Firewall Wizards mailing list archives
RE: Application-level Attacks
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 14 Feb 2005 11:18:17 -0600
On Sun, 2005-02-13 at 04:36 -0500, Ofer Shezaf wrote:
If you think in payload rather than vulnerability terms than network layer attack can cause denial of service, while it will take some sort of an application layer attack to cause any other damage such as stealing information or performing fraudulent transactions. Application layer attacks are not limited to virii: buffer overflow, SQL injection, Cross site scripting & Browser hijacking are all type of application layer vulnerabilities widely exploited.
That raises the question, though, if we need to further categorize by including session layer attacks and presentation layer attacks, or should continue to lump these into application layer attacks. Isn't Cross Site Scripting and Session Hijacking/Riding not a session layer attack? Is the recent International Domain Name issue (raised by the fine folks at Shmoo) not a presentation layer attack? Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Application-level Attacks Joseph S D Yao (Feb 01)
- <Possible follow-ups>
- Re: Application-level Attacks George Capehart (Feb 01)
- Re[2]: Application-level Attacks gmx (Feb 11)
- Re: Re[2]: Application-level Attacks Brenno Hiemstra (Feb 12)
- Re: Application-level Attacks Devdas Bhagat (Feb 12)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Frank Knobbe (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks R. DuFresne (Feb 19)
- Re: Application-level Attacks Anthony de Boer (Feb 22)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 19)
- RE: Application-level Attacks Marcus J. Ranum (Feb 22)