Domain 5 of the CEH: Web Application Hacking

S
ShivamSharma909
Educação

Considering that most people have used mobile applications like PUB-G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. What will you do? Login to your account through Google Chrome. Right? And that’s it, as you can use your Instagram by using a web browser. It is called a web application. A few famous examples of web applications are Facebook, MakeMyTrip, Flipboard, and the 2048 Game. https://www.infosectrain.com/blog/domain-5-of-the-ceh-web-application-hacking/

Domain 5 of the CEH: Web Application Hacking

S
ShivamSharma909
Educação

Considering that most people have used mobile applications like PUB-G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. What will you do? Login to your account through Google Chrome. Right? And that’s it, as you can use your Instagram by using a web browser. It is called a web application. A few famous examples of web applications are Facebook, MakeMyTrip, Flipboard, and the 2048 Game. https://www.infosectrain.com/blog/domain-5-of-the-ceh-web-application-hacking/

Domain 5 of the CEH: Web Application Hacking

1 de 12
CEH v11 Web Application Hacking DOMAIN 5 www.infosectrain.com
www.infosectrain.com | sales@infosectrain.com 01 Domains of CEH DOMAIN 1 Information Security & Ethical Hacking Overview DOMAIN 2 Reconnaissance Techniques DOMAIN 3 System hacking phases & Attack Techniques DOMAIN 4 Network and perimeter hacking DOMAIN 5 Web application hacking DOMAIN 6 Wireless network hacking DOMAIN 7 Mobile platform, IoT, & OT hacking DOMAIN 8 Cloud Computing DOMAIN 9 Cryptography CEH v11 DOMAINS 6% 21% 17% 14% 16% 6% 8% 6% 6%
What is a Web Application? Considering that most people have used mobile applications like PUB-G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. What will you do? Login to your account through Google Chrome. Right? And that’s it, as you can use your Instagram by using a web browser. It is called a web application. A few famous examples of web applications are Facebook, MakeMyTrip, Flipboard, and the 2048 Game. The technical definition of a Web Application A web application is a software or a program that performs particular tasks by running on any web browser like Google Chrome, Mozilla Firefox, Internet Explorer, etc. www.infosectrain.com | sales@infosectrain.com 02 DOMAIN 5 Web Application Hacking In this blog, we will discuss the 5th domain of CEH, which is ‘Web Application Hacking’
www.infosectrain.com | sales@infosectrain.com 03 DOMAIN 5 Web Application Hacking Hacking of Web Applications Web hacking refers to exploiting HTTP applications by manipulating graphics, altering the Uniform Resource Identifier (URI), or altering HTTP elements outside the URI. Different methods to hack web applications are: > SQL Injection attacks > Cross-site scripting > Fuzzing One of the coolest things about using web applications is you don’t need to download them. Hence, devices will have space for more important data.
www.infosectrain.com | sales@infosectrain.com 04 DOMAIN 5 Web Application Hacking SQL Injection Attacks We can use Structured Query Language to operate, query, and administrate the data systems. The SQL injection attack is one of the prevalent SQL attacks that attackers use to read, change, or delete data. SQL injections can also command the operating systems to perform particular tasks.
www.infosectrain.com | sales@infosectrain.com 05 DOMAIN 5 Web Application Hacking Cross-site Scripting Attacks using cross-site scripting, also called XSS, involve injecting malicious code into websites that would otherwise be safe. Using a target web application vulnerability, an attacker can send malicious code to a user.
www.infosectrain.com | sales@infosectrain.com 06 DOMAIN 5 Web Application Hacking Fuzzing In software, operating systems, or networks, developers can employ fuzz testing to identify code mistakes and security gaps. Attackers may also apply the same method on our sites or servers to locate weaknesses. It works by first entering a huge amount of random data (fuzz) to crash it. Furthermore, attackers use a fuzzer software tool that is used to detect weak areas. If the security of the target fails, the attacker might exploit it further.
www.infosectrain.com | sales@infosectrain.com 07 DOMAIN 5 Web Application Hacking Unvalidated Inputs Web applications accept input from the user, as queries are built on top of that input. The attacker can launch attacks like cross-site scripting (XSS), SQL injection attacks, and directory traversal attacks if these inputs are not properly sanitized. This attack can also lead to identity theft and data theft. Directory Traversal Attack As a result of this vulnerability, the attacker can access restricted directories on the web server in addition to the webroot directory. This would allow the attacker to access system files, run OS commands, and find out details about the configuration. Defense Mechanisms There are various defense mechanisms to control web application hacking. Some of them are: > Authentication > Handling data safely > Conducting audits Types of vulnerabilities that cause Web Application Hacking
www.infosectrain.com | sales@infosectrain.com 08 DOMAIN 5 Web Application Hacking Authentication Authentication is a defense mechanism that checks the user ID and password to verify the users. But with the increasing social engineering techniques, attackers can easily get your login credentials. Hence, the two-step verification came into existence. Two-step verification is nothing but sending a “One Time Password” to your mobile so that only you can have the authority to login into your account
www.infosectrain.com | sales@infosectrain.com 09 Handling data safely Most vulnerabilities in Web applications are caused by the improper processing of user data. Vulnerabilities can frequently be overlooked, not by verifying the input itself but by assuring safe processing. Secure Coding approach that prevents typical issues. For example, the proper use of parameterized database access queries can avoid attacks from SQL by injecting. DOMAIN 5 Web Application Hacking
www.infosectrain.com | sales@infosectrain.com 10 Conducting Audits Effective audit logs should enable the application’s owners to understand precisely what has happened, what vulnerability was exploited by attackers, whether attackers got unwanted data access, or whether attackers conducted any unauthorized actions. Audits can also provide the attacker’s identity. DOMAIN 5 Web Application Hacking
www.infosectrain.com | sales@infosectrain.com

