WEB HACKING

WEB SERVER HACKING

WEB APPLICATION HACKING

Comparison of the usage

   • Apache 47%
   • Nginx 36 %
   • IIS 10%
   • Google
   • Lightspeed

Impact

   • Website Defacement (Illigal use)
   • Data Tempering
   • Theft of data
   • Pivot Point (Internal Access)
   • Loss of Trust, Money
   • Identity Theft
   • Damaged Reputation

Techniques



Reason

   • Unnecessary Files, Backups
   • Security Conflict vs functionality
   • Default Settings
   • Default Permission
   • Misconfiguration
   • Default Accounts
   • Security flaws, bug's (Language, server)
   • Temporary SSL
   • Improper Authentication
   • No Hardening
   • joomla, drupal, WordPress
   • Verbose Errors
   • Anonymous users
   • Sample Configuration
   • Remote administration
   • Unnecessary Services

Methdology

   • Infrastructure Profiling
   • Infrastructure Intermediaries
   • Application Profiling
   • Mirroring site
   • Directory Mapping
   • Vulnerability Scanning
   • Exploitation

Countermeasures

   • Patch
   • Alternative Site / Servers
   • Testing in production
   • Backups
   • Hire Me
   • Protocol Analysis
   • Moniter Accounts
   • Moniter Files & Directorys
   • Encryption
   • Good Architecture (cisco)
   • Vulnerability Scanning (Nikto, Nessus)
   • DLP (Data Loss Prevention)

Tool Types

   • Plug-in
   • Proxies
   • Scanners

Tools

   • Owasp Dirbister
   • Httprint
   • Httrack
   • Angryfuzzer ( hidden dir, Vulnerabilitys)
   • Whatweb
   • Zed Attack Proxy (ZAP)
   • Websecurify
   • Paros Proxy
   • Web Scrarab
   • Acunetix

REF: CYBRARY

No comments:

Post a Comment

Popular Posts