Website security systems

1. Web Security System Website Security Systems Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 1

2. Web Security System Website Security Systems • Website Security Systems is very important for a webmaster. • If a webmaster to ignore the security aspect of a website, the website will be very vulnerable to attacks from a hacker. • To strengthen the web of security in terms of knowledge about web security systems needed to be overcome. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 2

3. Web Security System Web hacking • Web hacking is usually done through port 80. Because the website using port 80. The attacks are usually carried out are: • Deface Site • SQL Injection • Remote File Inclusion (RFI) • Local File Inclusion (LFI) • Cross Site Scripting (XSS) Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 3

4. Web Security System Deface Site • Deface is an activity to change the front page (index) or the content of a Web site or its contents so that the view in accordance with the desired. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 4

5. Web Security System The techniques of web site Deface • Generally the amount of deface can be done in 3 ways: 1. Generally speaking, Enter Illegal Input. The aim is that the user was thrown out of the directory files and go to the web server root directory and then run the cmd.exe and observing the structure of the target directory on the NT server. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 5

6. Web Security System The techniques of web site Deface 2. With TFTP (Trivial File Transfer Protocol) is a UDP based protocol which listen on ports 69 and is very susceptible safety and most web servers running this TFTP service. 3. With the FTP with a web that has been filled deface materials. Each NT server has ftp.exe file upload to FTP or FTP downloads. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 6

7. Web Security System Netcat • Netcat allows you to form their own port filter that allows file transfers without using FTP. Furthermore, netcat can be used to avoid the port filters on most firewalls, spoofing IP address, to conduct session hijacking. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 7

8. Web Security System Securing IIS Server from Deface • Always updating with the latest service packs and the latest hotfix. • Protect with a firewall and IDS (Intrusion Detection System). • Eliminating Options Write on the HTTP protocol (HTTP 1.0 and HTTP 1.1). • Commands supported are: CONNECT*, DELETE*, GET, HEAD, OPTIONS, POST, PUT, TRACE Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 8

9. Web Security System SQL Injection • SQL injection attack is one attack to reach access to the database system based on Microsoft SQL Server. • These techniques take advantage of weaknesses in the programming language in SQL scripting in processing a database system that allows someone without an account can enter and pass the verification of the MS SQL Server. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 9

10. Web Security System SQL Injection For handling this case is set to: • Only certain characters may be inputted. • If the illegal character is detected, immediately rejected the request. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 10

11. Web Security System Remote File Inclusion (RFI) • Methods that exploit the weaknesses of PHP scripts include (), include_once (), Require (), require_once () the variable is not declared properly. • With RFI an attacker can either include a file that is located outside the respective servers. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 11

12. Web Security System Local File Inclusion (LFI) • Methods that exploit the weaknesses of PHP scripts include (), include_once (), Require (), require_once () the variable is not declared properly. • With LFI an attacker can either include a file that is located on the server concerned. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 12

13. Web Security System Cross Site Scripting (XSS) • XSS also known as the CSS is an acronym for Cross Site Scripting. • XSS is a method to insert HTML or script code into a website that is run through a browser on the client. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 13

Website security systems

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Website security systems

Ähnlich wie Website security systems (20)

Mehr von Mobile88

Mehr von Mobile88 (6)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Website security systems