What Are the Most Common Types of Hacks?
•Als PPTX, PDF herunterladen•
1 gefällt mir•510 views
In this webinar, we will highlight the different types of hacks, how they work, and what to do post-hack. We will also share some examples of hacked websites and discuss the most common methods attackers use to target them, plus how they determine if your site is a worthy candidate and how they operate once access is gained. A few takeaways from this webinar include: - How do you define a hack? - What are the OWASP Top 10? - What is a back door? - XSS, SQL injection, and others
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie What Are the Most Common Types of Hacks?
Ähnlich wie What Are the Most Common Types of Hacks? (20)
Mehr von Sucuri
Mehr von Sucuri (12)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
What Are the Most Common Types of Hacks?
- 1. What Are the Most Common Types of Hacks? Joshua Hammer, Sales Operations Manager Stephen Johnston, Sales Consultant S U C U R I W E B I N A R
- 2. Joshua Hammer Sales Operations Manager Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
- 3. Joshua Hammer Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R • Sucuri 4 years • Sales Operations Manager • Married with 2 kids • Loves board games, video games, security, and laughing
- 4. Stephen Johnston Sales Consultant Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
- 5. Stephen Johnston Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R • Sucuri 1.5 years • Agency Sales Consultant • Married with 3 kids • Loves religion, his family, guitar, technology and security
- 6. Tweet #AskSucuri to @SucuriSecurity In this webinar you will learn: • How do you define a Hack? • What are the OWASP Top 10 • What is a back door? • XSS, SQL Injection, and others.
- 7. Tweet #AskSucuri to @SucuriSecurity What are hacks? Before we discuss what the most common types of hacks are, we need to decide what a hack is.
- 8. Tweet #AskSucuri to @SucuriSecurity DDoS • Distributed Denial of Service (DDoS) attacks are designed to disrupt a website’s availability. • The objective is to prevent legitimate users from accessing your website. • To be successful, the attacker needs to send more requests than the victim server can handle. Another way successful attacks occur is when the attacker sends bogus requests.
- 9. Tweet #AskSucuri to @SucuriSecurity Malware Generic term used for browser- side code to create drive-by downloads.
- 10. Tweet #AskSucuri to @SucuriSecurity Attack Vectors An attack vector is the way or means an attacker tries to gain access to your digital environment to infect it with malicious code.
- 11. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 12. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 13. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 14. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 15. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 16. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 17. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 18. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 19. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 20. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 21. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
- 22. Tweet #AskSucuri to @SucuriSecurity Cross-Site Scripting (XSS) Reflected XSS • The application or API includes unvalidated and unescaped user input as part of HTML output. Stored XSS • Application stores user data that is later looked at by an admin or another user. DOM XSS • JavaScript frameworks, single-page applications and API that dynamically include attacker controllable data.
- 23. Tweet #AskSucuri to @SucuriSecurity Backdoors • A way back in for the attackers • Or something built into a program to give unauthorized access to a system. In 2018 Website Hack Trend Report, 68% of malware removed were backdoors it was the top malware installed during a infection.
Hinweis der Redaktion
- Is an hack a ddos?
- Or perhaps its malware
- Or maybe its attack vectors
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
- Reflected (allows the attacker to execute html and javascript in the victims browser) Stored(allows attacker to view user input Dom (replace or defacement