Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.

Published byJune Matthews Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These."— Presentation transcript:

1 Web Security

2 Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These vulnerabilities are typically publicized and are easy to detect and attack An attacker with the right set of tools and ready-made exploits can bring down a vulnerable web server in minutes For this reason, it is crucial for web administrators to always patch their webserver and related software.

3 Lab Goals Setup an Apache web server with some third-party modules Find vulnerabilities using various tools Setting up and cracking basic authentication

4 Webserver setup Apache 1.3.23 - will be installed as the web server MySQL 3.23.49 - is an open source database PHP 4.2.0 - a scripting language that is especially suited for Web development and can be embedded into HTML OpenSSL 0.9.6d - provides strong cryptography for the Apache 1.3 web server via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) Mod_ssl 2.8.7 - patches Apache so that it uses SSL support via OpenSSL

5 Useful Tools Httpdtype – this tool will determine the version of Apache running and what additional modules are built into it. User discovery – using a bug in Apache it is possible to determine what users are on the server Nikto – a webserver scanner that performs comprehensive tests for multiple known web server vulnerabilities

6 Retrieving website content When targeting a web server a serious hacker would study its content thoroughly. This might involve downloading its entire content for offline examination Wget does the job, it works with HTTP, HTTPS, and FTP.

7 Basic Authentication Basic Authentication prevents unauthorized access to data stored in the server Two tasks will be performed:  Protect a folder using Basic Authentication  Use utility such as Brutus to crack the Basic Authentication password protecting the folder

Download ppt "Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These."

Similar presentations

Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.
Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.

Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.
Web Server Administration

Web Server Administration
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.

CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.
Information Networking Security and Assurance Lab National Chung Cheng University Yaha.

Information Networking Security and Assurance Lab National Chung Cheng University Yaha.
Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.

Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.
PHP-Fusion. Introduction PHP-Fusion is a lightweight open source content management system (CMS) written in PHP. PHP-Fusion utilizes a MySQL database.

PHP-Fusion. Introduction PHP-Fusion is a lightweight open source content management system (CMS) written in PHP. PHP-Fusion utilizes a MySQL database.
By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.

By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.
SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB

SEEM4570: XAMPP, Eclipse, Summary of Html Kangfei Zhao Room 711,ERB
PHP and MySQL Week#1  Course Plan.  Introduction to Dynamic Web Content.  Setting Up Development Server Eng. Mohamed Ahmed Black 1.

PHP and MySQL Week#1  Course Plan.  Introduction to Dynamic Web Content.  Setting Up Development Server Eng. Mohamed Ahmed Black 1.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Similar presentations

Ads by Google