Recomendados

Domain 4 of CEH V11: Network and Perimeter Hacking por
Domain 4 of CEH V11: Network and Perimeter HackingDomain 4 of CEH V11: Network and Perimeter Hacking
Domain 4 of CEH V11: Network and Perimeter HackingShivamSharma909
129 visualizações11 slides
Web server security challenges por
Web server security challengesWeb server security challenges
Web server security challengesMartins Chibuike Onuoha
468 visualizações17 slides
Access Controls Attacks por
Access Controls AttacksAccess Controls Attacks
Access Controls AttacksHafiza Abas
1.9K visualizações15 slides
NormShield 2018 Cyber Security Risk Brief por
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
374 visualizações32 slides
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection por
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionAlert Logic
301 visualizações22 slides
Reducing Your Attack Surface & Your Role in Cloud Workload Protection por
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
108 visualizações24 slides

Mais conteúdo relacionado

Mais procurados

Overview on hacking tools por
Overview on hacking toolsOverview on hacking tools
Overview on hacking toolsZituSahu
112 visualizações17 slides
Ch03 Network and Computer Attacks por
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacksphanleson
1.3K visualizações45 slides
Different types of attacks in internet por
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
35.2K visualizações63 slides
Aiman por
AimanAiman
AimanAimanz
1.8K visualizações12 slides
2011 training presentation por
2011 training presentation2011 training presentation
2011 training presentationkaspersky-lab
452 visualizações19 slides
Introduction to Information security por
Introduction to Information securityIntroduction to Information security
Introduction to Information securityRashad Aliyev
1.3K visualizações24 slides

Mais procurados(20)

