SlideShare a Scribd company logo

Domain 5 of the CEH Web Application Hacking.pptx

Download as PPTX, PDF
I
Infosectrain3

We will discuss the fifth domain of CEH, which is ‘web application hacking.’

Education
1 of 16
Domain 5 of the CEH: Web Application Hacking www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com Domains of CEH 1.Information Security and Ethical Hacking Overview-6% 2.Reconnaissance Techniques-21% 3.System hacking phases and Attack Techniques-17% 4.Network and perimeter hacking-14% 5.Web application hacking-16% 6.Wireless network hacking-6% 7.Mobile platform, IoT, and OT hacking-8% 8.Cloud Computing-6% 9.Cryptography-6%
www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com We will discuss the fifth domain of CEH, which is ‘web application hacking.’ What is a Web Application? Considering that most people have used mobile applications like PUB- G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. What will you do? Login to your account through Google Chrome. Right? And that’s it, as you can use your Instagram by using a web browser. It is called a web application. A few famous examples of web applications are Facebook, MakeMyTrip, Flipboard, and the 2048 Game.
www.infosectrain.com | sales@infosectrain.com The technical definition of a web application: A web application is a software or a program that performs particular tasks by running on any web browser like Google Chrome, Mozilla Firefox, Internet Explorer, etc. One of the coolest things about using web applications is you don’t need to download them. Hence, devices will have space for more important data. Hacking of Web Applications: Web hacking refers to exploiting HTTP applications by manipulating graphics, altering the Uniform Resource Identifier (URI), or altering HTTP elements outside the URI.
www.infosectrain.com | sales@infosectrain.com Different methods to hack web applications are: SQL Injection attacks: We can use Structured Query Language to operate, query, and administrate the data systems. The SQL injection attack is one of the prevalent SQL attacks that attackers use to read, change, or delete data. SQL injections can also command the operating systems to perform particular tasks. Cross-site scripting: Attacks using cross-site scripting, also called XSS, involve injecting malicious code into websites that would otherwise be safe. Using a target web application vulnerability, an attacker can send malicious code to a user. Fuzzing: In software, operating systems, or networks, developers can employ fuzz testing to identify code mistakes and security gaps. Attackers may also apply the same method on our sites or servers to locate weaknesses. It works by first entering a huge amount of random data (fuzz) to crash it. Furthermore, attackers use a fuzzer software tool that is used to detect weak areas. If the security of the target fails, the attacker might exploit it further.
www.infosectrain.com | sales@infosectrain.com Types of vulnerabilities that cause web application hacking Unvalidated Inputs: Web applications accept input from the user, as queries are built on top of that input. The attacker can launch attacks like cross-site scripting (XSS), SQL injection attacks, and directory traversal attacks if these inputs are not properly sanitized. This attack can also lead to identity theft and data theft. Directory traversal attack: As a result of this vulnerability, the attacker can access restricted directories on the web server in addition to the webroot directory. This would allow the attacker to access system files, run OS commands, and find out details about the configuration.
www.infosectrain.com | sales@infosectrain.com Defense Mechanisms There are various defense mechanisms to control web application hacking. Some of them are: Authentication: Authentication is a defense mechanism that checks the user ID and password to verify the users. But with the increasing social engineering techniques, attackers can easily get your login credentials. Hence, the two-step verification came into existence. Two-step verification is nothing but sending a “One Time Password” to your mobile so that only you can have the authority to login into your account. Handling data safely: Most vulnerabilities in Web applications are caused by the improper processing of user data. Vulnerabilities can frequently be overlooked, not by verifying the input itself but by assuring safe processing. Secure Coding approach that prevents typical issues. For example, the proper use of parameterized database access queries can avoid attacks from SQL by injecting.
www.infosectrain.com | sales@infosectrain.com Conducting audits: Effective audit logs should enable the application’s owners to understand precisely what has happened, what vulnerability was exploited by attackers, whether attackers got unwanted data access, or whether attackers conducted any unauthorized actions. Audits can also provide the attacker’s identity. CEH with InfosecTrain InfosecTrain is one of the leading training providers with a pocket-friendly budget. We invite you to join us for an unforgettable journey with industry experts to gain a better understanding of the Certified Ethical Hacker course. Courses can be taken as live instructor-led sessions or as self-paced courses, allowing you to complete your training journey at your convenience.
About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com
Our Endorsements www.infosectrain.com | sales@infosectrain.com
Why InfosecTrain Global Learning Partners Flexible modes of Training Tailor Made Training Post training completion Certified and Experienced Instructors Access to the recorded sessions www.infosectrain.com | sales@infosectrain.com
Our Trusted Clients www.infosectrain.com | sales@infosectrain.com
Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

