SI Secure
SI Secure
IndustriesServicesProductsCompanyLibrary
SI Services


19 Attacks for Exploiting Security Vulnerabilities in Applications  Our security testing techniques are not "black magic" like some other security service providers - we publish our security testing methodology and refine it with every project.  Our attacks,  presented in an abridged format below, are based on our top-selling book  "How to Break Software Security" and can be used to exploit security vulnerabilities on any kind of application, platform and development language.  They are the cornerstone of Security Innovation's methodology, that subsumes all other security standards, including the OWASP top ten. 
 

Learn more about our 19 attacks.  Below is a list of each specific attack we use to stress and exploit applications. If you would like to learn more about when to apply these attacks, what faults make these attacks successful, how to conduct these attacks and determine whether security has been compromised, you can:

   - Contact Security Innovation about delivering this training in person  (email or 978.694.1008 x24)
   - Watch our free one-hour WebCast replay of "How to Break Software Security"


I.  Attacking Software Dependencies    more

Attack 1:  Block access to libraries
Attack 2:  Manipulate the application’s registry values. 
Attack 3:  Force the application to use corrupt files
Attack 4:  Manipulate and replace files that the application creates, reads from, writes to, or executes
Attack 5:  Force the application to operate in low memory, disk-space and network-availability conditions

II.  Attacking the User Interface   more

Attack 6:  Overflow input buffers
Attack 7:  Examine all common switches and options
Attack 8:  Explore escape characters, character sets, and commands

III.  Attacking Design    more

Attack 9:    Try common default and test account names and passwords
Attack 10:  Use Holodeck to expose unprotected test APIs
Attack 11:  Connect to all ports
Attack 12:  Fake the source of data
Attack 13:  Create loop conditions in any application that interprets script, code, or other user-supplied logic
Attack 14:  Use alternate routes to accomplish the same task
Attack 15:  Force the system to reset values

IV.  Attacking Implementation    more

Attack 16:  Get between time of check and time of use
Attack 17:  Create files with the same name as files protected with a higher classification
Attack 18:  Force all error messages
Attack 19:  Use Holodeck to look for temporary files and screen their contents for sensitive information

Attacking Design  (#1 - 5)
 

back to the top of the page