Please enable JavaScript.

Coggle requires JavaScript to display documents.

Application Attacks - Coggle Diagram

- - - - Web and cloud,
        provides a large
        attack vectors for threat actors
- - - - Threat Assessment
        
        More advance assessment
        with Pen testing
    - - Enterprise Environment
        (Configuration setup)
        
        Virtualisation
        Cloud computing
- - - - Different types of attacks can be
        used to exploit applications
      - In order to attack,
        attacker has to find
        and exploit vulnerabilities
        
        Attacker can exploit certain
        vulnerabilities
        
        Vulnerabilities within
        Application
        
        Most of these vulnerabilities are due
        to bugs or poor coding in
        application
        
        in app, scenario when
        2 (or multiple)code functionalities try
        to access the same resource
        at the same time
        
        the 2 pieces of
        code trying to access
        resource at same time
        could lead to some
        conflict aka
        unpredictability
        
        1 more item...
        
        Could lead
        to an un-handled error
        
        1 more item...
        
        bad error handling,
        and bad input handling aka no validation,
        causes potential vulnerability
        
        error handling can reveal too
        much information aka
        sensitive info
        
        1 more item...
        
        No input validation,
        allows anything to be submitted to
        back-end server
        
        1 more item...
        
        Instead of 2 functionalities,
        lets say there are multiple users
        trying to access the application
        
        Multiple users
        leads multiple usage of
        resources
        
        1 more item...
        
        A lack of validation
        (from bad error handling)
        means application gets sent
        too much data, more than it expects,
        extra data is not handled(input)
        
        too much data
        leads to
        
        1 more item...
        
        Most of these lead to
        unpredictability in app
        
        these vulnerabilities,
        are related to apps inability
        to handle a lot of usage
        
        Application Programming Interface (API)
        Vulnerabilities
        
        Applications use libraries/apis,
        APIs come with their own vulnerabilities
        Some vulnerabilities similar to
        regular application
        
        API is split in to
        two the api data and
        the API server which
        provides the data
        
        2 more items...
        
        These vulnerabilities are due
        to bad (mis)configuration on
        server and issues on underlying system
        e.g. Virtual Machine
        
        Vulnerabilities on
        Server
        
        server misconfigurations
        can also cause vulnerabilities
        
        web servers that don't use
        synchronizer tokens
        
        2 more items...
        
        System Vulnerabilities
        
        technically server
        sits on top of system
        
        Some vulnerabilities expose
        underlying system
        
        device drivers
        can be target of attack
        
        1 more item...