Domain 5 of the CEH: Web Application Hacking - PowerPoint PPT Presentation

About This Presentation
Title:

Domain 5 of the CEH: Web Application Hacking

Description:

Considering that most people have used mobile applications like PUB-G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. – PowerPoint PPT presentation

Number of Views:48

less

Transcript and Presenter's Notes

Title: Domain 5 of the CEH: Web Application Hacking


1
Domain 5 of the CEH Web Application Hacking
www.infosectrain.com sales_at_infosectrain.com
2
www.infosectrain.com sales_at_infosectrain.com
3
  • Domains of CEH
  • Information Security and Ethical Hacking
    Overview-6
  • Reconnaissance Techniques-21
  • System hacking phases and Attack Techniques-17
  • Network and perimeter hacking-14
  • Web application hacking-16
  • Wireless network hacking-6
  • Mobile platform, IoT, and OT hacking-8
  • Cloud Computing-6
  • Cryptography-6

www.infosectrain.com sales_at_infosectrain.com
4
www.infosectrain.com sales_at_infosectrain.com
5
We will discuss the fifth domain of CEH, which is
web application hacking. What is a Web
Application? Considering that most people have
used mobile applications like PUB-G,
Instagram, and WhatsApp. I will give you an
example of a web application that is also a
mobile app. Now assume youve lost your mobile or
your mobile is switched off, and you are willing
to scroll the insta feed. What will you do? Login
to your account through Google Chrome. Right? And
thats it, as you can use your Instagram by using
a web browser. It is called a web application. A
few famous examples of web applications are
Facebook, MakeMyTrip, Flipboard, and the 2048
Game.




www.infosectrain.com sales_at_infosectrain.com
6
The technical definition of a web application A
web application is a software or a program that
performs particular tasks by running on any web
browser like Google Chrome, Mozilla Firefox,
Internet Explorer, etc. One of the coolest
things about using web applications is you dont
need to download them. Hence, devices will have
space for more important data. Hacking of Web
Applications Web hacking refers to exploiting
HTTP applications by manipulating graphics,
altering the Uniform Resource Identifier (URI),
or altering HTTP elements outside the URI.




www.infosectrain.com sales_at_infosectrain.com
7
Different methods to hack web applications
are SQL Injection attacks We can use
Structured Query Language to operate, query, and
administrate the data systems. The SQL injection
attack is one of the prevalent SQL attacks that
attackers use to read, change, or delete data.
SQL injections can also command the operating
systems to perform particular tasks. Cross-site
scripting Attacks using cross-site scripting,
also called XSS, involve injecting malicious code
into websites that would otherwise be safe. Using
a target web application vulnerability, an
attacker can send malicious code to a
user. Fuzzing In software, operating systems,
or networks, developers can employ fuzz testing
to identify code mistakes and security gaps.
Attackers may also apply the same method on our
sites or servers to locate weaknesses. It works
by first entering a huge amount of random data
(fuzz) to crash it. Furthermore, attackers use a
fuzzer software tool that is used to detect weak
areas. If the security of the target fails, the
attacker might exploit it further.




www.infosectrain.com sales_at_infosectrain.com
8
Types of vulnerabilities that cause web
application hacking Unvalidated Inputs Web
applications accept input from the user, as
queries are built on top of that input. The
attacker can launch attacks like cross-site
scripting (XSS), SQL injection attacks, and
directory traversal attacks if these inputs are
not properly sanitized. This attack can also lead
to identity theft and data theft. Directory
traversal attack As a result of this
vulnerability, the attacker can access restricted
directories on the web server in addition to the
webroot directory. This would allow the attacker
to access system files, run OS commands, and find
out details about the configuration.




www.infosectrain.com sales_at_infosectrain.com
9
Defense Mechanisms There are various defense
mechanisms to control web application hacking.
Some of them are Authentication Authentication
is a defense mechanism that checks the user ID
and password to verify the users. But with the
increasing social engineering techniques,
attackers can easily get your login credentials.
Hence, the two-step verification came into
existence. Two-step verification is nothing but
sending a One Time Password to your mobile so
that only you can have the authority to login
into your account. Handling data safely Most
vulnerabilities in Web applications are caused by
the improper processing of user data.
Vulnerabilities can frequently be overlooked, not
by verifying the input itself but by assuring
safe processing. Secure Coding approach that
prevents typical issues. For example, the proper
use of parameterized database access queries can
avoid attacks from SQL by injecting.




www.infosectrain.com sales_at_infosectrain.com
10
Conducting audits Effective audit logs should
enable the applications owners to understand
precisely what has happened, what vulnerability
was exploited by attackers, whether attackers got
unwanted data access, or whether attackers
conducted any unauthorized actions. Audits can
also provide the attackers identity. CEH with
InfosecTrain InfosecTrain is one of the leading
training providers with a pocket-friendly budget.
We invite you to join us for an unforgettable
journey with industry experts to gain a better
understanding of the Certified Ethical Hacker
course. Courses can be taken as live
instructor-led sessions or as self-paced courses,
allowing you to complete your training journey at
your convenience.




www.infosectrain.com sales_at_infosectrain.com
11
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
12
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
13
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
14
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
15
(No Transcript)
16
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Domain 5 of the CEH: Web Application Hacking" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!