Premium Resources

Training Courses

Free Resources

Hacking Methodology

Web footprinting:

Gathering information related to the web application like-

Whois information
Netcraft information
Firewall information
Ports and services running
Server and OS discovery
Hidden contents

Vulnerability scanners:

Scanners like Nikto, Nessus, URLscan, Acunetix can be used to find out vulnerabilities in a web application.

Identify Entry Points and Attack surface:

The next step is to know the entry points like login screens, URLs, cookies, and output points like display screens, reports, etc. We need to find vulnerabilities to bypass the access controls and break into the application. All the above discussed attacks should be tested for the possibility.

Countermeasures:

Always validate the input fields.
Limit the entry in the input fields.
Check for arbitrary inputs like scripts, SQL injection codes, etc.
Use a Web application firewall.
Run database accounts with minimal access rights.
Use input/output encoding.
Use prepared statements and parameterised sql queries to avoid Sql injection.
Configure the firewall with strict rules.
Use secure protocols.
Encrypt cookies.
Use random numbers for cookies and proper session expiry.

Related Topics

What is Hacking? What is Ethical Hacking? Who is an Ethical Hacker?

CIA Triangle Important characteristics of Information Security, Functionality and Usability Triangle Phases of Hacking Different types of attacks Vulnerability Assessment Penetration Testing Information Security Laws, Standards and frameworks

What is Footprinting Objectives of Footprinting Footprinting Methodology

What is Scanning? Network Scanning Scanning Methodology

Enumeration and its Types NetBIOS Enumeration SNMP Enumeration LDAP Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration

Goals of System Hacking Gaining Access Privilege Escalation Executing Applications Hiding Files Covering Tracks

Introduction to Malware Threats and its Types Virus Trojans Worms Rootkits, Spyware and Ransomware How to Detect Malicious Software

Sniffing and its Types ARP and CAM Table Active Sniffing Attacks DHCP Poisoning

Social Engineering and its Attacks Computer and Mobile Based Social Engineering

Denial of Service attacks and its Types

Session Hijacking and its Types Session Hijacking Process Session Hijacking Levels Network or TCP Session Hijacking

Web Server and its Types of Attacks

Web Application and its types of Attacks Injection Flaws Cross-Site Scripting Web Services Attacks Hacking Methodology

Introduction to SQL Injection Types of SQL Injection

Introduction to Hacking Wireless Networks Encryption Types Wi-Fi Attacks

Introduction to Hacking Mobile Devices Android Types of Android Attacks IOS Mobile Device Management

Firewall IDS: Intrusion Detection System Ways of Detecting Attacks

Introduction to Cryptography PKI: Public Key Infrastructure SSL: Secure Socket Layer

Introduction to Cloud Computing Types of Cloud Computing Benefits, Threats, and Attacks on Cloud Computing Security in Cloud

Premium Resources

Free Resources

Hacking Methodology

Web footprinting:

Vulnerability scanners:

Identify Entry Points and Attack surface:

Countermeasures:

Related Topics

Company

Resources

Bootcamps

Premium Resources

Free Resources

Hacking Methodology

Web footprinting:

Vulnerability scanners:

Identify Entry Points and Attack surface:

Countermeasures:

Related Topics

Ethical Hacking

Introduction to Ethical Hacking

Footprinting and Reconnaissance

Scanning

Enumeration

System Hacking

Malware Threats

Sniffing

Social Engineering

Denial of Service

Session Hijacking

Hacking Web Servers

Web Application Attacks

SQL Injection

Hacking Wireless Networks

Hacking Mobile Devices

Evading Firewall/IDS and Honey Bots

Cryptography

Cloud Computing