Overview on hacking tools por ZituSahu
Overview on hacking toolsOverview on hacking tools
Overview on hacking tools
ZituSahu112 visualizações
Ch03 Network and Computer Attacks por phanleson
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
phanleson1.3K visualizações
Different types of attacks in internet por Rohan Bharadwaj
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj35.2K visualizações
Aiman por Aimanz
AimanAiman
Aiman
Aimanz1.8K visualizações
2011 training presentation por kaspersky-lab
2011 training presentation2011 training presentation
2011 training presentation
kaspersky-lab452 visualizações
Introduction to Information security por Rashad Aliyev
Introduction to Information securityIntroduction to Information security
Introduction to Information security
Rashad Aliyev1.3K visualizações
P R I V A C Y!!! por aimane
P R I V A C Y!!!P R I V A C Y!!!
P R I V A C Y!!!
aimane414 visualizações
Internet security por Tapan Khilar
Internet securityInternet security
Internet security
Tapan Khilar238 visualizações
Web Server Security Guidelines por webhostingguy
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelines
webhostingguy3.8K visualizações
Introduction to Web Server Security por JITENDRA KUMAR PATEL
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server Security
JITENDRA KUMAR PATEL2.2K visualizações
Cyber Security Analytics – The Weapon to Fight Cyber Crime por Happiest Minds Technologies
Cyber Security Analytics – The Weapon to Fight Cyber Crime Cyber Security Analytics – The Weapon to Fight Cyber Crime
Cyber Security Analytics – The Weapon to Fight Cyber Crime
Happiest Minds Technologies336 visualizações
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece... por wajug
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug867 visualizações
Hacking- Ethical/ Non-ethical, Cyber Security. por JasminJaman1
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.
JasminJaman1192 visualizações
Types of attacks and threads por srivijaymanickam
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam11.2K visualizações
2 2 the dangers of computer crime por QondileRamokgadi
2 2 the dangers of computer crime2 2 the dangers of computer crime
2 2 the dangers of computer crime
QondileRamokgadi48 visualizações
Communication security 2021 por MuhammadusmanRana10
Communication security 2021Communication security 2021
Communication security 2021
MuhammadusmanRana10111 visualizações
Email Security Overview por - Mark - Fullbright
Email Security OverviewEmail Security Overview
Email Security Overview
- Mark - Fullbright4.6K visualizações
We are all info sec por Michael Swinarski
We are all info secWe are all info sec
We are all info sec
Michael Swinarski108 visualizações
Introduction to Cyber Security | Malware | Phishing attacks por Kumayl Rajani
Introduction to Cyber Security | Malware | Phishing attacksIntroduction to Cyber Security | Malware | Phishing attacks
Introduction to Cyber Security | Malware | Phishing attacks
Kumayl Rajani114 visualizações
What's new in​ CEHv11? por EC-Council
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
EC-Council708 visualizações

Similar a Domain 5 of the CEH: Web Application Hacking

Domain 5 of the CEH Web Application Hacking.pptx por
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxInfosectrain3
12 visualizações16 slides
How Can I Reduce The Risk Of A Cyber-Attack? por
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
1.3K visualizações4 slides
Top Application Security Threats por
Top Application Security Threats Top Application Security Threats
Top Application Security Threats ColumnInformationSecurity
13.1K visualizações12 slides
Web and Mobile Application Security por
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
790 visualizações62 slides
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap... por
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
1.1K visualizações29 slides
Are you fighting_new_threats_with_old_weapons por
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
151 visualizações7 slides

Similar a Domain 5 of the CEH: Web Application Hacking(20)

Domain 5 of the CEH Web Application Hacking.pptx por Infosectrain3
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
Infosectrain312 visualizações
How Can I Reduce The Risk Of A Cyber-Attack? por Osei Fortune
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
Osei Fortune1.3K visualizações
Top Application Security Threats por ColumnInformationSecurity
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
ColumnInformationSecurity13.1K visualizações
Web and Mobile Application Security por Prateek Jain
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
Prateek Jain790 visualizações
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap... por IBM Security
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security1.1K visualizações
Are you fighting_new_threats_with_old_weapons por Bhargav Modi
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weapons
Bhargav Modi151 visualizações
Security risks awareness por Janagi Kannan
Security risks awarenessSecurity risks awareness
Security risks awareness
Janagi Kannan71 visualizações
cyber security por Naveed Ahmed Siddiqui
cyber securitycyber security
cyber security
Naveed Ahmed Siddiqui71 visualizações
Application security testing an integrated approach por Idexcel Technologies
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
Idexcel Technologies1K visualizações
BDSE03-1121-API-PresentationTemplate.pptx por SudhanshuKachhotia
BDSE03-1121-API-PresentationTemplate.pptxBDSE03-1121-API-PresentationTemplate.pptx
BDSE03-1121-API-PresentationTemplate.pptx
SudhanshuKachhotia1 visão
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE por Ajith Kp
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEWEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
Ajith Kp878 visualizações
Computer security system Unit1.pptx por VIRAJDEY1
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptx
VIRAJDEY14 visualizações
A Review paper on Securing PHP based websites From Web Application Vulnerabil... por Editor IJMTER
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
Editor IJMTER345 visualizações
Analysis of web application penetration testing por Engr Md Yusuf Miah
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testing
Engr Md Yusuf Miah54 visualizações
Secure coding guidelines por Zakaria SMAHI
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Zakaria SMAHI650 visualizações
Top Keys to create a secure website por Click Ripple Solutions
Top Keys to create a secure websiteTop Keys to create a secure website
Top Keys to create a secure website
Click Ripple Solutions382 visualizações
DEVSECOPS_the_beginning.ppt por schwarz10
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
schwarz1011 visualizações
React security vulnerabilities por AngelinaJasper
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilities
AngelinaJasper79 visualizações
C01461422 por IOSR Journals
C01461422C01461422
C01461422
IOSR Journals506 visualizações
How Does a Data Breach Happen? por Claranet UK
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
Claranet UK333 visualizações

