Cybersecurity explanations for beginners
For many people, working in IT is already a closed book. Technical terms pile up and often even IT professionals don't understand what colleagues from other IT departments are talking about. To remedy this, this blog post will introduce you to some IT security terminology so that you can join in the conversation with your colleagues from the Security Operations Center (SOC) at the coffee machine.
First of all, it should be said that some basic terms are a prerequisite. Everyone should already be familiar with terms such as "ransomware" and "wiper malware" from radio and television. For this post, we want to go a little deeper and describe some of the most commonly used attack techniques and vulnerabilities.
Out-of-Bounds Read/Write
A software error (bug) of this type allows attackers to carry out actions outside the limits actually set. With the "read" variant of the bug, attackers can allow programs to continue reading data beyond the end of an array due to memory readouts. This could lead to a crash of the system in use or allow the attacker to obtain important information that can be read and replayed by the program. With an out-of-bounds write, a program in use simply continues to write data to the memory used after an actual memory limit, which can lead to a crash or the execution of code in a segment that is actually locked, for example.
Use After Free (UAF)
This type of bug occurs when dynamic memory is not properly marked as free or currently in use. This often happens due to faulty headers. Attackers can exploit this to overwrite memory that is actually already in use with new code, which can lead to crashes, data deletion or even the execution of malicious code.
Cross-Site Scripting (XSS)
An XSS vulnerability is usually found in web applications and allows attackers to insert code. In most variants, the code is inserted via the user's own end device into a website that can be used by other users. This allows the attacker to write code in areas to which they should not actually have access. In particular, if the data is written persistently, i.e. stored on the website/server, an attacker can cause long-term damage.
Path Traversal-Attacke
This attack technique is also known as directory traversal and allows the attacker to access files and directories outside the specified web root folder of a web application or web server. Attackers can do this, for example, by manipulating the file path and thus accessing sensitive data (e.g. credentials, personal data, etc.).
These four popular attack methods are the first in a series of explanatory and defining blog posts to help you talk to IT security professionals. If you want to talk to our IT security professionals, please find further information as well as contact details on our website.
Author: Tobias Philipsen