Web Application Attacks
Visit the Open Web Application Security Project (OWASP) Web site to research Web application attacks (https://www.owasp.org/index.php/Category:Attack)
• Choose one specific type of Web application attack, e.g. brute force, command execution, csrf, file inclusion, SQL Injection (blind), upload, and XSS stored.
• Research the attack using information from OWASP and *other* resources (e.g. textbooks, articles, and other Web sites)
• Write a plain English summary of what is attacked and how the attack works (write a description of it).
• Is your selected attack an attack against confidentiality, integrity, or availability? Explain your answer.
• What specific Web application vulnerability is attacked? (Hint: look for a Common Vulnerabilities and Exposure (CVE) number for the attack.)
Your response must be 150+ words and include APA format in-text citations and references.
Advanced Persistent Threats (APTs)
Historically, the term APT has been used to define the nation state (or espionage) cyber actors, but I think the term is an inaccurate label for this group. A large number of non-espionage attackers might be considered APTs because they launch campaigns with sophisticated malware or design stealthy attacks.
Instead of focusing on APT term – this discussion will focus on the tools, techniques and procedures (TTPs) which will better prepare you to triage incidents. The TTPs of the different actor groups (ecrime, nation state, and hacktivism) are starting to blend and this makes attribution even more difficult. Answer the following questions to
1. How do each of the 3 actor groups (ecrime, nation state, and hacktivism) leverage social media in their attacks?
2. How do each of the 3 actor groups (ecrime, nation state and hacktivism) use DDoS attacks?
3. How do each of the 3 actor groups (ecrime, nation state and hacktivism) use email in their attacks? (spearphishing, phishing, etc)
4. How do each of the 3 actor groups (ecrime, nation state and hacktivism) use remote access trojans (RATs) as part of their campaigns?
Once you’ve answered these 4 questions – wrap up your discussion with a one sentence explanation of nation state attacks (aka APTs) as if you were explaining it to a non-technical boss.
As usual 150+ words. APA.