NETWORK AND APPLICATION ATTACKS

NETWORK ANDAPPLICATION ATTACKSPENJAMINAN DAN KEAMANAN INFORMASI

UNIVERSITAS PENDIDIKAN INDONESIAKampus Cibiru

Two Major Type Attack

Application Attacks

Networking Attacks

Objectives

1.Server-side web application attacks

2.Client-side attacks

3.Overflow attacks

4.Networking-based attacks

Network and Application Attacks

Application Attacks (Server Side)

Cross Site Scripting (XSS)

How to Defense Cross Site Scripting (XSS)

• Web masters should determine that their web pages validateinput, do not echo bad input to the user, and do not allowinput of code where it does not belong

• Web server administrators should make sure web services anddatabase programs are up to date on patches

• Users should never click an embedded link in an emailmessage without being sure where that link leads

SQL Injection

How to Defense SQL INJECTION

• Validate input, rejecting SQL commands and scripts

• Provide drop down lists of choices for users (preparedstatements) instead of allowing free form entry

• Do not assign more privileges than the users need

• Do not ask users for SQL commands (yes, some systems haveallowed users to do this)

• Don't give your data tables and fields obvious names: aSELECT command must call a table and its columns by theircorrect names, or the command will fail

XML External Entity Attack (XXE)

Directory Traversal/Command Injection

Application Attacks (Client Side)

Drive-by Download

HTTP Header Manipulation

Cookie Posioning

Attachment Attack

Session Hijacking

Malicious Add Ons

Application Attacks (Server - Client Side)

Impartial Overflow

Networking Attacks

Denial of Service (DoS)

Networking Attacks

Interception Attack

Networking Attacks

Poisoning Attack

Networking Attacks

Attacks on Access Rights

Tugas Kelompok1. Cari kasus serangan terhadap Network dan Application Attack2. Bagaimana serangan itu terjadi ?3. Bagaimana cara mengatasi / bertahan terhadap serangan ?

- Tulis dalam bentuk format Artikel - Posting di Blog Personal / Kelompok- Tautkan Linknya pada GClassroom

Referensi “Computer Security ”, 3rd edition by Dieter Gollmann. Wiley, March, 2011

https://stevevincent.info/CSS211_2014_2.htm

NETWORK AND APPLICATION ATTACKS

Documents

Transcript of NETWORK AND APPLICATION ATTACKS

Attacks Taxonomy (Network)

Lecture 5: Network Attacks I

Defending Against Application DoS attacks

Worldwide attacks on SS7 network - Hackito Ergo2014.hackitoergosum.org/.../day3_Worldwide_attacks_on_SS7_network... · Worldwide attacks on SS7 network P1 Security – Hackito Ergo

Botnets, malware and network attacks

Network Attacks and Defense

Application-Level Attacks, Network-Level Defenses Nick Feamster CS 7260 April 9, 2007.

Network models and Attacks

Mobile Application Security Sharing Session · ─OWASP top 10 mobile risks ─Native application and web-based attacks ─Network-based attacks ─Privilege escalation ─Identify

Web application attacks

Network Attacks

Detect Network Attacks

Network Security and Spoofing Attacks

2012 Cns 02 Network Attacks

Replay Attacks Network Systems Security

NS03 - Network Attacks

Network Security Part II: Attacks Backbone Attacks.

Network Attacks - Network Startup Resource Center · Network Attacks Wireless Network Attacks AP Attacks Attacking the Lower Layer of the AP Association This is the Layer Underneath

Network Worms: Attacks and Defenses

“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.