Application Attacks
An application attack is an attack directed against a coding, implementation, or platform vulnerability in OS or application software.
- main purpose of application attacks is arbitrary code execution
- two main scenarios for application attacks:
- Compromising the OS or third-party apps on a network host
- by exploiting Trojans, malicious attachments, or browser vulnerabilities
- allows the threat actor to obtain a foothold on a local network
- Compromising the security of a website or web application
- allows a threat actor to gain control of a web host, and either:
- steal data from it
- or use it to try to penetrate further into the network
- allows a threat actor to gain control of a web host, and either:
- Compromising the OS or third-party apps on a network host
- indicator
- Increased numbers of application crashes and errors
- Anomalous CPU, memory, storage, or network utilization
- privilege escalation provides the simplest indicator of an application attack
- detected by:
- audit log
- incident response and endpoint protection agents
- detected by:
- important to correlate these to factors that identify specific types of application attacks
Arbitrary code execution is a vulnerability that allows an attacker to run their own code or a module that exploits such a vulnerability.
Remote code execution is a vulnerability that allows an attacker to transmit code from a remote host for execution on a target host or a module that exploits such a vulnerability.
- code is typically be designed to
- install some sort of
- or to disable the system