Mais de ShivamSharma909

Ethical Hacking Interview Questions and Answers.pdf por
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
177 visualizações8 slides
CYBERSECURITY Interview Questions for Freshers.pdf por
CYBERSECURITY Interview Questions for Freshers.pdfCYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdfShivamSharma909
106 visualizações8 slides
Top 15 aws security interview questions por
Top 15 aws security interview questionsTop 15 aws security interview questions
Top 15 aws security interview questionsShivamSharma909
142 visualizações9 slides
Ctia course outline por
Ctia course outlineCtia course outline
Ctia course outlineShivamSharma909
145 visualizações11 slides
Domain 6 of CEH: Wireless Network Hacking por
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingShivamSharma909
71 visualizações14 slides
How is az 303 different from az-304 por
How is az 303 different from az-304How is az 303 different from az-304
How is az 303 different from az-304ShivamSharma909
121 visualizações9 slides

Mais de ShivamSharma909(20)

Ethical Hacking Interview Questions and Answers.pdf por ShivamSharma909
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909177 visualizações
CYBERSECURITY Interview Questions for Freshers.pdf por ShivamSharma909
CYBERSECURITY Interview Questions for Freshers.pdfCYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdf
ShivamSharma909106 visualizações
Top 15 aws security interview questions por ShivamSharma909
Top 15 aws security interview questionsTop 15 aws security interview questions
Top 15 aws security interview questions
ShivamSharma909142 visualizações
Ctia course outline por ShivamSharma909
Ctia course outlineCtia course outline
Ctia course outline
ShivamSharma909145 visualizações
Domain 6 of CEH: Wireless Network Hacking por ShivamSharma909
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network Hacking
ShivamSharma90971 visualizações
How is az 303 different from az-304 por ShivamSharma909
How is az 303 different from az-304How is az 303 different from az-304
How is az 303 different from az-304
ShivamSharma909121 visualizações
The importance of understanding the global cybersecurity index por ShivamSharma909
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity index
ShivamSharma909112 visualizações
Cisa domain 4 por ShivamSharma909
Cisa domain 4Cisa domain 4
Cisa domain 4
ShivamSharma909484 visualizações
Cisa domain 3 por ShivamSharma909
Cisa domain 3Cisa domain 3
Cisa domain 3
ShivamSharma909544 visualizações
CISA DOMAIN 2 Governance & Management of IT por ShivamSharma909
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
ShivamSharma909788 visualizações
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS por ShivamSharma909
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
ShivamSharma909534 visualizações
Aws certification guide por ShivamSharma909
Aws certification guideAws certification guide
Aws certification guide
ShivamSharma90969 visualizações
Comptia security sy0 601 domain 4 operation and incident response por ShivamSharma909
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
ShivamSharma909123 visualizações
Comp tia security sy0 601 domain 3 implementation por ShivamSharma909
Comp tia security sy0 601 domain 3 implementationComp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementation
ShivamSharma90982 visualizações
Power your way to becoming a red team cyber security expert por ShivamSharma909
Power your way to becoming a red team cyber security expertPower your way to becoming a red team cyber security expert
Power your way to becoming a red team cyber security expert
ShivamSharma90961 visualizações
CompTIA Security+ SY0-601 Domain 2 por ShivamSharma909
CompTIA Security+ SY0-601 Domain 2CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2
ShivamSharma909394 visualizações
CompTIA Security+ SY0-601 Domain 1 por ShivamSharma909
CompTIA Security+ SY0-601 Domain 1CompTIA Security+ SY0-601 Domain 1
CompTIA Security+ SY0-601 Domain 1
ShivamSharma9091.3K visualizações
CGEIT Course Content InfosecTrain por ShivamSharma909
CGEIT Course Content InfosecTrainCGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrain
ShivamSharma909118 visualizações
Cdpse course content infosec train por ShivamSharma909
Cdpse course content infosec trainCdpse course content infosec train
Cdpse course content infosec train
ShivamSharma90990 visualizações
Offensive cyber security engineer pragram course agenda por ShivamSharma909
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agenda
ShivamSharma90941 visualizações

