Essential Cybersecurity Knowledge: Buffer Overflows, DoS, And More

Web application security vulnerabilities refer to any flaws in your system that hackers may exploit to obtain unauthorized access, run malicious code, install malware, and perhaps steal sensitive information. Remediating these attacks on network security could be near impossible, especially since most small businesses, corporations, and even daily users lack the resources to fix several network security issues at a time.  

As network security threats become a critical risk for every company, it is valuable to have an expansive range of security knowledge to prevent carelessness from being the cause of application layer web application security issues. In general, a vulnerability scanner will scan your environment and compare it to a vulnerability database or a list of known flaws. However, in order to grasp what cybersecurity threats and vulnerabilities you may be facing, it is best to start with the basics. Throughout this article, we will go through the fundamentals of web application security vulnerabilities and how they may or may not be affecting your system.

What Are the Vulnerability Basics I Should Know?

Buffer Overflow

To correctly manage Linux buffer overflow vulnerabilities to prevent buffer overflow attacks, you should first understand what they are, the threats they pose to your applications, and the exploits that cybersecurity attackers utilize in their tactics. A buffer overflow attack occurs when a program attempts to put more data in a buffer than it can store or a program tries to place data in a memory region past a buffer. In doing so, this can destroy the application and possibly trigger the execution of malicious code, allowing cybercriminals to gain unauthorized access to systems and networks. Although buffer overflow is a well-known network security threat, it continues to pose a risk to both companies and small organizations.

Attackers use a buffer overflow to corrupt a web application’s execution stack, execute arbitrary code, and take over a machine. Flaws in buffer overflows can exist in both application servers and web servers, especially web applications that use libraries like graphics libraries. Buffer overflows can also exist in custom web application codes.

Types of Buffer Overflow Cybersecurity Vulnerabilities

According to OWASP, there are two types of Linux buffer overflow vulnerabilities:

• A Stack-based buffer overflow attack occurs when an attacker sends data containing malicious code to an application, which stores the data in a stack buffer. This overwrites the data on the stack to give the attacker transfer control.
• A Heap-based buffer overflow attack specifically targets the heap. It involves flooding a program’s memory space beyond the memory it uses so the data in the heap can be overwritten to exploit aspects of the programming. Once this is completed, an attacker can grant themselves access to edit the software.

DoS Basics

A DoS attack, or Denial of Service attack, is a cloud security breach meant to shut down a machine or network so it and its services are inaccessible to intended users. DoS attacks flood the target with traffic or send the target information that triggers a crash. In both instances, the DoS attack deprives legitimate users, such as employees or account holders, of the service. Thankfully, when it comes to DoS attacks, the remediation process is quicker since they are easier to block and trace, as only a single device is in play.

Types of DoS Attacks

There are a variety of DoS attack types to keep in mind:

• Buffer Overflow: Buffer Overflow attacks, as listed above, are a common type of DoS attack that relies on sending an amount of traffic to a network resource that exceeds the default processing capacity of the system.
• Ping of Death: Also known as ICMP Flood and Smurf Attack, the Ping of Death involves attackers sending spoofed, enlarged, or malicious packets that ping every computer on the targeted network. The target responds and becomes flooded with responses from the malicious packet. When an attacker sends a packet larger than that size, the target system will break it down into smaller-sized packets, allow the packets through, and when it gets pieced back together, it causes a buffer overflow, which can cause the machine to freeze or crash.
• SYN Flood: A SYN Flood attack exploits the TCP handshake. The attacker sends a SYN message, and the handshake is left incomplete either because the server does not acknowledge the SYN message or because it sent back a SYN/ACK message and the attacker never answered. Doing this leaves the connected host in an occupied status and unavailable to take further requests. Attackers will increase the number of requests, populating all open ports and preventing anyone from connecting to the network.
• Teardrop: In a Teardrop attack, IP data packet fragments are sent to the target network, which then reassembles the fragments into the original packet. The process of reassembling these fragments exhausts the system and it ends up crashing. In some cases, attackers might even try to find a TCP/IP vulnerability to do the same thing. Ultimately, the server is unable to reassemble these packets, causing an overload.

SQLi Attacks

SQL Injection is a type of injection attack that makes it possible to execute malicious SQL statements that can control a database server behind web applications. Attackers can use SQL Injection on cybersecurity vulnerabilities to bypass security measures in a system. SQLi interferes with the queries that get sent to the database, such as modifying or deleting data, and can cause persistent changes to an application's behavior. Scanning for SQLi vulnerabilities is a must to make sure that important information is not accessed and to be able to reinforce your server and mitigate SQLi attacks in network security. There are many different situational SQLi attacks, and threat actors can:

• Retrieve hidden data to modify an SQL query and return additional results and data that would not be normally available otherwise
• Change application logic by changing a query to interfere with the app
• Perform a UNION attack where it is possible to retrieve data from different database tables using the UNION SQL selector
• Execute a Blind SQL injection, one of the most well-known SQLi attacks, where the results of a query you control are not returned

Cross-Site Scripting (XSS)

Cross-site scripting (XSS) targets application users by inserting code, typically client-side like JavaScript, into the output of an online application. The principle of XSS is to change client-side scripts of a web application so that they run in the way that the attacker wishes. XSS enables attackers to run scripts in the victim's browser, allowing them to hijack user sessions or possibly cause redirects, sending users to malicious sites. Since XSS allows unauthenticated users to execute code in trusted users' browsers and access certain types of data, XSS web application security vulnerabilities also allow attackers to intercept and control data from users. This can lead to an attacker taking control of a site or an application if an administrative or elevated user is targeted. Ultimately, when it comes to XSS, there are two things to remember: 

• The web application is not the target - the user is
• Attackers plan to manipulate these users by injecting malicious code

Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery is in the OWASP Top 10 Web Application Security Vulnerabilities list. CSRF is a malicious attack that tricks a user into executing an act they did not plan to do. The attacker then can gain access through the victim's already established browser. Web applications like email clients, Facebook, Instagram, and online banking applications can be targets.

Attacks trick users by having them log in or change their email addresses in order to gain information on their credentials. If you have input a login and have the information saved for the future, the attacker can take those credentials and redirect your browser to input money into other websites without your knowledge.

Remote Code Execution

Remote Code Execution (RCE) cybersecurity vulnerabilities allow an attacker to execute arbitrary code from a remote device and place it onto a computer. RCE network security issues can lead to attacks that range from malware executions to threat actors obtaining full control over a compromised machine. A Remote Code Execution Attack can lead to a full-scale network security threat that could harm an entire web application and web server. RCE could also lead to privilege escalation, network pivoting, and establishing persistence.

Why Are the Basics Important?

It is valuable to understand any web application security vulnerabilities you may encounter because they form the backbone for attacks in network security, whether well-known or not. Having this knowledge gives you a larger understanding of the threats you face. You must be educated on what these web application security vulnerabilities are, how they can be used in attacks, and different scenarios in which an attacker might use these exploits in cybersecurity so that you can fight attacks and better prepare your company for any risks.

Our Final Thoughts on Vulnerability Basics

Educating yourself and your team on basic cybersecurity vulnerabilities is essential to being able to mitigate these attacks in network security. To better understand network security threats, it might be helpful to implement a daily vulnerability scanner to minimize the amount of security flaws your applications might have. Make sure to read our Complete Guide to Using Wapiti Web Vulnerability Scanner to get an idea of how we can assist you with your data and network security.