From the course: CompTIA PenTest (PT0-002) Cert Prep

Unlock this course with a free trial

Join today to access over 23,200 courses taught by industry experts.

Application exploits, part 1

Application exploits, part 1

From the course: CompTIA PenTest (PT0-002) Cert Prep

Start my 1-month free trial Buy for my team

Application exploits, part 1

- Part of the planning process of any pen testing endeavor is to determine what your target is. Now, we've talked about targets being servers, or maybe they're networks, or maybe even users, but another class of targets is the application. Applications are great targets. And if you think about it, it makes a lot of sense to attack an application, especially if you're looking for denial of service or exfiltration of data, or maybe even destruction of data. Because applications, the way that they typically work is they allow users to interact with data sources. So especially if you want to grab a bunch of data, the application already knows where the data is. So if you could compromise an application, you don't have to dig down through the servers and get to the database, you just tell the application to do something it didn't mean to do. So there's different ways that we can attack applications. One of the coolest ways is through injection attacks. An injection attack is sending an…

Contents