1 / 12

Domain 5 of the CEH: Web Application Hacking

Considering that most people have used mobile applications like PUB-G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. <br><br>https://www.infosectrain.com/courses/ceh-v11-certification-training/<br>

infosectrain02
Download Presentation

Domain 5 of the CEH: Web Application Hacking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CEH v11 DOMAIN 5 Web Application Hacking www.infosectrain.com

  2. Domains of CEH DOMAIN 1 Information Security & Ethical Hacking Overview DOMAIN 9 DOMAIN 2 Reconnaissance Techniques 6% Cryptography 21% 6% DOMAIN 3 System hacking phases & Attack Techniques DOMAIN 8 CEH v11 DOMAINS 17% 6% Cloud Computing DOMAIN 7 DOMAIN 4 Network and perimeter hacking 8% 14% Mobile platform, IoT, & OT hacking 16% 6% DOMAIN 6 DOMAIN 5 Web application hacking Wireless network hacking www.infosectrain.com | sales@infosectrain.com 01

  3. DOMAIN 5 Web Application Hacking In this blog, we will discuss the 5th domain of CEH, which is‘Web Application Hacking’ What is a Web Application? Considering that most people have used mobile applications like PUB-G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. What will you do? Login to your account through Google Chrome. Right? And that’s it, as you can use your Instagram by using a web browser. It is called a web application. A few famous examples of web applications are Facebook, MakeMyTrip, Flipboard, and the 2048 Game. The technical definition of a Web Application A web application is a software or a program that performs particular tasks by running on any web browser like Google Chrome, Mozilla Firefox, Internet Explorer, etc. www.infosectrain.com | sales@infosectrain.com 02

  4. DOMAIN 5 Web Application Hacking One of the coolest things about using web applications is you don’t need to download them. Hence, devices will have space for more important data. Hacking of Web Applications Web hacking refers to exploiting HTTP applications by manipulating graphics, altering the Uniform Resource Identifier (URI), or altering HTTP elements outside the URI. Different methods to hack web applications are: > SQL Injection attacks > Cross-site scripting > Fuzzing www.infosectrain.com | sales@infosectrain.com 03

  5. DOMAIN 5 Web Application Hacking SQL Injection Attacks We can use Structured Query Language to operate, query, and administrate the data systems. The SQL injection attack is one of the prevalent SQL attacks that attackers use to read, change, or delete data. SQL injections can also command the operating systems to perform particular tasks. www.infosectrain.com | sales@infosectrain.com 04

  6. DOMAIN 5 Web Application Hacking Cross-site Scripting Attacks using cross-site scripting, also called XSS, involve injecting malicious code into websites that would otherwise be safe. Using a target web application vulnerability, an attacker can send malicious code to a user. www.infosectrain.com | sales@infosectrain.com 05

  7. DOMAIN 5 Web Application Hacking Fuzzing In software, operating systems, or networks, developers can employ fuzz testing to identify code mistakes and security gaps. Attackers may also apply the same method on our sites or servers to locate weaknesses. It works by first entering a huge amount of random data (fuzz) to crash it. Furthermore, attackers use a fuzzer software tool that is used to detect weak areas. If the security of the target fails, the attacker might exploit it further. www.infosectrain.com | sales@infosectrain.com 06

  8. DOMAIN 5 Web Application Hacking Types of vulnerabilities that cause Web Application Hacking Unvalidated Inputs Web applications accept input from the user, as queries are built on top of that input. The attacker can launch attacks like cross-site scripting (XSS), SQL injection attacks, and directory traversal attacks if these inputs are not properly sanitized. This attack can also lead to identity theft and data theft. Directory Traversal Attack As a result of this vulnerability, the attacker can access restricted directories on the web server in addition to the webroot directory. This would allow the attacker to access system files, run OS commands, and find out details about the configuration. Defense Mechanisms There are various defense mechanisms to control web application hacking. Some of them are: > Authentication > Handling data safely > Conducting audits www.infosectrain.com | sales@infosectrain.com 07

  9. DOMAIN 5 Web Application Hacking Authentication Authentication is a defense mechanism that checks the user ID and password to verify the users. But with the increasing social engineering techniques, attackers can easily get your login credentials. Hence, the two-step verification came into existence. Two-step verification is nothing but sending a “One Time Password” to your mobile so that only you can have the authority to login into your account www.infosectrain.com | sales@infosectrain.com 08

  10. DOMAIN 5 Web Application Hacking Handling data safely Most vulnerabilities in Web applications are caused by the improper processing of user data. Vulnerabilities can frequently be overlooked, not by verifying the input itself but by assuring safe processing. Secure Coding approach that prevents typical issues. For example, the proper use of parameterized database access queries can avoid attacks from SQL by injecting. www.infosectrain.com | sales@infosectrain.com 09

  11. DOMAIN 5 Web Application Hacking Conducting Audits Effective audit logs should enable the application’s owners to understand precisely what has happened, what vulnerability was exploited by attackers, whether attackers got unwanted data access, or whether attackers conducted any unauthorized actions. Audits can also provide the attacker’s identity. www.infosectrain.com | sales@infosectrain.com 10

  12. www.infosectrain.com | sales@infosectrain.com

More Related