IT 4510 : Information Security
Web Security
Dr Joe Francom
Risks
Scanning
- Banner grabbing (nikto, telnet)
- https://sitereport.netcraft.com/
- How could that site be useful to an attacker?
- Site ripper?
- httrack
- let’s rip some of the cit website and see if we can host on our Kali machine
Web server Attacks
See if you can find an example:
- DDOS
- DNS server hijacking
- DNS amplification attack
- Directory traversal
- MitM (burp)
- Website defacement
- Web server misconfiguration
- HTTP response splitting
- Web server password cracking
Vulnerability Scanners
Web application Attacks
- Injection
- XSS attacks
- clickjacking
- buffer overflow