9781111640125_IM_ch03

Security+ Guide to Network Security Fundamentals

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Security+ Guide to Network Security Fundamentals, Fourth Edition 3-1 Chapter 3 Application and Network Attacks At a Glance Instructor’s Manual Table of Contents Overview Objectives Teaching Tips Quick Quizzes Class Discussion Topics Additional Projects Additional Resources Key Terms
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Fourth Edition 3-2 Lecture Notes Overview In this chapter, we will examine the steps for protecting systems. First, the chapter looks at the different kinds of attacks that happen through the application layer. Then, it explores how to prevent attacks through the Web browser. You will learn how attackers can attack an entire network. Finally, you will look at the different kinds of attacks made possible by the interception of data. Chapter Objectives List and explain the different types of Web application attacks Define client-side attacks Explain how a buffer overflow attack works List different types of denial of service attacks Describe interception and poisoning attacks Teaching Tips Application Attacks Explain that one category of attacks that continues to grow is attacks that target applications, which include: a. Web application attacks b. client-side attacks c. buffer overflow attacks Web Application Attacks 1. Explain that Web applications are a prime target due to their “omnipresence” in the modern world. 2. Use Figure 3-1 to explain the general Web application infrastructure of Web applications. 3. Explain that securing against Web application attacks involves both hardening the Web server and protecting the network. 4. Explain that the most common Web application attacks are cross-site scripting, SQL injection, XML injection, and command injection/directory traversal.
Background image of page 2
Security+ Guide to Network Security Fundamentals, Fourth Edition 3-3 5. Explain that a cross-site scripting (XSS) attack injects scripts into a Web application server that will then direct attacks at clients. Use Figure 3-3 to help explain an XSS attack. 6. Define Cross Site Scripting (XSS) as an attack in which malicious code is inserted into a specific type of dynamic Web page. It typically involves using client-side scripts written in JavaScript designed to extract information from the victim and then pass the information to the attacker. 7. Explain that XSS attacks are targeted to Web sites that dynamically generate Web pages that redisplay (echo) user input that has not been properly validated. 8. Explain that an SQL injection is an attack that attacks the Web application’s use of unchecked user input. Use Table 3-1 to explain different SQL injection attack scenarios. 9. Define SQL (structured query language) as a language used to view and manipulate data that is stored in a relational database.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 9

9781111640125_IM_ch03 - Security+ Guide to Network Security...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online