Author Archive for: Amos Wambugu

Amos Wambugu

About Amos Wambugu

Cross-Site Scripting (XSS) XSS attacks are a type of injection where malicious code is injected into a web application by the attacker. This happens when the web application lacks mechanisms to validate user input from the browser. An attacker develops a code (script) that executes when the user is interacting with the web application. The […]

Cross-Site Scripting (XSS)

XSS attacks are a type of injection where malicious code is injected into a web application by the attacker. This happens when the web application lacks mechanisms to validate user input from the browser.

An attacker develops a code (script) that executes when the user is interacting with the web application. The browser has no way of differentiating genuine and injected code since the attacker will use a script that looks genuine but with the intention of changing the behavior of the web application.

The best practice to prevent XSS attack is to make sure that user input is validated before being submitted to the database and also allowing only authorized users in certain levels of the application.

Man-in-the-middle (MitM) attack

MitM attack happens when a hacker comes between a client and the server. A client may be using a browser to access an application and the hacker hijacks the communication between client’s browser and the network server.

A very common MitM attack is Session Hijacking – this attack occurs when a hacker hijacks a user’s session and substitutes the IP address making the server believe that it’s still communicating with right, trusted client.

Denial-of-service (DoS)

DoS attacks happen when hackers attack a network and prevent valid users from accessing resources of the network. This is done by sending multiple requests to the target machine in order to overload or overwhelm the system therefore making resources unavailable for the intended user.

Read More
Cyber-security is the practice of securing and defending computing devices and networks from malicious attacks. Often, cyber attacks are carried out with an aim of stealing information that can be used to for other crimes like fraud and impersonation. Cyber criminals usually use any security vulnerability they find on systems and therefore is the duty […]

Cyber-security is the practice of securing and defending computing devices and networks from malicious attacks. Often, cyber attacks are carried out with an aim of stealing information that can be used to for other crimes like fraud and impersonation. Cyber criminals usually use any security vulnerability they find on systems and therefore is the duty of the user of such systems to make sure that security is taken seriously and measures put in place to prevent attacks.

There are various types of attacks that are used by hackers to steal your information, below is a list of the major mechanisms, though there are so many of them and I may not mention all of them now.

Brute force Attacks

These are the type of attacks that happen when the attacker guesses multiple passwords and usernames until he/she penetrates to the system or application. The attacker may build and an application that combines many character combinations to try to guess what password you have used. You should make sure that you use strong passwords and NEVER use the same password to log in to different applications.

Do not you passwords that are easy to guess e.g your birthday, your child’s name, street name, name of favorite singer e.t.c. The best practice is to use a long password (at least 6 characters) with a combination of letters, numbers and special characters.

Phishing attack

Phishing is the practice used by attackers to lure users to reveal their personal information like passwords, user names, credit card numbers, PIN, phone numbers e.t.c. A phishing attack may come in form of an email designed to look like it comes from a reputable company or bank. The email will ask you to send some personal information so that you can access certain products or may be get an offer. Once you provide your information, the attacker will use it to log in to your accounts and may be steal your money using the credit card number you just provided.

To avoid these attacks, make sure you don’t randomly click on Ads and spam emails in your inbox. Make sure you have mechanism to filter away spam emails at all times. Also, avoid clicking on pop-up ads that come from random websites that you don’t even know about.

Malware

A malware is a software developed by attackers to steal information from your computer once it is executed or installed in your system. Normally, a malware is designed to look like a genuine program that you can download and install in your computer. Once installed, it can be used to access session or cookie data from your system. This cookie data has your information e.g saved usernames, passwords, name of the site visited, credit card numbers, items added to shopping cart e.t.c.

The attacker can use a malware program to access this cookie data and send it back to him/her which later is used to perform an attack.

To avoid malware in your system, make sure you have a good antivirus program to scan and protect your system. Also avoid downloading executable files from unsecure websites. Avoid clicking on random pop up Ads.

If you’d like to know more about different types of attacks, please read my post PART 2 of Cyber Security.

Read More