Download - NETWORK AND APPLICATION ATTACKS
![Page 1: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/1.jpg)
NETWORK ANDAPPLICATION ATTACKSPENJAMINAN DAN KEAMANAN INFORMASI
UNIVERSITAS PENDIDIKAN INDONESIAKampus Cibiru
![Page 2: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/2.jpg)
Two Major Type Attack
Application Attacks
Networking Attacks
![Page 3: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/3.jpg)
Objectives
1.Server-side web application attacks
2.Client-side attacks
3.Overflow attacks
4.Networking-based attacks
![Page 4: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/4.jpg)
Network and Application Attacks
![Page 5: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/5.jpg)
Application Attacks (Server Side)
Cross Site Scripting (XSS)
![Page 6: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/6.jpg)
How to Defense Cross Site Scripting (XSS)
• Web masters should determine that their web pages validateinput, do not echo bad input to the user, and do not allowinput of code where it does not belong
• Web server administrators should make sure web services anddatabase programs are up to date on patches
• Users should never click an embedded link in an emailmessage without being sure where that link leads
![Page 7: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/7.jpg)
Application Attacks (Server Side)
SQL Injection
![Page 8: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/8.jpg)
How to Defense SQL INJECTION
• Validate input, rejecting SQL commands and scripts
• Provide drop down lists of choices for users (preparedstatements) instead of allowing free form entry
• Do not assign more privileges than the users need
• Do not ask users for SQL commands (yes, some systems haveallowed users to do this)
• Don't give your data tables and fields obvious names: aSELECT command must call a table and its columns by theircorrect names, or the command will fail
![Page 9: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/9.jpg)
Application Attacks (Server Side)
XML External Entity Attack (XXE)
![Page 10: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/10.jpg)
Application Attacks (Server Side)
Directory Traversal/Command Injection
![Page 11: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/11.jpg)
Application Attacks (Client Side)
Drive-by Download
![Page 12: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/12.jpg)
Application Attacks (Client Side)
HTTP Header Manipulation
![Page 13: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/13.jpg)
Application Attacks (Client Side)
Cookie Posioning
![Page 14: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/14.jpg)
Application Attacks (Client Side)
Attachment Attack
![Page 15: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/15.jpg)
Application Attacks (Client Side)
Session Hijacking
![Page 16: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/16.jpg)
Application Attacks (Client Side)
Malicious Add Ons
![Page 17: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/17.jpg)
Application Attacks (Server - Client Side)
Impartial Overflow
![Page 18: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/18.jpg)
Networking Attacks
Denial of Service (DoS)
![Page 19: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/19.jpg)
Networking Attacks
Interception Attack
![Page 20: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/20.jpg)
Networking Attacks
Poisoning Attack
![Page 21: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/21.jpg)
Networking Attacks
Attacks on Access Rights
![Page 22: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/22.jpg)
Tugas Kelompok1. Cari kasus serangan terhadap Network dan Application Attack2. Bagaimana serangan itu terjadi ?3. Bagaimana cara mengatasi / bertahan terhadap serangan ?
- Tulis dalam bentuk format Artikel - Posting di Blog Personal / Kelompok- Tautkan Linknya pada GClassroom
![Page 23: NETWORK AND APPLICATION ATTACKS](https://reader030.vdocuments.site/reader030/viewer/2022020917/61bd02fd61276e740b0e72f9/html5/thumbnails/23.jpg)
Referensi “Computer Security ”, 3rd edition by Dieter Gollmann. Wiley, March, 2011
https://stevevincent.info/CSS211_2014_2.htm
23