Web application security - the fast guide 1.1 | Page 88

Chapter 5 - Attack Execution the client
P a g e | 88
5.1 Attack the client
If the mapping and analysis level showed flaws on the client side it will be a good
idea to begin there. The client (browser) is easily reachable by attacker and can
be compromise and manipulated to initiate a full attack or partial attack as base
for other types of attacks.
Due to the many types of possible client attacks the coming parts will explain
some possible attack execution scenario on client and examples about each type.
5.2 Two types of attacks
Trickery
Attacks
Exploit Attacks
No matter what technologies are used in attacking client side, all attacks will take
one of two main types: Exploits and Trickery.
In Exploit attacks a malicious code is executed on the client side and its host due
to resident vulnerability and of course the countermeasure can simply be getting
rid of that exploited vulnerability, from the other hand the trickery attacks are
based on behavior of human operator after getting seduced by an attractive
message or offer to make action that disclose important information or be used
to access the information or allow the attacker to install a software that can be
used later to extract data from client machine.