What are the common Security threats ?

• Man in the middle attacks (MIM / MITM / MITMA)
• Attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
• Example
• Alice "Hi Bob, it's Alice. Give me your key." →     Mallory     Bob
• Alice     Mallory "Hi Bob, it's Alice. Give me your key." →     Bob
• Alice     Mallory     ← [Bob's key] Bob

• Session hijacking (replaying data)
• Exploitation of a valid computer session
• Also called Cookie hijacking
•  Theft of a magic cookie used to authenticate a user to a remote server

• Password cracking

• Phishing
• Attempt to acquire sensitive information such as usernames, passwords, and credit card details
• Phishing emails may contain links to websites that are infected with malware 
• Often directs users to enter details at a fake website with similar look and feel

• Social hacking / engineering
• Psychological manipulation of people into performing actions or divulging confidential information.
• Techniques
• Baiting : Leaving a malware infected CD / USB drive (preferably, Auto-run) expected to be used by a company staff
• Quid pro quo : Calling random numbers at a company, claiming to be calling back from technical support and gain access or launch malware for the solution of the problem
• Phishing, IVR and Phone Phishing
• Tailgating
• Pretexting, Diversion theft

• Network sniffing
• Locating network problems by allowing you to capture and view the packet level data on your network 

• Cross-site scripting
• Injecting client-side scripts into web pages viewed by other users
• used to bypass access controls 

• SQL Injection
• SQL code injection technique, used to attack data-driven applications 

• Denial-of-service (DoS)
  
• Attempt to make a machine or network resource unavailable to its intended users