SlideShare uma empresa Scribd logo

Website attack n defacement n its control measures

Transferir como PPTX, PDF
أحلام انصارى
أحلام انصارى

This document discusses website attacks and defenses against them. It describes common attack methods like SQL injection that target vulnerabilities in website databases. The document outlines different types of attacks, including passive and active attacks, and defenses against each. Specifically, it discusses controls for denial of service attacks, including firewalls and filtering spoofed packets. It also details SQL injection sources, types, and prevention techniques to safeguard websites through secure coding practices and detection systems.

1 de 11
W EBSITE ATTACKS AND DEFACEMENT WITH ITS CONTROL MEASURES
 What is website defacement?  It’s a work of system crackers.  What are system crackers? -black hats, white hats  “SQL Injection” the most common method  Harmless defacement/uploading malware  Second method by FTP
 What do you mean by “ATTACKS”?  Types: 1. Passive : -Read only attack -silent in nature -difficult to detect 2. Active: -Data alteration or disruption -wide used technique(IP masquerading) -Denial of services(DOS) -Ping of death
C ONTROL MEASURES  For Ping of death attack:  Prohibit creation of ICMP packets of invalid size  For Denial of Service attack:  Firewalls and routers at network boundaries can use filters to prevent spoofed packets from leaving the network  Filter incoming packets with a broadcast address  Turning off direct broadcasts on all internal routers  Block known private IP addresses being used as destination IP (e.g., 10.0.0.0, 172.16.24.0, 192.168.0.0, 224.0.0.0, 127.0.0.1)
 Web server- h/w and s/w  Common use- host website  Other uses – gaming, data storage, running enterprise application  What is “SQL Injection”?
S OURCES OF SQL I NJECTION  Injection through user input Malicious strings in web forms  Injection through cookies Modified cookie fields contain attack strings  Injection through server variables Headers are manipulated to contain attack strings  Second order injection Trojan horse input seems fine untill used in a certain situation
T YPES OF SQL I NJECTIONS  Piggy backed queries  Tautologies  Alternate encodings  Inference  Illegal/logically incorrect queries  Union query  Stored procedures
C OUNTER MEASURES  Prevention Augment code Detect vulnerabilities in code Safe libraries  Detection detect attacks at runtime
P REVENTION TECHNIQUES  Penetration technique  Defensive coding best practices  Static analysis of code  Safe development libraries  Proxy filters
C ONCLUSIONS  SQLIAs have:  Many sources  Many goals  Many types  Detection techniques can be effective, but limited by lack of automation  Prevention technique can be very effective, but should move away from developer defence
T HANK YOU

Recomendados

Web defacement
Web defacementWeb defacement
Web defacementstudent
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingzing12345
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingUnited Group Of Institution
 
Hacking Kishor
Hacking KishorHacking Kishor
Hacking Kishorkishor sharma
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingeiti panchkula
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingAditya Vikram Singhania
 

Recomendados

Web defacement
Web defacementWeb defacement
Web defacementstudent
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingzing12345
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingUnited Group Of Institution
 
Hacking Kishor
Hacking KishorHacking Kishor
Hacking Kishorkishor sharma
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingeiti panchkula
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingAditya Vikram Singhania
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRishabha Garg
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNandan Kushwaha
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingAdnan Mansha
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Basic Introduction to hacking
Basic Introduction to hackingBasic Introduction to hacking
Basic Introduction to hackingSainath Volam
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppthimanshujoshi238
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingSahil Rai
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRavi Rajput
 
Hacking
HackingHacking
Hackingvkradhika
 
Hacker
HackerHacker
HackerRamasubbu .P
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAlapan Banerjee
 
Introduction To Hacking
Introduction To HackingIntroduction To Hacking
Introduction To HackingAitezaz Mohsin
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingDevendra Yadav
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingS Sai Karthik
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Black hat hackers
Black hat hackersBlack hat hackers
Black hat hackersSantosh Kumar
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 

Mais conteúdo relacionado

Mais procurados

Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Basic Introduction to hacking
Basic Introduction to hackingBasic Introduction to hacking
Basic Introduction to hackingSainath Volam
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingSahil Rai
 
Introduction To Hacking
Introduction To HackingIntroduction To Hacking
Introduction To HackingAitezaz Mohsin
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 

Mais procurados (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Basic Introduction to hacking
Basic Introduction to hackingBasic Introduction to hacking
Basic Introduction to hacking
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking
HackingHacking
Hacking
 
Hacker
HackerHacker
Hacker
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction To Hacking
Introduction To HackingIntroduction To Hacking
Introduction To Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Black hat hackers
Black hat hackersBlack hat hackers
Black hat hackers
 

Destaque

SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586Stacy Watts
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresCade Zvavanjanja
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpMindfire Solutions
 
Prevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabasePrevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabaseIOSR Journals
 
Devouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and DefencesDevouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and Defencesgmaran23
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
Sql Injection Attacks And Defense Presentatio (1)
Sql Injection Attacks And Defense Presentatio (1)Sql Injection Attacks And Defense Presentatio (1)
Sql Injection Attacks And Defense Presentatio (1)guest32e5cfe
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Nuno Loureiro
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
 

Destaque (19)

Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads Up
 
Prevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabasePrevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML Database
 
Devouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and DefencesDevouring Security XML Attack surface and Defences
Devouring Security XML Attack surface and Defences
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
Sql Injection Attacks And Defense Presentatio (1)
Sql Injection Attacks And Defense Presentatio (1)Sql Injection Attacks And Defense Presentatio (1)
Sql Injection Attacks And Defense Presentatio (1)
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks Siddhesh
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Sql injection
Sql injectionSql injection
Sql injection
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
 

Semelhante a Website attack n defacement n its control measures

01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Web Based Security
Web Based SecurityWeb Based Security
Web Based SecurityJohn Wiley
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentationlaonap166
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System AdminMD SAHABUDDIN
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hackingCmano Kar
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin
 

Semelhante a Website attack n defacement n its control measures (20)

01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Day4
Day4Day4
Day4
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Web Based Security
Web Based SecurityWeb Based Security
Web Based Security
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentation
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System Admin
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Network security
Network securityNetwork security
Network security
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
 
ids.ppt
ids.pptids.ppt
ids.ppt
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hacking
 
DDOS (1).ppt
DDOS (1).pptDDOS (1).ppt
DDOS (1).ppt
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 

Mais de أحلام انصارى

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...أحلام انصارى
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticأحلام انصارى
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognitionأحلام انصارى
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorأحلام انصارى
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...أحلام انصارى
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interactionأحلام انصارى
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website أحلام انصارى
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 

Mais de أحلام انصارى (20)

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in haptic
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognition
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptor
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
 
Security issues in cloud database
Security issues in cloud database Security issues in cloud database
Security issues in cloud database
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 
grid authentication
grid authenticationgrid authentication
grid authentication
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Dos presentation by ahlam shakeel
Dos presentation by ahlam shakeelDos presentation by ahlam shakeel
Dos presentation by ahlam shakeel
 
Soa
SoaSoa
Soa
 
Rbac
RbacRbac
Rbac
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Network ssecurity toolkit
Network ssecurity toolkitNetwork ssecurity toolkit
Network ssecurity toolkit
 
Image forgery and security
Image forgery and securityImage forgery and security
Image forgery and security
 
Image based authentication
Image based authenticationImage based authentication
Image based authentication
 
Dmz
Dmz Dmz
Dmz
 

Website attack n defacement n its control measures

  • 1. W EBSITE ATTACKS AND DEFACEMENT WITH ITS CONTROL MEASURES
  • 2.  What is website defacement?  It’s a work of system crackers.  What are system crackers? -black hats, white hats  “SQL Injection” the most common method  Harmless defacement/uploading malware  Second method by FTP
  • 3. What do you mean by “ATTACKS”?  Types: 1. Passive : -Read only attack -silent in nature -difficult to detect 2. Active: -Data alteration or disruption -wide used technique(IP masquerading) -Denial of services(DOS) -Ping of death
  • 4. C ONTROL MEASURES  For Ping of death attack:  Prohibit creation of ICMP packets of invalid size  For Denial of Service attack:  Firewalls and routers at network boundaries can use filters to prevent spoofed packets from leaving the network  Filter incoming packets with a broadcast address  Turning off direct broadcasts on all internal routers  Block known private IP addresses being used as destination IP (e.g., 10.0.0.0, 172.16.24.0, 192.168.0.0, 224.0.0.0, 127.0.0.1)
  • 5.  Web server- h/w and s/w  Common use- host website  Other uses – gaming, data storage, running enterprise application  What is “SQL Injection”?
  • 6. S OURCES OF SQL I NJECTION  Injection through user input Malicious strings in web forms  Injection through cookies Modified cookie fields contain attack strings  Injection through server variables Headers are manipulated to contain attack strings  Second order injection Trojan horse input seems fine untill used in a certain situation
  • 7. T YPES OF SQL I NJECTIONS  Piggy backed queries  Tautologies  Alternate encodings  Inference  Illegal/logically incorrect queries  Union query  Stored procedures
  • 8. C OUNTER MEASURES  Prevention Augment code Detect vulnerabilities in code Safe libraries  Detection detect attacks at runtime
  • 9. P REVENTION TECHNIQUES  Penetration technique  Defensive coding best practices  Static analysis of code  Safe development libraries  Proxy filters
  • 10. C ONCLUSIONS  SQLIAs have:  Many sources  Many goals  Many types  Detection techniques can be effective, but limited by lack of automation  Prevention technique can be very effective, but should move away from developer defence
  • 11. T HANK YOU