Último

Volf work.pdf por
Volf work.pdfVolf work.pdf
Volf work.pdfMariaKenney3
75 visualizações43 slides
STRATEGIC MANAGEMENT MODULE 1_UNIT1 _UNIT2.pdf por
STRATEGIC MANAGEMENT MODULE 1_UNIT1 _UNIT2.pdfSTRATEGIC MANAGEMENT MODULE 1_UNIT1 _UNIT2.pdf
STRATEGIC MANAGEMENT MODULE 1_UNIT1 _UNIT2.pdfDr Vijay Vishwakarma
90 visualizações68 slides
Nelson_RecordStore.pdf por
Nelson_RecordStore.pdfNelson_RecordStore.pdf
Nelson_RecordStore.pdfBrynNelson5
46 visualizações10 slides
ICS3211_lecture 09_2023.pdf por
ICS3211_lecture 09_2023.pdfICS3211_lecture 09_2023.pdf
ICS3211_lecture 09_2023.pdfVanessa Camilleri
134 visualizações10 slides
MercerJesse2.1Doc.pdf por
MercerJesse2.1Doc.pdfMercerJesse2.1Doc.pdf
MercerJesse2.1Doc.pdfjessemercerail
301 visualizações5 slides
12.5.23 Poverty and Precarity.pptx por
12.5.23 Poverty and Precarity.pptx12.5.23 Poverty and Precarity.pptx
12.5.23 Poverty and Precarity.pptxmary850239
162 visualizações30 slides

Último(20)

