Types of Web Server Attacks - PowerPoint PPT Presentation

About This Presentation
Title:

Types of Web Server Attacks

Description:

A web server attack is any deliberate attempt by a bad actor to compromise the security of a web server. An attack on the web server will result from any vulnerability in the network, operating system, database, or applications. – PowerPoint PPT presentation

Number of Views:12
Slides: 13
Provided by: infosectrain08
Category: Other
Tags:

less

Transcript and Presenter's Notes

Title: Types of Web Server Attacks


1
Types of Web Server Attacks
www.infosectrain.com sales_at_infosectrain.com
2
What are web server attacks? A web server is a
piece of program that distributes web content
using the HTTP protocol. A web server must host
every website on the internet because it is the
backbone of the internet.
www.infosectrain.com sales_at_infosectrain.com
3
  • A web server attack is any deliberate attempt by
    a bad actor to compromise the security of a web
    server. An attack on the web server will result
    from any vulnerability in the network, operating
    system, database, or applications.
  • Serious ramifications could include data
    tampering, theft, website vandalism, etc. All of
    this could result in a company getting a negative
    reputation and customers losing faith in it.
  • Most common types of web server attacks
  • SSH Brute-Force Attack The password used to
    identify a legitimate user and give access to the
    web server is frequently the foundation of a web
    server's authentication system. By trying all
    possible SSH login passwords, an SSH brute-force
    attack is utilized to acquire access. This kind
    of attack can be used to spread malicious files,
    drain a server's resources, and go unnoticed.
  • Denial of Service (DoS) or Distributed Denial of
    Service (DDoS) Attack In this attack, the web
    server is made to respond to a high number of
    request packets, which causes it to slow down or
    crash resulting in a denial of service or access
    to authorized users.
  • Website Defacement The hacker gains access and
    defaces the websites in this kind of attack. For
    various reasons, such as to disgrace or defame
    the victim, an attacker finds a way to change the
    website's files or contents without your consent.


www.infosectrain.com sales_at_infosectrain.com
4

Directory Traversal In this attack, the attacker
can get access from the application outside of
the web root directory, which might allow them to
run OS commands, obtain sensitive data, or access
restricted directories. Web pages are stored in
the root directory however, the hacker focuses
on directories that are not in the root
directory. On older servers with flaws and
vulnerabilities, it generally works
well. Phishing Attack It is carried out by
fooling the victim into clicking a malicious link
in an email. The user is forwarded to a fake
website that is hosted on the attacker's server
using the link. The attackers can then use the
victim's login information to perform malicious
actions on the genuine target website. Cross-Site
Scripting (XSS) A malicious code is injected
into web applications due to a security flaw. The
victims run this code, which enables the
attackers to get around access controls and pose
as users. The hacker will then have access to
data from web applications, such as cookies and
session information. This kind of attack is most
likely to affect websites with scripting
errors.  Session hijacking It occurs when a web
server uses a cookie to determine the user's
session. This attack is carried out automatically
using sniffing software.

www.infosectrain.com sales_at_infosectrain.com
5
Man-in-the-Middle (MITM) Attack It enables
attackers to eavesdrop on the conversation
between two servers in the MITM attack. To the
victim, it will seem like a typical information
exchange is taking place, but the attacker can
covertly steal information by "middling" in the
dialogue or data transfer.  
www.infosectrain.com sales_at_infosectrain.com
6

Final words In the modern internet era, we
visit numerous websites for many daily tasks, and
obviously, no one ever wants to experience web
server attacks. Therefore, you can enroll
in InfosecTrain's numerous cybersecurity courses
like CEH, Web Application Penetration Testing,
and CompTIA PenTest if you want to learn how to
protect your web servers from attackers.

www.infosectrain.com sales_at_infosectrain.com
7
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
8
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
9
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
10
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
11
(No Transcript)
12
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-722-11127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Types of Web Server Attacks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!