SANS GICSP Priority Study List
Web Based Attacks - CORRECT ANSWER-Modern HMI's are now web-based.
Common Vulnerabilities affect them and may effect non web-based applications
Web Based Attacks - CORRECT ANSWER-Authentication Bypass
Web Based Attacks - CORRECT ANSWER-Weak Session Management
Web Based Attacks - CORRECT ANSWER-(SQLi) SQL Injection
Web Based Attacks - CORRECT ANSWER-(XSS) Cross site Scripting
Web Based Attacks - CORRECT ANSWER-(CSRF) Cross Site Request Forgery
Web Based Attacks - CORRECT ANSWER-(LFI & RFI) Local and remote file
Inclusions.
Authentication Bypass - CORRECT ANSWER-Most often occurs when a
developer forgets to require every page to verify that a user is logged in.
If the attacker knows the correct request to send and the application doesn't
verify the requester is logged in for that request, the request will work without
Authentication.
Weak Session Management - CORRECT ANSWER-Once you give an
application a username
and a password, the application usually glves
you a secure cookie with a session token.
Your browser must send this cookie back to
the server for every request so the server
knows who you are
If the attacker can obtain your cookle or
guess its contents, they can hijack your
, session.
(SQLi) SQL Injection - CORRECT ANSWER-Many inputs in applications are
used in backend
database queries
- username and password to match correct credentials
-Search fields are used to find matching data in the database*
If developers use these inputs from the user
improperly, an attacker could add SQL commands in the input and have them run
on the database.
With SQL injection attacks, attackers cannot only read and write to your
database, but they can often interact with your operating system and its files.
(XSS) Cross site Scripting - CORRECT ANSWER-Other inputs that applications
get from a user maybe displayed back on the page.
-If you search for the term "plc53" in a search field, it may say something in
response like "Here are your search results for plc53"
If developers do not properly handle* that input, attackers could add JavaScript in
the input and have it execute in other users' browsers.
XSS attacks can do anything to the user's browser that the application can do,
including issue control signals or make configuration changes.
(CSRF) Cross Site Request Forgery - CORRECT ANSWER-If someone was to
give you a link to click on that looked like this and you clicked on it, what would
you expect to happen?
http://www.google.com/search?q=SamuraiSTFU
Now if someone was to give you a link like this to click on, and it was a valid link
for the application, what would you expect to happen if you were logged in?
http://hmi.powerutility.com/disconnect?meter=35499
Now, what if an attacker hid this link and tricked you to click on it, or had your
browser automatically click on it using JavaScript...
Web Based Attacks - CORRECT ANSWER-Modern HMI's are now web-based.
Common Vulnerabilities affect them and may effect non web-based applications
Web Based Attacks - CORRECT ANSWER-Authentication Bypass
Web Based Attacks - CORRECT ANSWER-Weak Session Management
Web Based Attacks - CORRECT ANSWER-(SQLi) SQL Injection
Web Based Attacks - CORRECT ANSWER-(XSS) Cross site Scripting
Web Based Attacks - CORRECT ANSWER-(CSRF) Cross Site Request Forgery
Web Based Attacks - CORRECT ANSWER-(LFI & RFI) Local and remote file
Inclusions.
Authentication Bypass - CORRECT ANSWER-Most often occurs when a
developer forgets to require every page to verify that a user is logged in.
If the attacker knows the correct request to send and the application doesn't
verify the requester is logged in for that request, the request will work without
Authentication.
Weak Session Management - CORRECT ANSWER-Once you give an
application a username
and a password, the application usually glves
you a secure cookie with a session token.
Your browser must send this cookie back to
the server for every request so the server
knows who you are
If the attacker can obtain your cookle or
guess its contents, they can hijack your
, session.
(SQLi) SQL Injection - CORRECT ANSWER-Many inputs in applications are
used in backend
database queries
- username and password to match correct credentials
-Search fields are used to find matching data in the database*
If developers use these inputs from the user
improperly, an attacker could add SQL commands in the input and have them run
on the database.
With SQL injection attacks, attackers cannot only read and write to your
database, but they can often interact with your operating system and its files.
(XSS) Cross site Scripting - CORRECT ANSWER-Other inputs that applications
get from a user maybe displayed back on the page.
-If you search for the term "plc53" in a search field, it may say something in
response like "Here are your search results for plc53"
If developers do not properly handle* that input, attackers could add JavaScript in
the input and have it execute in other users' browsers.
XSS attacks can do anything to the user's browser that the application can do,
including issue control signals or make configuration changes.
(CSRF) Cross Site Request Forgery - CORRECT ANSWER-If someone was to
give you a link to click on that looked like this and you clicked on it, what would
you expect to happen?
http://www.google.com/search?q=SamuraiSTFU
Now if someone was to give you a link like this to click on, and it was a valid link
for the application, what would you expect to happen if you were logged in?
http://hmi.powerutility.com/disconnect?meter=35499
Now, what if an attacker hid this link and tricked you to click on it, or had your
browser automatically click on it using JavaScript...
