Ethical Hacking And Countermeasures - Web Applications And Data Servers

    Genre: »

    1. Session Hijacking:
    Session Hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers. The attacker steals a valid session ID which he uses to get into the system and extract the data. Session hijacking includes attacks such as “TCP session hijacking”, “Blind hijacking”, and “Man-in-the-Middle (MITM) attacks”.
    This module explains about the hijacking of a valid computer session. It briefs about the session hijacking process, techniques used in hijacking, and steps to perform session hijacking. It explains the two levels of performing session hijacking that include: network level hijacking and application level hijacking. It explains about the different tools to perform session hijacking.

    2. Hacking Web Servers:
    Often a breach in security causes more damage in terms of goodwill than in actual quantifiable loss. This makes web server’s security critical to the normal functioning of an organization. There are inherent security risks associated with web servers, the local area networks that host web sites and users who access these web sites using browsers. Compromised web servers can expose the Local Area Network (LAN) or the corporate network to Internet threats. 
    This module deals with the hacking of web servers. It explains about web server defacement, Apache web server security, attacks against IIS, and web server vulnerabilities. It discusses about “Patch Management” and vulnerability scanners.

    3. Web Application Vulnerabilities:
    A web application is comprised of many layers of functionality. However, it is considered a three-layered architecture consisting of presentation, logic, and data layers. A web application is composed with several components such as web server, the application content that resides on the web server, and a typically back end data store where the application accesses and interfaces with.The vulnerabilities in the web applications including the cross-site flaws, buffer overflows, and injection flaws may be used to launch several attacks on the web applications.
    This module explains about the vulnerabilities that are possible in web applications. It explains about the objectives of web application hacking, anatomy of an attack, and countermeasures. It explains about the tools used for hacking web applications.

    4. Web-Based Password-Cracking Techniques:
    Authentication is any process by which one verifies that someone actually is who he/she claims to be. Typically, this involves a user name and a password. A password cracker is an application to restore the stolen/forgotten passwords of a network resource or of a desktop computer. It can also be used to help a human cracker to obtain unauthorized access to resources.
    This module explains about the web-based password cracking techniques. It explains about the authentication mechanisms, HTTP authentication, Integrated Windows (NTLM) Authentication, certificate-based authentication, forms-based authentication, RSA SecurID Token, Biometrics authentication, and types of biometrics authentication. The module briefs about how to crack the passwords and lists the tools for password cracking.

    5. Hacking Web Browsers:
    Today, web browsers such as Internet Explorer, Mozilla Firefox, and Apple Safari (to name a few), are installed on almost all computers. As web browsers are used frequently, it is vital to configure them securely. Often, the web browser that comes with an operating system is not set up in a secure default configuration. Not securing your web browser can quickly lead to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.This module familiarizes you with hacking different web browsers and explains how web browsers work and access HTML documents. Hacking Firefox using Firefox spoofing, information leak and password vulnerabilities are explained. Security tools and Firefox security features secure Firefox from being hacked.
    Redirection information disclosure and Window injection vulnerabilities are used for hacking Internet Explorer. Different browser settings and Internet explorer security features are mentioned for securing Internet explorer. Different vulnerabilities present in Opera, Safari, and Netscape are described. This module also lists the different security features and browser settings of Opera, Safari, and Netscape.

    6. SQL Injection:
    SQL commands such as INSERT, RETRIEVE, UPDATE, and DELETE are used to perform operations on the database. Programmers use these commands to manipulate the data in the database server.SQL injection is defined as a technique that takes advantage of non-validated input vulnerabilities and injects the SQL commands through a web application that are executed in a back-end database.
    The module deals with exploiting a web application by injecting the SQL code. The module explains about SQL Injection techniques and attacks on the web applications. It briefs about SQL Injection in different databases, SQL Injection tools, Blind SQL Injection, SQL Injection defense and detection Tools, and SQL Injection countermeasures.

    7.Hacking Database Servers:
    Database servers house critical information that includes corporate, customer, and financial data. This information could be used by the attackers to tarnish the reputation of the organization or for monitory reasons. Hacking the databases could run an organization out of business or cost them millions of dollars.This module depicts how databases are vulnerable to attacks. Attackers use TCP port scan to find an Oracle database server on the network. Once the Oracle database server has been traced, the first port of call is made to the TNS Listener. Using PL/SQL Injection, attackers can potentially elevate their level of privilege from a low-level PUBLIC account to an account with DBA-level privileges.

    Note: Do Not Use Any eBook Of This Blog To Harm Anyone. This Is Only For Educational Purpose. I Will Not Be Responsible For Anything Done By You.

    Size: 9.8 MB



    Do you like my eBooks..?

    Get Free Email Updates Daily!

    Follow us!

    Leave a Reply

    Please Comment Here To Inform Us Your Review About It. Thank You

    Traffic Info

    Total Pageviews

    Feed Burner Feed Count

    Site Safety


    Click to scan this page
Mini Rage Face Vendetta Smiley