Software-Based Hacker Attacks - dummies

By Glen E. Clarke, Edward Tetz, Timothy Warner

The most popular software attacks are discussed here, and you should be familiar with them for the A+ Exams when seeking your CompTIA A+ Certification. Just as there are a number of different types of network attacks, there are a number of software attacks as well. As you can likely guess, a software attack comes through software that a user runs.

SQL injection

An SQL injection attack occurs when the hacker sends Transact SQL statements (statements that manipulate a database) into an application so that the application will send those statements to the database to be executed. If the application developer does not validate data inputted in the application, the hacker can modify the data or even delete it. The hacker can potentially manipulate the OS through the application that sends the input to the database.

Buffer overflow

A very popular type of attack today is a buffer overflow attack, which involves the hacker sending more data to a piece of software than it is expecting. The information sent to an application is typically stored in an area of memory (a buffer). When more data than expected is sent to the application, the information is stored in memory beyond the allocated buffer. If the hacker can go beyond the allocated buffer, he can run the code. This code executes in the context of the user account associated with the software that was hacked — normally an administrative account!

To protect against buffer overflow attacks, you should keep the system and its applications patched.