3.4.3. Application and Cryptographic Attacks

💡 First Principle: Application attacks exploit software weaknesses; cryptographic attacks undermine the mathematical protections that secure communication and data. Both target the logic of systems rather than their physical components.

Injection attacks (SQL injection, LDAP injection, XML injection, command injection) insert malicious input that the application interprets as commands. The root cause is always insufficient input validation.

Cross-site scripting (XSS) injects scripts into web pages. Cross-site request forgery (CSRF) tricks authenticated users into performing unintended actions. The distinction: XSS attacks the client/browser, CSRF leverages the client's authenticated session.

Privilege escalation — gaining higher access than authorized. Vertical escalation (user → admin) is more dangerous than horizontal escalation (user A → user B's data). Indicators: users performing administrative actions, unexpected permission changes.

Replay attacks capture and retransmit valid authentication data. If an attacker captures your login token and replays it, the server sees a valid token. Timestamps, nonces, and session tokens prevent replay attacks.

Directory traversal exploits insufficient path validation to access files outside the intended directory (using ../ sequences). Indicators: web requests containing ../ or encoded variants.

Downgrade attacks force systems to use weaker cryptographic algorithms or older protocol versions that have known vulnerabilities. An attacker might force a TLS connection to use an old cipher suite they can break.

Collision attacks find two different inputs that produce the same hash output. This undermines digital signatures and certificate validation. MD5 and SHA-1 are vulnerable to collision attacks — this is why they're deprecated.

Birthday attacks are a mathematical approach to finding hash collisions faster than brute force, based on the birthday paradox (in a group of 23 people, there's a 50% chance two share a birthday).

⚠️ Exam Trap: XSS attacks the browser (client-side scripts). CSRF leverages the user's authenticated session (forces the user's browser to make requests). If the question says "script executed in the victim's browser," it's XSS. If it says "the user unknowingly submitted a form," it's CSRF.