APPLICATION SECURITY Knowledge Base Search Our Knowledge Base AppSec Knowledgebase Categories > There are many types of security threats that attackers can use to exploit insecure applications. Threat actors can run
some of these attacks using automated software, while others require a more active role from attackers. In this tutorial, we will explain the basic idea behind a man-in-the-middle (MITM) attack, providing examples and mitigation techniques. A man-in-the-middle attack is a type of eavesdropping attack, where attackers interrupt an existing conversation or data transfer. After inserting themselves in the "middle" of the transfer, the attackers
pretend to be both legitimate participants. This enables an attacker to intercept information and data from either party while also sending malicious links or other information to both legitimate participants in a way that might not be detected until it is too late. You can think of this type of attack as similar to the game of telephone where one person's words are carried along from participant to participant until it has changed by the time it reaches the final person. In a
man-in-the-middle attack, the middle participant manipulates the conversation unknown to either of the two legitimate participants, acting to retrieve confidential information and otherwise cause damage. Common abbreviations for a man-in-the-middle attack including MITM, MitM, MiM, and MIM. Man-in-the-middle attacks:
To learn more about software security, including man-in-the-middle attacks and other vulnerabilities, download our free State of Software Security v12 report. Examples of MITM AttacksAlthough the central concept of intercepting an ongoing transfer remains the same, there are several different ways attackers can implement a man-in-the-middle attack. Scenario 1: Intercepting Data
In this scenario, an attacker intercepts a data transfer between a client and server. By tricking the client into believing it is still communicating with the server and the server into believing it is still receiving information from the client, the attacker is able to intercept data from both as well as inject their own false information into any future transfers. Scenario 2: Gaining Access to Funds
In this scenario, the attacker intercepts a conversation, passing along parts of the discussion to both legitimate participants. Real-World MITM AttacksIn 2011, Dutch registrar site DigiNotar was breached, which enabled a threat actor to gain access to 500 certificates for websites like Google, Skype, and others. Access to these certificates allowed the attacker to pose as legitimate websites in a MITM attack, stealing users' data after tricking them into entering passwords on malicious mirror sites. DigiNotar ultimately filed for bankruptcy as a result of the breach. In 2017, credit score company Equifax removed its apps from Google and Apple after a breach resulted in the leak of personal data. A researcher found that the app did not consistently use HTTPS, allowing attackers to intercept data as users accessed their accounts. Interactions Susceptible to MITM AttacksAny improperly secured interaction between two parties, whether it's a data transfer between a client and server or a communication between two individuals over an internet messaging system, can be targeted by man-in-the-middle attacks. Logins and authentication at financial sites, connections that should be secured by public or private keys, and any other situation where an ongoing transaction could grant an attacker access to confidential information are all susceptible. For more about application security, read our Secure DevOps Survival Guide. Other Forms of Session HijackingMan-in-the-middle attacks are only one form of session hijacking. Others include:
Strengthen Your Application Security with Veracode's Cloud-Based PlatformOne way to reduce the harm caused by session hijacking and other attacks is to embrace a secure software development life cycle. Techniques such as static code analysis and manual penetration testing can detect security flaws in applications before they can be exploited. Veracode's cloud-based platform is designed to help developers learn secure coding best practices. Contact us today to schedule a demo and check out our services. What attack intercepts communication between?What type of attack intercepts legitimate communication and forges a fictitious response to the sender? A replay attack _____. DNS poisoning _____. An attack that intercepts legitimate communication and forges a fictitious response to the sender between two computers.
Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer quizlet?A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer.
How is a network based MITM attack executed?How is a network-based MITM attack executed? A network-based MITM attack involves a threat actor who inserts himself into a conversation between two parties. The actor impersonates both parties to gain access to information they are sending to each other.
When an attack is designed to prevent authorized users from accessing a system it is called what kind of attack?In a denial-of-service (DoS) attack, the attackers overwhelm the victim's system, network or website with network traffic, making it difficult for legitimate users to access those resources. Two ways a DoS attack can occur include: Flooding.
|