WEB SERVER HACKING
WEB APPLICATION HACKING
Comparison of the usage
• Apache 47%
• Nginx 36 %
• IIS 10%
• Google
• Lightspeed
Impact
• Website Defacement (Illigal use)
• Data Tempering
• Theft of data
• Pivot Point (Internal Access)
• Loss of Trust, Money
• Identity Theft
• Damaged Reputation
Techniques
Reason
• Unnecessary Files, Backups
• Security Conflict vs functionality
• Default Settings
• Default Permission
• Misconfiguration
• Default Accounts
• Security flaws, bug's (Language, server)
• Temporary SSL
• Improper Authentication
• No Hardening
• joomla, drupal, WordPress
• Verbose Errors
• Anonymous users
• Sample Configuration
• Remote administration
• Unnecessary Services
Methdology
• Infrastructure Profiling
• Infrastructure Intermediaries
• Application Profiling
• Mirroring site
• Directory Mapping
• Vulnerability Scanning
• Exploitation
Countermeasures
• Patch
• Alternative Site / Servers
• Testing in production
• Backups
• Hire Me
• Protocol Analysis
• Moniter Accounts
• Moniter Files & Directorys
• Encryption
• Good Architecture (cisco)
• Vulnerability Scanning (Nikto, Nessus)
• DLP (Data Loss Prevention)
Tool Types
• Plug-in
• Proxies
• Scanners
Tools
• Owasp Dirbister
• Httprint
• Httrack
• Angryfuzzer ( hidden dir, Vulnerabilitys)
• Whatweb
• Zed Attack Proxy (ZAP)
• Websecurify
• Paros Proxy
• Web Scrarab
• Acunetix
REF: CYBRARY
WEB APPLICATION HACKING
Comparison of the usage
• Apache 47%
• Nginx 36 %
• IIS 10%
• Lightspeed
Impact
• Website Defacement (Illigal use)
• Data Tempering
• Theft of data
• Pivot Point (Internal Access)
• Loss of Trust, Money
• Identity Theft
• Damaged Reputation
Techniques
Reason
• Unnecessary Files, Backups
• Security Conflict vs functionality
• Default Settings
• Default Permission
• Misconfiguration
• Default Accounts
• Security flaws, bug's (Language, server)
• Temporary SSL
• Improper Authentication
• No Hardening
• joomla, drupal, WordPress
• Verbose Errors
• Anonymous users
• Sample Configuration
• Remote administration
• Unnecessary Services
Methdology
• Infrastructure Profiling
• Infrastructure Intermediaries
• Application Profiling
• Mirroring site
• Directory Mapping
• Vulnerability Scanning
• Exploitation
Countermeasures
• Patch
• Alternative Site / Servers
• Testing in production
• Backups
• Hire Me
• Protocol Analysis
• Moniter Accounts
• Moniter Files & Directorys
• Encryption
• Good Architecture (cisco)
• Vulnerability Scanning (Nikto, Nessus)
• DLP (Data Loss Prevention)
Tool Types
• Plug-in
• Proxies
• Scanners
Tools
• Owasp Dirbister
• Httprint
• Httrack
• Angryfuzzer ( hidden dir, Vulnerabilitys)
• Whatweb
• Zed Attack Proxy (ZAP)
• Websecurify
• Paros Proxy
• Web Scrarab
• Acunetix
REF: CYBRARY
No comments:
Post a Comment