Please enable JavaScript.
Coggle requires JavaScript to display documents.
GROUP 1 : Application Security - Coggle Diagram
GROUP 1 : Application Security
Application Threats And Countermeasures
Definitions
A threat is the occurrence of any events or circumstances that may harm any kind of assets of the organization
Application threats are posed at a particular level that may maliciously harm any kind of application.
Categorization
Input Validation
Buffer Overflow
It includes DOS attack and code injection attacks in which user is pretended the use of specific resources
Make input validation checks at the start of the application so that the unexpected input will be stopped.
Cross-Site Scripting
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy
Input validation checks involve input from query strings, form fields and valid checks for cookies for the application.
SQL injection
Applying input checks before sending requests to the database
Applying parameterized stored procedures.
Allowing restricted users to connect to the database
Validation injects arbitrary commands into the database by the use of QSL statements.
Authentication
Network Eavesdropping
Brute Force Attack
Dictionary Attacks
Cookie Replay Attacks
Credential Theft
Features To Secure Web Application
Threat Modeling For Web Applications