May 2, 2023
Table of Contents After introducing 3 Broken Access Control Attacks in our first OWASP Top 10 post, we now move on to
Due to the global networking of today's IT systems, it is hardly ever the case that they are used in isolation. IT systems communicate both locally and globally via networks such as mobile networks or the Internet.
The totality of these globally communicating IT systems is called cyber space.
An important part of cyberspace is the Internet and more and more IT communication relationships are being moved there. The constant and daily accumulation of enormous floods of data and information makes cyberspace a very attractive target for hackers.
In addition to the Internet (GAN), however, many other networking structures are also used, for example LAN, WAN, etc.
A wide variety of attacker groups primarily use cyber space as an attack vector to achieve their interests with a specific goal in mind.
...and many other interests
"If you have something that can be valuable to a competitor,
you will be targeted and almost certainly compromised."
Phishing is one of the most common and promising types of cyber attacks. Attackers try to access user data or compromise the company's IT environment via fake emails or websites.
Ransomware is malware, also known as crypto Trojans or extortion Trojans in the German public. This cyber attack uses cryptographic methods to encrypt a user's files and thus deny him access to them, sometimes even to the entire computer system and the connected network.
Depending on the target of the malicious code, the malware can delete and edit files in the system or disclose data about the user's behavior to third parties.
Cross-site scripting (XSS) are client-side cyber attacks on websites and what is connected to them.
For example, JavaScript code is inserted into form fields or ads on the web page, which is executed when the code is sent back to the server. SQL injections, which directly target the connected database, fall into a similar category.
In Stored XSS, the malicious JavaScript code stored in the database as part of the cyber attack is executed on every call.
Social engineering involves psychological manipulation using a wide variety of methods to gain the trust of a specific person so that he or she will disclose important data (e.g., login names and passwords). Occasionally, it also involves simply eavesdropping on a target person.
Due to the constant development in the IT world, new types of cyber attack methods and scenarios occur almost daily.
Further cyber attack scenarios, such as phishing, ransomware or malware, can be found in the wiki of our website.
Unfortunately, there is no 100 percent protection against cyber attacks. Nevertheless, it is possible to clearly identify and mitigate the effect of such attacks by taking appropriate measures.
Table of Contents After introducing 3 Broken Access Control Attacks in our first OWASP Top 10 post, we now move on to
The status report of the Federal Office for Information Security (BSI) 2022 shows: IT security in the public sector is increasingly
Interview with Christian Rosenzweig (Johner Institute) - Part 2 In the first part of our interview, we asked basic questions about