Applications are great targets to attack, especially if you’re trying to disrupt communication with DoS, or if you’re looking to exfiltrate or destroy data. This video covers injection attacks, which are essentially inserting additional data beyond what the application is expecting to make it give you some information or perform some action for you. These include SQL, HTML, command, and code injection attacks.
- Part of the planning process of any pen testing…endeavor is to determine what your target is.…Now, we've talking about targets being servers,…or maybe the networks, or maybe even users.…But another class of targets is the application.…Applications are great targets…and if you think about it,…it makes a lot of sense to attack an application.…Especially, if you're looking for denial of service…or exfiltration of data.…Or maybe even destruction of data…because applications, the way that they typically work,…is they allow users to interact with data sources.…
So, especially if you want to grab a bunch of data,…the application already knows where the data is.…So, if you could compromise an application,…you don't have to dig down through the servers…and get to the database.…You just tell the application to do something…it didn't mean to do.…So, there's different ways that we can attack applications.…One of the coolest ways, is through injection attacks.…An injection attack is sending an application something…that it didn't expect so that, hopefully,…
This Total Seminars course covers the exam certification topics. For information on additional study resources—including practice tests, lab simulations, books, and discounted exam vouchers—visit totalsem.com/linkedin. LinkedIn Learning members receive special pricing.
This course was created by Total Seminars. We are pleased to offer this training in our library.
We are a CompTIA Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.