Jay, Inc.

Cross-Site Scripting attacks   Malicious code injection Cross-Site Scripting (sometimes abbreviated XSS or CSS ) attacks are attacks targeting websites that dynamically display user content without checking and encoding the information entered by users. Cross-Site Scripting attacks force a website to display HTML code or scripts entered by users. The code thus included (the term "injected" is generally used) in a vulnerable website is said to be "malicious". It is common for sites to display informational messages directly using a parameter entered by the user. The most classic example is that of "404 error pages". Some websites modify the website's behavior, so as to display a personalized error message when the page requested by the visitor does not exist. Sometimes the dynamically generated page displays the name of the requested page. Let's call a site with such as flaw http://vulnerable.site . The call of the http://vu...

Introduction to denial-of-service attacks A " denial-of-service attack " (abbreviated DoS ) is a type of attack that aims to make an organization's services or resources unavailable for an indefinite amount of time. Most of the time, these attacks are aimed at a company's servers, so they may not be used or consulted. Denial-of-service attacks are a hassle that can affect any company server or any individual connected to the internet. The goal of such an attack is not to retrieve or alter data, but to damage the reputation of companies that are present on the internet and to potentially keep them from operating properly if their activity is based on an information system. Technically speaking, these attacks are not very complicated, but are not any less effective against any type of machine with a Windows (95, 98, NT, 2000, XP, etc.), Linux (Debian, Mandrake, RedHat, Suse, etc.), Commercial Unix (HP-UX, AIX, IRIX, Solaris, etc.) or any other ty...

Exploits An " exploit " is a computer program that "exploits" a vulnerability, whether or not it is published. Each exploit is specific to a version of an application as it exploits flaws in that version. There are various types of exploits: Privilege escalation . The most formidable exploits make it possible to take control of executed programs with administrator privileges ( root privileges on UNIX type systems); Generation of a system error . The goal of some exploits is to flood a computer program to make it "crash". Most of the time, exploits are written in C language or Perl. They may however be written in any language for which there is an interpreter on the target machine. The hacker who uses an exploit therefore needs to have minimum knowledge of the target system and programming bases to achieve his goals.  To be able to use it, the hacker usually needs to compile it on the target machine. If the execution ...