Recommended

CEH Domain 5.pdf
CEH Domain 5.pdfCEH Domain 5.pdf
CEH Domain 5.pdfinfosec train
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingShivamSharma909
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
C01461422
C01461422C01461422
C01461422IOSR Journals
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
 
T04505103106
T04505103106T04505103106
T04505103106IJERA Editor
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 

Recommended

CEH Domain 5.pdf
CEH Domain 5.pdfCEH Domain 5.pdf
CEH Domain 5.pdfinfosec train
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingShivamSharma909
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
C01461422
C01461422C01461422
C01461422IOSR Journals
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
 
T04505103106
T04505103106T04505103106
T04505103106IJERA Editor
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptxAnonymousDevil2
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
cyber security
cyber securitycyber security
cyber securityNaveed Ahmed Siddiqui
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
What is web Attack tools.pdf
What is web Attack tools.pdfWhat is web Attack tools.pdf
What is web Attack tools.pdfuzair
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 
Web Application Security Tips
Web Application Security TipsWeb Application Security Tips
Web Application Security Tipstcellsn
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersBenjamin Floyd
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10YasserElsnbary
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
gpt.AI.docx
gpt.AI.docxgpt.AI.docx
gpt.AI.docxssuser233ed8
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...Cognizant
 
Network security
Network securityNetwork security
Network securityAshish Gaurkhede
 
Turning off Autofill.pdf
Turning off Autofill.pdfTurning off Autofill.pdf
Turning off Autofill.pdfInfosectrain3
 
Targeted Ransomware.pdf
Targeted Ransomware.pdfTargeted Ransomware.pdf
Targeted Ransomware.pdfInfosectrain3
 

More Related Content

Similar to Domain 5 of the CEH Web Application Hacking.pptx

Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
What is web Attack tools.pdf
What is web Attack tools.pdfWhat is web Attack tools.pdf
What is web Attack tools.pdfuzair
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...Editor IJMTER
 
Web Application Security Tips
Web Application Security TipsWeb Application Security Tips
Web Application Security Tipstcellsn
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersBenjamin Floyd
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With ExamplesAlwin Thayyil
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...Cognizant
 

Similar to Domain 5 of the CEH Web Application Hacking.pptx (20)

AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptx
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
cyber security
cyber securitycyber security
cyber security
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
What is web Attack tools.pdf
What is web Attack tools.pdfWhat is web Attack tools.pdf
What is web Attack tools.pdf
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...A Review paper on Securing PHP based websites From Web Application Vulnerabil...
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
 
Web Application Security Tips
Web Application Security TipsWeb Application Security Tips
Web Application Security Tips
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web Developers
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Security Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdfSecurity Testing Approach for Web Application Testing.pdf
Security Testing Approach for Web Application Testing.pdf
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
gpt.AI.docx
gpt.AI.docxgpt.AI.docx
gpt.AI.docx
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
 
Network security
Network securityNetwork security
Network security
 

More from Infosectrain3

Turning off Autofill.pdf
Turning off Autofill.pdfTurning off Autofill.pdf
Turning off Autofill.pdfInfosectrain3
 
