In this post we will discus a little about hacking a website. A website is hosted on a web server so if you hack web server you hack website. So first of all let’s see what are some basic types of web server vulnerabilities which can lead to security breach. You must know that breach in security of web server can also provide attacker a door to internal network and hence owning a web server can give attacker an exponential advantage. Basically there are only three types of web servers available on which world hosts their web sites.
-Internet Information Server (IIS) by Microsoft
-Apache
-Apache Variants
Following are some web based vulnerabilities which can lead to security breach of a web server.
-Misconfiguration In Web Server Settings. Most people don’t employ professionals while creating and hosting their websites, a non-pro might hardly know anything about web server security and hence he/she may leave all settings to defaults or at most basic level thus giving even skids a full chance to breach it.
-Faulty Programming Practices. One of the most found reasons for web security breach is faulty programming practice while creating web sites. A vulnerably developed code can be found on thousands of website around. To avoid this problem at least one skilled and experienced programmer should be kept in charge to check faulty programming practice.
-Lack Of Security Policy. A security policy should implemented properly while web development phase. You might have seen several websites which disallow download without registration but when a user arrives at membership page he/she finds direct link in source code for download. Though this seems non catastrophic but it can also act as severe threat.
-Vulnerabilities In Web Application. Web application vulnerabilities generally includes SQL injection attacks, XSS attacks, RFI, LFI buffer overflow etc if you don’t know any of the following terms don’t bother I will cover them in detail in future posts.
In next post we will have our look on some basic IIS based vulnerabilities and how they are exploited.
No comments:
Post a Comment