19 Attacks for Exploiting Security Vulnerabilities in Applications. Our attacks, presented in an abridged format below,
are based on our top-selling
book and
training course "How to Break Software Security".
They can be
used to exploit security vulnerabilities on any kind of application, platform and
development language. They are the cornerstone of Security Innovation's
testing methodology,
that subsumes all other
security standards, including the OWASP top ten.
|
I. Attacking Software
Dependencies
more
Attack 1: Block access to libraries
Attack 2:
Manipulate the application’s registry values.
Attack 3: Force the application to use corrupt files
Attack 4: Manipulate and replace files that the application
creates, reads from, writes to, or executes
Attack 5: Force the application to operate in low memory,
disk-space and network-availability conditions
II. Attacking the User
Interface more
Attack 6: Overflow input buffers
Attack 7: Examine all common switches and options
Attack 8: Explore escape characters, character sets, and
commands
III. Attacking Design
more
Attack 9: Try common default and test
account names and passwords
Attack 10: Use
Holodeck to expose unprotected test APIs
Attack 11: Connect to all ports
Attack 12: Fake the source of data
Attack 13: Create loop conditions in any application that
interprets script, code, or other user-supplied logic
Attack 14: Use alternate routes to accomplish the same task
Attack 15: Force the system to reset values
IV. Attacking Implementation
more
Attack 16: Get between time of check and time of use
Attack 17: Create files with the same name as files protected
with a higher classification
Attack 18: Force all error messages
Attack 19: Use Holodeck to look for temporary files and screen
their contents for sensitive information
 |
Attacking Design (#1 - 5) |
