×

Message

PLG_KUNENADISCUSS_DEPENDENCY_FAIL

006. TYPES OF ATTACKS AND VULNERABILITIES

 

 

 

The sophistication of cyber security attacks is increasing every day. In addition, there are numerous types of cyber security attacks and vulnerabilities. This article covers the most common.

 

TYPES OF ATTACKS

As you probably already know, most attackers do not want to be discovered, so they use a variety of techniques to remain in the shadows when attempting to compromise a network. The following sections list the most common types of attacks carried out by threat actors.

 

1.     Reconnaissance Attacks

 

2.     Social Engineering

·        Phishing

·        Pharming

·        Malvertising

 

3.     Privilege Escalation Attacks

 

4.     Backdoors

 

5.     Code Execution

 

6.     Man-in-the Middle Attacks

 

7.     Denial-of-Service Attacks

 

8.     Attack Methods for Data Exfiltration

 

9.     ARP Cache Poisoning

 

10.                         Spoofing Attacks

 

11.                         Route Manipulation Attacks

 

12.                         Password Attacks

 

13.                         Wireless Attacks

 

 

 

TYPES OF VULNERABILITIES

Understanding the weaknesses and vulnerabilities in a system or network is a huge step toward correcting these vulnerabilities or putting in appropriate countermeasures to mitigate threats against them. Potential network vulnerabilities abound, with many resulting from one or more of the following:

1.     Policy flaws

 

2.     Design errors

 

3.     Protocol weaknesses

 

4.     Misconfiguration

 

5.     Software vulnerabilities

 

6.     Human factors

 

7.     Malicious software

 

8.     Hardware vulnerabilities

 

9.     Physical access to network resources

 

Cisco and others have created databases that categorize threats in the public domain. The Common Vulnerabilities and Exposures (CVE) is a dictionary of publicly known security vulnerabilities and exposures.

 

A quick search using your favorite search engine will lead you to the website. Also, the National Vulnerability Database (NVD) is a repository of standards-based vulnerability information; you can do a quick search for it, too. (URLs change over time, so it is better to advise you to just do a quick search and click any links that interest you.)

 

The following are examples of the most common types of vulnerabilities:

 

1.     API abuse

 

2.     Authentication and authorization bypass vulnerabilities

 

3.     Buffer overflow

 

4.     Cross-site scripting (XSS) vulnerability

 

5.     Cross-site request forgery (CSRF) vulnerability

 

6.     Cryptographic vulnerability

 

7.     Deserialization of untrusted data vulnerability

 

8.     Double free

 

9.     Insufficient entropy

 

10.                         SQL injection vulnerability

 

 

THE END.

 

 

Go to top