In this webinar, we will highlight the different types of hacks, how they work, and what to do post-hack.
We will also share some examples of hacked websites and discuss the most common methods attackers use to target them, plus how they determine if your site is a worthy candidate and how they operate once access is gained.
A few takeaways from this webinar include:
- How do you define a hack?
- What are the OWASP Top 10?
- What is a back door?
- XSS, SQL injection, and others
3. Joshua Hammer
Tweet #AskSucuri to @SucuriSecurity
W E B I N A R S P E A K E R
• Sucuri 4 years
• Sales Operations Manager
• Married with 2 kids
• Loves board games, video games, security, and laughing
5. Stephen Johnston
Tweet #AskSucuri to @SucuriSecurity
W E B I N A R S P E A K E R
• Sucuri 1.5 years
• Agency Sales Consultant
• Married with 3 kids
• Loves religion, his family, guitar, technology and security
6. Tweet #AskSucuri to @SucuriSecurity
In this webinar you will learn:
• How do you define a Hack?
• What are the OWASP Top 10
• What is a back door?
• XSS, SQL Injection, and others.
7. Tweet #AskSucuri to @SucuriSecurity
What are
hacks?
Before we discuss what the most
common types of hacks are, we
need to decide what a hack is.
8. Tweet #AskSucuri to @SucuriSecurity
DDoS
• Distributed Denial of Service (DDoS) attacks
are designed to disrupt a website’s availability.
• The objective is to prevent legitimate users
from accessing your website.
• To be successful, the attacker needs to send
more requests than the victim server can
handle. Another way successful attacks occur
is when the attacker sends bogus requests.
9. Tweet #AskSucuri to @SucuriSecurity
Malware
Generic term used for browser-
side code to create drive-by
downloads.
10. Tweet #AskSucuri to @SucuriSecurity
Attack
Vectors
An attack vector is the way or
means an attacker tries to gain
access to your digital environment
to infect it with malicious code.
11. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
12. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
13. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
14. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
15. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
16. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
17. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
18. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
19. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
20. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
21. Tweet #AskSucuri to @SucuriSecurity
OWASP Top 10
• Injection
• Broken authentication
• Sensitive data exposure
• Xml external entities XXE
• Broken access control
• Security misconfigurations
• Cross site Scripting
• Insecure deserialization
• Using components with known vulnerabilities
• Insufficient logging and monitoring
https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html
https://www.owasp.org/index.php/Main_Page
22. Tweet #AskSucuri to @SucuriSecurity
Cross-Site
Scripting (XSS)
Reflected XSS
• The application or API includes unvalidated and
unescaped user input as part of HTML output.
Stored XSS
• Application stores user data that is later looked at by
an admin or another user.
DOM XSS
• JavaScript frameworks, single-page applications and
API that dynamically include attacker controllable data.
23. Tweet #AskSucuri to @SucuriSecurity
Backdoors
• A way back in for the attackers
• Or something built into a program to give
unauthorized access to a system.
In 2018 Website Hack Trend Report, 68% of
malware removed were backdoors it was the
top malware installed during a infection.
Hinweis der Redaktion
Is an hack a ddos?
Or perhaps its malware
Or maybe its attack vectors
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
* here, we’ll fix the common malware definition
* I’ll show you three common ways where malware hides
* I’ll try to deobfuscate this magic word little bit
And in the end of this webinar I’ll tell you something about…
*
*
So what is malware >
Injection (where a hacker trys to inject code such as sql injection attacks)
Broken authentication (flaws in authentication or brute force)
Sensitvie data exposure (either in transit or stored data)
XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor)
Broken access control (by gaining access to areas they are not suppose to have access to)
Security misconfigurations (not changing defaults for example)
Crosssite scripting (will go into more detail on next page)
Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site)
Known vulnerabilities (using plugins with known issues makes easier target)
Insufficient logging and monitoring (cant protect what you don’t know is happing)
Reflected (allows the attacker to execute html and javascript in the victims browser)
Stored(allows attacker to view user input
Dom (replace or defacement