Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

RE: Application-level Attacks
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 14 Feb 2005 11:18:17 -0600
On Sun, 2005-02-13 at 04:36 -0500, Ofer Shezaf wrote:

If you think in payload rather than vulnerability terms than network
layer attack can cause denial of service, while it will take some sort
of an application layer attack to cause any other damage such as
stealing information or performing fraudulent transactions. 

Application layer attacks are not limited to virii: buffer overflow, SQL
injection, Cross site scripting & Browser hijacking are all type of
application layer vulnerabilities widely exploited.


That raises the question, though, if we need to further categorize by
including session layer attacks and presentation layer attacks, or
should continue to lump these into application layer attacks.

Isn't Cross Site Scripting and Session Hijacking/Riding not a session
layer attack? Is the recent International Domain Name issue (raised by
the fine folks at Shmoo) not a presentation layer attack?

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]