Targeted Ransomware.pdf
Targeted Ransomware.pdfTargeted Ransomware.pdf
Targeted Ransomware.pdfInfosectrain3
 
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdfExploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdfInfosectrain3
 
LoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfLoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfInfosectrain3
 
Security tips for Travelers.pdf
Security tips for Travelers.pdfSecurity tips for Travelers.pdf
Security tips for Travelers.pdfInfosectrain3
 
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdfThreat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdfInfosectrain3
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfInfosectrain3
 
The Cyber Villains.pdf
The Cyber Villains.pdfThe Cyber Villains.pdf
The Cyber Villains.pdfInfosectrain3
 
Types of Servers in Computing.pdf
Types of Servers in Computing.pdfTypes of Servers in Computing.pdf
Types of Servers in Computing.pdfInfosectrain3
 
Types of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfTypes of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfInfosectrain3
 
Google's AI Red Team.pdf
Google's AI Red Team.pdfGoogle's AI Red Team.pdf
Google's AI Red Team.pdfInfosectrain3
 
A to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfA to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfInfosectrain3
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxInfosectrain3
 
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInterview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInfosectrain3
 
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInterview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInfosectrain3
 
IBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxIBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxInfosectrain3
 
How to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxHow to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxInfosectrain3
 
How to Analyze Data (1).pptx
How to Analyze Data (1).pptxHow to Analyze Data (1).pptx
How to Analyze Data (1).pptxInfosectrain3
 
Frequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxFrequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxInfosectrain3
 

More from Infosectrain3 (20)

Turning off Autofill.pdf
Turning off Autofill.pdfTurning off Autofill.pdf
Turning off Autofill.pdf
 
Targeted Ransomware.pdf
Targeted Ransomware.pdfTargeted Ransomware.pdf
Targeted Ransomware.pdf
 
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdfExploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
 
LoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfLoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdf
 
Security tips for Travelers.pdf
Security tips for Travelers.pdfSecurity tips for Travelers.pdf
Security tips for Travelers.pdf
 
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdfThreat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
 
The Cyber Villains.pdf
The Cyber Villains.pdfThe Cyber Villains.pdf
The Cyber Villains.pdf
 
Types of Servers in Computing.pdf
Types of Servers in Computing.pdfTypes of Servers in Computing.pdf
Types of Servers in Computing.pdf
 
Types of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfTypes of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdf
 
Google's AI Red Team.pdf
Google's AI Red Team.pdfGoogle's AI Red Team.pdf
Google's AI Red Team.pdf
 
A to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfA to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdf
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInterview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
 
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInterview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
 
IBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxIBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptx
 
How to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxHow to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptx
 
How to Analyze Data (1).pptx
How to Analyze Data (1).pptxHow to Analyze Data (1).pptx
How to Analyze Data (1).pptx
 
How DNS Works.pptx
How DNS Works.pptxHow DNS Works.pptx
How DNS Works.pptx
 
Frequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxFrequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptx
 

Recently uploaded

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 

Recently uploaded (20)

