Actual Attacks

Now that we have discussed how attackers scan a target system, let’s look at a few attacks that are commonly used. Obviously this won’t be an exhaustive list, but it will provide you some insight into the attack methodologies used. In Chapter 4 we discussed denial of service attacks and some tools used to cause these attacks. In this section we will look at other sorts of attacks and the techniques and tools used to make them happen.

SQL Script Injection

This may be the most popular attack on websites. In recent years, more websites have taken steps to ameliorate the dangers of this attack, but my informal surveys still find about one-third of websites susceptible. This attack is based on passing structured query language commands to a web application and getting the website to execute them.