Knowledge Category

Common types of attacks

September 4th, 2023

In this tutorial we will learn some popular types of attacks which are introduced in the SNCF syllabus.

The first one is Code Injection Attacks. There are two popular types of Code Injection Attacks: SQL Injection and Cross Site Scripting.

SQL injection usually occurs when you ask a user for input, like their username/userid, but the user gives (“injects”) you an SQL statement that you will unknowingly run on your database.

Look at the following example, the administrators (or programmers) of the website directly created a SELECT statement by adding a variable from the user input (txtUserId) to a select string without any safety checks. The variable “UserId’ was fetched from user input (getRequestString):

txtUserId = getRequestString(“UserId”);
txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;

If user enter something like this: “100 OR 1=1” then the SQL statement will look like this:

SELECT * FROM Users WHERE UserId = 100 OR 1=1;

The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE. A hacker might get access to all the user names and passwords in this database.

READ MORE…

Common types of threats for endpoints

September 1st, 2023

Nowadays, organizations store vast amounts of sensitive data and critical operations within both on-premises and cloud environments, rendering them attractive targets for a diverse range of cyber threats. Recognizing and addressing these threats is vital for ensuring data security, operational stability, and overall protection. So let’s find out more about them in this tutorial!

One of the most popular cyber threats is malware. Malware means “malicious software”, is any software intentionally designed to cause damage to a computer, server, client, or computer network. There are many different variations of malware, but the most popular types of malware includes viruses, ransomware and spyware.malware_overview.jpg

READ MORE…