18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 

Domain 5 of the CEH Web Application Hacking.pptx

  • 1. Domain 5 of the CEH: Web Application Hacking www.infosectrain.com | sales@infosectrain.com
  • 3. www.infosectrain.com | sales@infosectrain.com Domains of CEH 1.Information Security and Ethical Hacking Overview-6% 2.Reconnaissance Techniques-21% 3.System hacking phases and Attack Techniques-17% 4.Network and perimeter hacking-14% 5.Web application hacking-16% 6.Wireless network hacking-6% 7.Mobile platform, IoT, and OT hacking-8% 8.Cloud Computing-6% 9.Cryptography-6%
  • 5. www.infosectrain.com | sales@infosectrain.com We will discuss the fifth domain of CEH, which is ‘web application hacking.’ What is a Web Application? Considering that most people have used mobile applications like PUB- G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. What will you do? Login to your account through Google Chrome. Right? And that’s it, as you can use your Instagram by using a web browser. It is called a web application. A few famous examples of web applications are Facebook, MakeMyTrip, Flipboard, and the 2048 Game.
  • 6. www.infosectrain.com | sales@infosectrain.com The technical definition of a web application: A web application is a software or a program that performs particular tasks by running on any web browser like Google Chrome, Mozilla Firefox, Internet Explorer, etc. One of the coolest things about using web applications is you don’t need to download them. Hence, devices will have space for more important data. Hacking of Web Applications: Web hacking refers to exploiting HTTP applications by manipulating graphics, altering the Uniform Resource Identifier (URI), or altering HTTP elements outside the URI.
  • 7. www.infosectrain.com | sales@infosectrain.com Different methods to hack web applications are: SQL Injection attacks: We can use Structured Query Language to operate, query, and administrate the data systems. The SQL injection attack is one of the prevalent SQL attacks that attackers use to read, change, or delete data. SQL injections can also command the operating systems to perform particular tasks. Cross-site scripting: Attacks using cross-site scripting, also called XSS, involve injecting malicious code into websites that would otherwise be safe. Using a target web application vulnerability, an attacker can send malicious code to a user. Fuzzing: In software, operating systems, or networks, developers can employ fuzz testing to identify code mistakes and security gaps. Attackers may also apply the same method on our sites or servers to locate weaknesses. It works by first entering a huge amount of random data (fuzz) to crash it. Furthermore, attackers use a fuzzer software tool that is used to detect weak areas. If the security of the target fails, the attacker might exploit it further.
  • 8. www.infosectrain.com | sales@infosectrain.com Types of vulnerabilities that cause web application hacking Unvalidated Inputs: Web applications accept input from the user, as queries are built on top of that input. The attacker can launch attacks like cross-site scripting (XSS), SQL injection attacks, and directory traversal attacks if these inputs are not properly sanitized. This attack can also lead to identity theft and data theft. Directory traversal attack: As a result of this vulnerability, the attacker can access restricted directories on the web server in addition to the webroot directory. This would allow the attacker to access system files, run OS commands, and find out details about the configuration.
  • 9. www.infosectrain.com | sales@infosectrain.com Defense Mechanisms There are various defense mechanisms to control web application hacking. Some of them are: Authentication: Authentication is a defense mechanism that checks the user ID and password to verify the users. But with the increasing social engineering techniques, attackers can easily get your login credentials. Hence, the two-step verification came into existence. Two-step verification is nothing but sending a “One Time Password” to your mobile so that only you can have the authority to login into your account. Handling data safely: Most vulnerabilities in Web applications are caused by the improper processing of user data. Vulnerabilities can frequently be overlooked, not by verifying the input itself but by assuring safe processing. Secure Coding approach that prevents typical issues. For example, the proper use of parameterized database access queries can avoid attacks from SQL by injecting.
  • 10. www.infosectrain.com | sales@infosectrain.com Conducting audits: Effective audit logs should enable the application’s owners to understand precisely what has happened, what vulnerability was exploited by attackers, whether attackers got unwanted data access, or whether attackers conducted any unauthorized actions. Audits can also provide the attacker’s identity. CEH with InfosecTrain InfosecTrain is one of the leading training providers with a pocket-friendly budget. We invite you to join us for an unforgettable journey with industry experts to gain a better understanding of the Certified Ethical Hacker course. Courses can be taken as live instructor-led sessions or as self-paced courses, allowing you to complete your training journey at your convenience.
  • 11. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com
  • 12. Our Endorsements www.infosectrain.com | sales@infosectrain.com
  • 13. Why InfosecTrain Global Learning Partners Flexible modes of Training Tailor Made Training Post training completion Certified and Experienced Instructors Access to the recorded sessions www.infosectrain.com | sales@infosectrain.com
  • 14. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com
  • 15.
  • 16. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com