Your SlideShare is downloading. ×
Website attack n defacement n its control measures
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Website attack n defacement n its control measures

1,041

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,041
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. W EBSITE ATTACKS ANDDEFACEMENT WITH ITS CONTROLMEASURES
  • 2.  What is website defacement? It’s a work of system crackers. What are system crackers? -black hats, white hats “SQL Injection” the most common method Harmless defacement/uploading malware Second method by FTP
  • 3.  What do you mean by “ATTACKS”? Types:1. Passive : -Read only attack -silent in nature -difficult to detect2. Active: -Data alteration or disruption -wide used technique(IP masquerading) -Denial of services(DOS) -Ping of death
  • 4. C ONTROL MEASURES For Ping of death attack:  Prohibit creation of ICMP packets of invalid size For Denial of Service attack:  Firewalls and routers at network boundaries can use filters to prevent spoofed packets from leaving the network  Filter incoming packets with a broadcast address  Turning off direct broadcasts on all internal routers  Block known private IP addresses being used as destination IP (e.g., 10.0.0.0, 172.16.24.0, 192.168.0.0, 224.0.0.0, 127.0.0.1)
  • 5.  Web server- h/w and s/w Common use- host website Other uses – gaming, data storage, running enterprise application What is “SQL Injection”?
  • 6. S OURCES OF SQL I NJECTION Injection through user input Malicious strings in web forms Injection through cookies Modified cookie fields contain attack strings Injection through server variables Headers are manipulated to contain attack strings Second order injection Trojan horse input seems fine untill used in a certain situation
  • 7. T YPES OF SQL I NJECTIONS Piggy backed queries Tautologies Alternate encodings Inference Illegal/logically incorrect queries Union query Stored procedures
  • 8. C OUNTER MEASURES Prevention Augment code Detect vulnerabilities in code Safe libraries Detection detect attacks at runtime
  • 9. P REVENTION TECHNIQUES Penetration technique Defensive coding best practices Static analysis of code Safe development libraries Proxy filters
  • 10. C ONCLUSIONS SQLIAs have: Many sources Many goals Many types Detection techniques can be effective, but limited by lack of automation Prevention technique can be very effective, but should move away from developer defence
  • 11. T HANK YOU

×