Volf work.pdf por MariaKenney3
Volf work.pdfVolf work.pdf
Volf work.pdf
MariaKenney375 visualizações
STRATEGIC MANAGEMENT MODULE 1_UNIT1 _UNIT2.pdf por Dr Vijay Vishwakarma
STRATEGIC MANAGEMENT MODULE 1_UNIT1 _UNIT2.pdfSTRATEGIC MANAGEMENT MODULE 1_UNIT1 _UNIT2.pdf
STRATEGIC MANAGEMENT MODULE 1_UNIT1 _UNIT2.pdf
Dr Vijay Vishwakarma90 visualizações
Nelson_RecordStore.pdf por BrynNelson5
Nelson_RecordStore.pdfNelson_RecordStore.pdf
Nelson_RecordStore.pdf
BrynNelson546 visualizações
ICS3211_lecture 09_2023.pdf por Vanessa Camilleri
ICS3211_lecture 09_2023.pdfICS3211_lecture 09_2023.pdf
ICS3211_lecture 09_2023.pdf
Vanessa Camilleri134 visualizações
MercerJesse2.1Doc.pdf por jessemercerail
MercerJesse2.1Doc.pdfMercerJesse2.1Doc.pdf
MercerJesse2.1Doc.pdf
jessemercerail301 visualizações
12.5.23 Poverty and Precarity.pptx por mary850239
12.5.23 Poverty and Precarity.pptx12.5.23 Poverty and Precarity.pptx
12.5.23 Poverty and Precarity.pptx
mary850239162 visualizações
Papal.pdf por MariaKenney3
Papal.pdfPapal.pdf
Papal.pdf
MariaKenney357 visualizações
Parts of Speech (1).pptx por mhkpreet001
Parts of Speech (1).pptxParts of Speech (1).pptx
Parts of Speech (1).pptx
mhkpreet00143 visualizações
Creative Restart 2023: Leonard Savage - The Permanent Brief: Unearthing unobv... por Taste
Creative Restart 2023: Leonard Savage - The Permanent Brief: Unearthing unobv...Creative Restart 2023: Leonard Savage - The Permanent Brief: Unearthing unobv...
Creative Restart 2023: Leonard Savage - The Permanent Brief: Unearthing unobv...
Taste53 visualizações
A Guide to Applying for the Wells Mountain Initiative Scholarship 2023 por Excellence Foundation for South Sudan
A Guide to Applying for the Wells Mountain Initiative Scholarship 2023A Guide to Applying for the Wells Mountain Initiative Scholarship 2023
A Guide to Applying for the Wells Mountain Initiative Scholarship 2023
Excellence Foundation for South Sudan79 visualizações
Education of marginalized and socially disadvantages segments.pptx por GarimaBhati5
Education of marginalized and socially disadvantages segments.pptxEducation of marginalized and socially disadvantages segments.pptx
Education of marginalized and socially disadvantages segments.pptx
GarimaBhati540 visualizações
CUNY IT Picciano.pptx por apicciano
CUNY IT Picciano.pptxCUNY IT Picciano.pptx
CUNY IT Picciano.pptx
apicciano60 visualizações
Guess Papers ADC 1, Karachi University por Khalid Aziz
Guess Papers ADC 1, Karachi UniversityGuess Papers ADC 1, Karachi University
Guess Papers ADC 1, Karachi University
Khalid Aziz83 visualizações
Retail Store Scavenger Hunt.pptx por jmurphy154
Retail Store Scavenger Hunt.pptxRetail Store Scavenger Hunt.pptx
Retail Store Scavenger Hunt.pptx
jmurphy15452 visualizações
INT-244 Topic 6b Confucianism por S Meyer
INT-244 Topic 6b ConfucianismINT-244 Topic 6b Confucianism
INT-244 Topic 6b Confucianism
S Meyer44 visualizações
EILO EXCURSION PROGRAMME 2023 por info33492
EILO EXCURSION PROGRAMME 2023EILO EXCURSION PROGRAMME 2023
EILO EXCURSION PROGRAMME 2023
info33492181 visualizações
Meet the Bible por Steve Thomason
Meet the BibleMeet the Bible
Meet the Bible
Steve Thomason76 visualizações
Create a Structure in VBNet.pptx por Breach_P
Create a Structure in VBNet.pptxCreate a Structure in VBNet.pptx
Create a Structure in VBNet.pptx
Breach_P82 visualizações
ANGULARJS.pdf por ArthyR3
ANGULARJS.pdfANGULARJS.pdf
ANGULARJS.pdf
ArthyR349 visualizações
Narration lesson plan por TARIQ KHAN
Narration lesson planNarration lesson plan
Narration lesson plan
TARIQ KHAN69 visualizações

