A cyber attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cyber crimes, such as information and identity theft.
Cyber attacks can be classified into the following two categories:-
1. Web-based Attack2. System-based Attack
1. Web-based Attack
These are the attacks which occur on a website or a web application.
some of the important web-based attacks are as follows:-
A. Brute Force:- It is a type of attack which uses a trial and error method. this attacks generates a large number of guesses and validate them to obtain actual data like user password and personal identification number. This attack may be used by criminals to crack encrypted data.
B. Injection Attack:- It is the attack in which some data will be injected into a web application to manipulate the application and fetch the required information. Few are the examples of Injection Attacks are SQL Injection, XML Injection, Code Injection etc.
C. DNS Spoofing:- It is a type of computer security hacking, whereby a data is introduced into a DNS (Domain Name Server) resolver cache causing the name server to return an incorrect IP address, diverting traffic to the attackers computer or any other computer. The DNS spoofing attacks can go on for long period of time without being detected and can cause serious security issues.
D. Session Hijacking:- It is security attack on a user session over a protected network. Web application creates cookies to store the state and user session. By stealing the cookies, an attacker can have access to all of the user data and attacker hijack the user session by stealing the cookies.
E. Phishing:- It is a type of attack which attempts to steal sensitive information like user login, and credit cards number or any other sensitive information. It occur when an attacker is masquerading as a trust worthy entity in electronic communication.
F. Denial of Service:- It is an attack which meant to make a server or network resource unavailable to the user. It accomplishes this by flooding the target with traffic or sending it information that triggers a crash. It uses single internet connection to attack a server.
G. Man in the Middle Attack:- It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a bridge between them. Due to this an attacker will be able to read, insert and modify the data.
H. URL (Uniform Resource Locator) Interpretation:- It is a type of attack where we can change the certain parts of a URL, and one can make web server to deliver web pages for which is not authorized to browse.
No comments:
Post a Comment