of the worst-case scenarios is when an attacker compromises an application's infrastructure, namely the operating system, database system or Web server. A compromise of the supporting infrastructure enables the attacker to take complete control of the application.
Detailed Description
Applications are written with the assumption that the supporting infrastructure components are trusted. Hardware, operating systems, database systems and Web servers are trusted to provide a secure operating environment for applications. If one of the infrastructure components is compromised, the entire infrastructure and application data are endangered.
There are several primary groups of attacks aimed at the infrastructure. Direct SQL commands (SQL Injection) can cause compromise of data and the database system itself. Buffer Overflow attacks cause arbitrary code execution on servers. Programming and scripting languages are prone to parsing errors and stealth commanding attacks, allowing attackers to execute privileged commands. Known vulnerabilities can be easily exploited by attackers to gain permissions on a system. Administrative interfaces also enable attackers to gain administrative privileges.- Administrative Interface Access
- Access of Internal Components
- Anomaly Detection
- Brute Force
- Buffer Overflow
- Cookie Poisoning
- Cross-Site Request Forgery
- Cross-Site Scripting
- Denial of Service (DoS)
- Directory Traversal
- Distributed Denial of Service (DDoS)
- File/Parameter Enumeration
- Forceful Browsing
- Google Hacking
- Known Attacks
- LAND Attacks
- Malicious Encodings
- Parameter Tampering
- Server Takeover
- Session Hijacking
- Signature Detection
- Site Scanning/Probing
- Source Code Disclosure
- SQL Injection
- Stealth Commanding
- Unknown Attacks