WEBSITE HACKING

#WEBSITE HACKING 

  Website!!!!!  World Wide accessible thing.Website is the virtual exsistance of  those who trying to build trust on internet.Website is the most important concept for all type of INFRASTRUCTURES like business,school,hospital,industry,government etc.

  But website is the first target of hackers to hack into.Hackers and cyber criminals are trying to hack websites and their respective web server to damage TRUST of respective website holder on internet.

If website is hacked then goodwill  be loose and visiters to that website are no longer likely to visit website.So that website hacking become the most important concept in today's date.

  Web application are becoming vulnerable to more sophisticated threats and attack vectors.Attacker or hacker finds weaknesses of website and launch attack according to weaknesses he found.This weaknesses or threats are of different types describe below:

BY THE REPORT 2015

• PHP based web application are 3 times more  vulnerable than .net based web application.
• Websites running WordPress are 24.1 more vulnerable than all other CMS based web application.
• In 2014 attacks are increases by 44% than 2013
• Business websites were targeted 48.1% than any other websites.

Following types of attacks on Websites :

• SQL INJECTION ATTACK:  SQL injection attack use a series of malicious SQL queries to directly manipulate the database.An attacker can use a vulnerable web application to bypass normal security measures and obtain direct access to the vulnerable data. The SQL query like // SELECT  * from TABLE where column="OR '1'='1'--; //   . Attacker use such types of queries to bypass user authentication in USER_ID and PASSWORD field.Able to login without password and user id.

• CROSS-SITE SCRIPTING ATTACK: In Cross Site scripting('XSS' or 'CSS') attacker trying to inject Client-Side script on to website input data fields like user_id,password,search_for,find etc. The Client-Side script mainly contains JAVA scripts which is like //<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>.More scripts are available HERE.

• CROSS SITE REQUEST FORGERY ATTACK: CSRF attack exploit web page vulnerability that allow an attacker to force an unsuspecting user's browser  to send malicious request they did not intend.It is also known as ONE CLICK attack.Occurs when an hacker instruct's users web browser to send request to a vulnerable website by malicious web page.
• DENIAL OF SERVICE ATTACK: In DOS attack attacker trying to exhaust all the resources of webserver i.e. bandwidth provide.  by continuously sending thousands of requests.By that continues request the server unable to handle such type of traffic leads to server get crash or unable to access by legitimate user.         DOS uses different types like HTTP flood, ICMP flood, UDP flood,DEAD PING flood these are some type of DOS attack. UDP flood is more likely used by hackers that's more effective.

• BUFFER OVERFLOW ATTACK:  In buffer overflow attack is exploit flow in error handling and input checking.In that attack large amount of data is supposed to pass through input field extra to actual data to pass. I.e.Extra more string data is added.  Suppose in PASSWORD input field attacker add some extra malicious script  after password he entered,using that technique server data memory unable to process data properly and sends the SENSITIVE data to attacker.

• SESSION HIJACKING ATTACK: In session hijacking attack attacker trying to get SESSION ID of respective webpage on particular browser.If website code unable to encrypt the session token properly then attacker will easily sniff it and able to access same sort of SESSION used by USER. Proper session handling is important part of website designing.  If USER accessing BANKING site for money transfer and attacker able to get SESSION ID of user ,then attacker can same logged-IN webpage on his own browser and withdraw all money!!!!.

These are the attacks mostly  did by attacker.

By compromising or hacking particular website hacker can able to access the database of that website.If that website is BANKING then he will get all account holder information like credit card details,online banking credentials,PINs etc.

If some E-COMMERCE website be hacked then hacker can able to manipulate the pricing information's,orders,number of objects etc. leads he can buy or purchase any sort of thing at his affordable price.

FOLLOWING ARE THE TOOLS FOR WEBSITE SECURITY:

BURP-SUITE:  To download Burpsuite

IBM_APP_SCANNER: To download Ibm-app-scan

ACUNETIX: To download Acunetix_scan

By using above tools you can able to scan the website and finds the weaknesses and security patches.These tools will gives the complete report of weaknesses and corresponding security tips so that web developer able to read it and secure the code.

Learn more about Website Hacking and attacks form https://www.macfro.com/

VISIT OUR FACEBOOK PAGE: Secson_Cyber_Security

LIKE US ON INSTAGRAM:SecsonCyberSecurity

---------------------------------------------------------------------------------------------------------------------

For any query:

mail:

akshayjain5999@yahoo.com

Linked_In:

akshay_jain

-------------------------------------------------------------------------------------------------------------------------