NETWORK AND APPLICATION ATTACKS
23
NETWORK AND APPLICATION ATTACKS PENJAMINAN DAN KEAMANAN INFORMASI UNIVERSITAS PENDIDIKAN INDONESIA Kampus Cibiru
Transcript of NETWORK AND APPLICATION ATTACKS
NETWORK ANDAPPLICATION ATTACKSPENJAMINAN DAN KEAMANAN INFORMASI
UNIVERSITAS PENDIDIKAN INDONESIAKampus Cibiru
Two Major Type Attack
Application Attacks
Networking Attacks
Objectives
1.Server-side web application attacks
2.Client-side attacks
3.Overflow attacks
4.Networking-based attacks
Network and Application Attacks
Application Attacks (Server Side)
Cross Site Scripting (XSS)
How to Defense Cross Site Scripting (XSS)
• Web masters should determine that their web pages validateinput, do not echo bad input to the user, and do not allowinput of code where it does not belong
• Web server administrators should make sure web services anddatabase programs are up to date on patches
• Users should never click an embedded link in an emailmessage without being sure where that link leads
Application Attacks (Server Side)
SQL Injection
How to Defense SQL INJECTION
• Validate input, rejecting SQL commands and scripts
• Provide drop down lists of choices for users (preparedstatements) instead of allowing free form entry
• Do not assign more privileges than the users need
• Do not ask users for SQL commands (yes, some systems haveallowed users to do this)
• Don't give your data tables and fields obvious names: aSELECT command must call a table and its columns by theircorrect names, or the command will fail
Application Attacks (Server Side)
XML External Entity Attack (XXE)
Application Attacks (Server Side)
Directory Traversal/Command Injection
Application Attacks (Client Side)
Drive-by Download
Application Attacks (Client Side)
HTTP Header Manipulation
Application Attacks (Client Side)
Cookie Posioning
Application Attacks (Client Side)
Attachment Attack
Application Attacks (Client Side)
Session Hijacking
Application Attacks (Client Side)
Malicious Add Ons
Application Attacks (Server - Client Side)
Impartial Overflow
Networking Attacks
Denial of Service (DoS)
Networking Attacks
Interception Attack
Networking Attacks
Poisoning Attack
Networking Attacks
Attacks on Access Rights
Tugas Kelompok1. Cari kasus serangan terhadap Network dan Application Attack2. Bagaimana serangan itu terjadi ?3. Bagaimana cara mengatasi / bertahan terhadap serangan ?
- Tulis dalam bentuk format Artikel - Posting di Blog Personal / Kelompok- Tautkan Linknya pada GClassroom
Referensi “Computer Security ”, 3rd edition by Dieter Gollmann. Wiley, March, 2011
https://stevevincent.info/CSS211_2014_2.htm
23
