HACKING WEB APPLICATIONS
Hacking web applications refers to carrying out unauthorized access of a website or the website details
A web application is an application that is accessed by users over a network such as the internet or an intranet, The term may also mean a computer software application that is coded in a browser supported programming language and a common web server to render the application executable
Web Applications are popular due to the ubiquity of web browsers and the using of a web browser,common web browser support cross flat form compatibility
Web hacking refers to exploitation of applications via HTTP which can be done by manipulating the application via its graphical web interface,tampering the resource identifier or tampering HTTP elements not contained in the URL methods that can be used to hack web applications are SQL
Injection attacks, Cross site Scripting (XSS) ,Cross Site Request Forgeries (CSRF), insecure communications,etc.
WEB 2.0 Applications
web 2.0 refers to a new generation of web applications that provide an infrastructure for more dynamic user participation,social interaction and collaboration
Vulnerability Stack
Custom Web Application
Third Party Components
Database
Web Server
Operating System
Network
Security
WEB Attack Vectors
Unvalidated Input
Input validation flaws refers to a web application vulnerability where input from a client is not validated before processing applications and backend servers
Parameter/ Form Tampering
A web parameter tampering attack involves the manipulate of parameters exchanged between client and server in order to modify application data such as user credentials and permissions
A parameter tampering attack exploits vulnerabilities in integrity and logic validation mechanisms that may result in XSS, SQL injection,etc.
Injection Flaws
injection flaws are web application vulnerabilities that allow untrusted data to be interpreted and executed as part of a command or query
Cross Site Scripting Attacks
Cross site scripting attacks exploit vulnerabilities in dynamically generated web pages,which enable malicious attackers to inject client side script into webpages viewed by other users.
Hacking web applications refers to carrying out unauthorized access of a website or the website details
A web application is an application that is accessed by users over a network such as the internet or an intranet, The term may also mean a computer software application that is coded in a browser supported programming language and a common web server to render the application executable
Web Applications are popular due to the ubiquity of web browsers and the using of a web browser,common web browser support cross flat form compatibility
Web hacking refers to exploitation of applications via HTTP which can be done by manipulating the application via its graphical web interface,tampering the resource identifier or tampering HTTP elements not contained in the URL methods that can be used to hack web applications are SQL
Injection attacks, Cross site Scripting (XSS) ,Cross Site Request Forgeries (CSRF), insecure communications,etc.
WEB 2.0 Applications
web 2.0 refers to a new generation of web applications that provide an infrastructure for more dynamic user participation,social interaction and collaboration
Custom Web Application
Third Party Components
Database
Web Server
Operating System
Network
Security
WEB Attack Vectors
- An Attack Vector is a path or means by which an attacker can gain access to computer or network resources.
- Security controls need to be updated continuously as the attack vectors keep changing with respect to target of attack
Unvalidated Input
Input validation flaws refers to a web application vulnerability where input from a client is not validated before processing applications and backend servers
Parameter/ Form Tampering
A web parameter tampering attack involves the manipulate of parameters exchanged between client and server in order to modify application data such as user credentials and permissions
A parameter tampering attack exploits vulnerabilities in integrity and logic validation mechanisms that may result in XSS, SQL injection,etc.
Injection Flaws
Cross Site Scripting Attacks
Cross site scripting attacks exploit vulnerabilities in dynamically generated web pages,which enable malicious attackers to inject client side script into webpages viewed by other users.
Post a Comment
Thank you for visiting Afridi's Technoworld