Security+ SY0-601: 1.3 Application Attacks

This entry is part 7 of 47 in the series [ Security+ SY0-601 ]

Chapter 3: Application Attacks

Introducing BeEF

A short explanation:

A deeper tutorial, also introducing Kody and Null Byte:

Introducing OWASP

XSS – Cross-Site Scripting





Get familiar with OWASP and their Top Ten Web Application Security Risks:

Injection Attacks


On-path Attack (Man in the Browser)

Privilege Escalation

…then search for “privilege escalation”.

Directory Traversal

cd ../../..

Buffer Overflow

…then search for “buffer overflow”.

Error Handling

Replay Attacks

Session replay is an attack in which a TCP session’s traffic is captured, the data is altered for nefarious purposes, and the session is “replayed”. This calls for some clever manipulation of the recorded TCP sequence numbers, so the attack can be inserted into a new traffic stream.

CSRF: Cross-Site Request Forgery

SSL Stripping

Pass the Hash