Domain 5 of the CEH: Web Application Hacking

  • 1. CEH v11 Web Application Hacking DOMAIN 5 www.infosectrain.com
  • 2. www.infosectrain.com | sales@infosectrain.com 01 Domains of CEH DOMAIN 1 Information Security & Ethical Hacking Overview DOMAIN 2 Reconnaissance Techniques DOMAIN 3 System hacking phases & Attack Techniques DOMAIN 4 Network and perimeter hacking DOMAIN 5 Web application hacking DOMAIN 6 Wireless network hacking DOMAIN 7 Mobile platform, IoT, & OT hacking DOMAIN 8 Cloud Computing DOMAIN 9 Cryptography CEH v11 DOMAINS 6% 21% 17% 14% 16% 6% 8% 6% 6%
  • 3. What is a Web Application? Considering that most people have used mobile applications like PUB-G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. What will you do? Login to your account through Google Chrome. Right? And that’s it, as you can use your Instagram by using a web browser. It is called a web application. A few famous examples of web applications are Facebook, MakeMyTrip, Flipboard, and the 2048 Game. The technical definition of a Web Application A web application is a software or a program that performs particular tasks by running on any web browser like Google Chrome, Mozilla Firefox, Internet Explorer, etc. www.infosectrain.com | sales@infosectrain.com 02 DOMAIN 5 Web Application Hacking In this blog, we will discuss the 5th domain of CEH, which is ‘Web Application Hacking’
  • 4. www.infosectrain.com | sales@infosectrain.com 03 DOMAIN 5 Web Application Hacking Hacking of Web Applications Web hacking refers to exploiting HTTP applications by manipulating graphics, altering the Uniform Resource Identifier (URI), or altering HTTP elements outside the URI. Different methods to hack web applications are: > SQL Injection attacks > Cross-site scripting > Fuzzing One of the coolest things about using web applications is you don’t need to download them. Hence, devices will have space for more important data.
  • 5. www.infosectrain.com | sales@infosectrain.com 04 DOMAIN 5 Web Application Hacking SQL Injection Attacks We can use Structured Query Language to operate, query, and administrate the data systems. The SQL injection attack is one of the prevalent SQL attacks that attackers use to read, change, or delete data. SQL injections can also command the operating systems to perform particular tasks.
  • 6. www.infosectrain.com | sales@infosectrain.com 05 DOMAIN 5 Web Application Hacking Cross-site Scripting Attacks using cross-site scripting, also called XSS, involve injecting malicious code into websites that would otherwise be safe. Using a target web application vulnerability, an attacker can send malicious code to a user.
  • 7. www.infosectrain.com | sales@infosectrain.com 06 DOMAIN 5 Web Application Hacking Fuzzing In software, operating systems, or networks, developers can employ fuzz testing to identify code mistakes and security gaps. Attackers may also apply the same method on our sites or servers to locate weaknesses. It works by first entering a huge amount of random data (fuzz) to crash it. Furthermore, attackers use a fuzzer software tool that is used to detect weak areas. If the security of the target fails, the attacker might exploit it further.
  • 8. www.infosectrain.com | sales@infosectrain.com 07 DOMAIN 5 Web Application Hacking Unvalidated Inputs Web applications accept input from the user, as queries are built on top of that input. The attacker can launch attacks like cross-site scripting (XSS), SQL injection attacks, and directory traversal attacks if these inputs are not properly sanitized. This attack can also lead to identity theft and data theft. Directory Traversal Attack As a result of this vulnerability, the attacker can access restricted directories on the web server in addition to the webroot directory. This would allow the attacker to access system files, run OS commands, and find out details about the configuration. Defense Mechanisms There are various defense mechanisms to control web application hacking. Some of them are: > Authentication > Handling data safely > Conducting audits Types of vulnerabilities that cause Web Application Hacking
  • 9. www.infosectrain.com | sales@infosectrain.com 08 DOMAIN 5 Web Application Hacking Authentication Authentication is a defense mechanism that checks the user ID and password to verify the users. But with the increasing social engineering techniques, attackers can easily get your login credentials. Hence, the two-step verification came into existence. Two-step verification is nothing but sending a “One Time Password” to your mobile so that only you can have the authority to login into your account
  • 10. www.infosectrain.com | sales@infosectrain.com 09 Handling data safely Most vulnerabilities in Web applications are caused by the improper processing of user data. Vulnerabilities can frequently be overlooked, not by verifying the input itself but by assuring safe processing. Secure Coding approach that prevents typical issues. For example, the proper use of parameterized database access queries can avoid attacks from SQL by injecting. DOMAIN 5 Web Application Hacking
  • 11. www.infosectrain.com | sales@infosectrain.com 10 Conducting Audits Effective audit logs should enable the application’s owners to understand precisely what has happened, what vulnerability was exploited by attackers, whether attackers got unwanted data access, or whether attackers conducted any unauthorized actions. Audits can also provide the attacker’s identity. DOMAIN 5 Web Application Hacking