Vulnerabilities:

A weakness or a flaw in the system which an attacker may find and exploit. An updated OS,
Default Passwords, Unencrypted protocols are all good examples of vulnerabilities.
A vulnerability is a hole or a weakness in the application, which can be a design flaw or an
implementation bug, that allows an attacker to cause harm to the stakeholders of an application.
Stakeholders include the application owner, application users, and other entities that rely on the
application.
Examples of vulnerabilities

● Lack of input validation on user input

● Lack of sufficient logging mechanism
● Fail-open error handling
● Not closing the database connection properly

Types of Vulnerabilities:

1) Unauthorized access by hacker or Access control:

Unauthorized computer access, popularly referred to as hacking, describes a criminal action

whereby someone uses a computer to knowingly gain access to data in a system without
permission to access that data.

Unauthorized access encompasses any time an individual — an internal or external actor —

accesses data, networks, endpoints, applications, or devices without permission. There are
several common causes or scenarios of unauthorized data access and unauthorized access to
computer networks — from weak passwords that are easily guessed or hacked to sophisticated
social engineering schemes like phishing that trick authorized users into exposing credentials, to
compromised accounts that have been hacked and taken over by illegitimate actors.

Risks of unauthorized data access-

Once an individual has gained unauthorized access to data or computer networks, they can cause
damage to an organization in a number of ways.
● They may directly steal files, data, or other information.
● They may leverage unauthorized access to further compromise accounts.
● They may destroy information or sabotage systems and networks.
● All of these scenarios carry inherent risks, costs, and potential fines to the business —
but the long-term damage from unauthorized access can carry on insidiously in the form
of damaged reputation and trust, as well as ongoing impacts on revenue.
Strategies to prevent unauthorized access-

Q) Explain Strategies to prevent unauthorized access.

1. Adopt the Principle Of Least Privilege (POLP)

A 2020 report found that half of organizations have users with more access privileges than are
necessary to do their jobs. The POLP approach aims to regularly audit internal user access
privileges to ensure the minimal-necessary level of access to data, systems, networks, and
devices for the individual to perform the core responsibilities of their role. One key is focusing
on the “core responsibilities'' idea; temporary access can be granted in exceptional cases while
still maintaining the least privileged access for day-to-day work.
2. Put a strong password policy in place
Strong passwords are one of the best protections against unauthorized access. That means
developing and enforcing a strong password policy that requires all users to follow established
best practices for creating — and regularly changing — strong passwords, as well as ensuring
passwords are not reused across devices, apps, or other accounts. One of the easiest ways to help
your users maintain strong passwords is to use a password manager that can generate (and
remember) passwords with much deeper complexity and randomness than a human ever could.
3. Use Multi-Factor Authentication (MFA)
Unauthorized access often stems from a single compromised password or credential. But if all
the individual has done is guessed, hacked, or otherwise illegitimately obtained the password,
multi-factor authentication can easily stop unauthorized access. The illegitimate actor almost
certainly won’t have access to the secondary (or tertiary) form of identity verification (like a
one-time passcode sent to the legitimate user’s mobile device). Microsoft estimates that 99.9% of
compromised user accounts could be prevented with MFA.
4. Keep security patches up to date
External actors often gain unauthorized access through known vulnerabilities. Fortunately, this
means these intrusions can be blocked by simply ensuring you regularly update all software,
keep security patches up to date, and set security updates to automatic whenever possible.
5. Don’t forget about physical security
While most unauthorized access happens in a digital sense — the unauthorized actor is using a
compromised credential to access data or computer networks from their own device—physical
security in your workplace is still essential. Whether it’s a malicious inside actor or an external
actor visiting your workplace, leaving devices unlocked or written-down passwords plainly
visible is an easy recipe for unauthorized access.
How to detect unauthorized access:
Prevention is the first defense against unauthorized access. But when these incidents do happen,
time is of the essence in mitigating the damage. The more immediately you can detect
unauthorized access — and the more efficiently you can investigate the incident — the faster you
can effectively respond to lock down access, shut out the illegitimate actor, and take back control
of your data, systems, and networks.There are many conventional security technologies, such as
DLP and CASB, that promise to alert security teams to unauthorized data access or unauthorized
access to a computer network.

NOTE- Above highlighted part is just for knowledge purposes, no need to study for examination.

2) Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected
into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side script, to a different
end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a
web application uses input from a user within the output it generates without validating or
encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s
browser has no way to know that the script should not be trusted, and will execute the script.
Because it thinks the script came from a trusted source, the malicious script can access any
cookies, session tokens, or other sensitive information retained by the browser and used with that
site. These scripts can even rewrite the content of the HTML page.
Methods to mitigate the XSS vulnerability include:
Educate app and website developers in coding best practices such as proper HTML/JavaScript
escaping/encoding techniques.
Implement code vulnerability testing at the design and development phases, and scan code in
production environments as well.
Take a zero-trust approach to user input data. Separate active browser content from unvalidated
data.
Implement a Content Security Policy that provides for appropriate website defenses against XSS.

3) Unrestricted File Upload:

File upload vulnerabilities are when a web server allows users to upload files to its filesystem
without sufficiently validating things like their name, type, contents, or size. Failing to properly
enforce restrictions on these could mean that even a basic image upload function can be used to
upload arbitrary and potentially dangerous files instead. This could even include server-side
script files that enable remote code execution.
In some cases, the act of uploading the file is in itself enough to cause damage. Other attacks
may involve a follow-up HTTP request for the file, typically to trigger its execution by the
server.
Risk Factors:

● The impact of this vulnerability is high, supposed code can be executed in the server
context or on the client side. The likelihood of detection for the attacker is high. The
prevalence is common. As a result the severity of this type of vulnerability is high.
● It is important to check a file upload module’s access controls to examine the risks
properly.
● Server-side attacks: The web server can be compromised by uploading and executing a
web-shell which can run commands, browse system files, browse local resources, attack
other servers, or exploit the local vulnerabilities, and so forth.
● Client-side attacks: Uploading malicious files can make the website vulnerable to
client-side attacks such as XSS or Cross-site Content Hijacking.
● Uploaded files can be abused to exploit other vulnerable sections of an application when
a file on the same or a trusted server is needed (can again lead to client-side or server-side
attacks)
● Uploaded files might trigger vulnerabilities in broken libraries/applications on the server
side (e.g. ImageMagick flaw that is called ImageTragick!).
● Uploaded files might trigger vulnerabilities in broken real-time monitoring tools (e.g.
Symantec antivirus exploit by unpacking a RAR file)
● An attacker might be able to put a phishing page into the website or deface the website.
● The file storage server might be abused to host troublesome files including malwares,
illegal software, or adult contents. Uploaded files might also contain malwares’ command
and control data, violence and harassment messages, or steganographic data that can be
used by criminal organizations.
● Uploaded sensitive files might be accessible by unauthorized people.
● File uploaders may disclose internal information such as server internal paths in their
error messages.

4) Buffer Overflow:

Buffers are memory storage regions that temporarily hold data while it is being transferred from
one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data
exceeds the storage capacity of the memory buffer. As a result, the program attempting to write
the data to the buffer overwrites adjacent memory locations.
For example, a buffer for log-in credentials may be designed to expect username and password
inputs of 8 bytes, so if a transaction involves an input of 10 bytes (that is, 2 bytes more than
expected), the program may write the excess data past the buffer boundary.

Buffer overflows can affect all types of software. They typically result from malformed inputs or
failure to allocate enough space for the buffer. If the transaction overwrites executable code, it
can cause the program to behave unpredictably and generate incorrect results, memory access
errors, or crashes.