Web Security System




                     Website Security Systems




Copyright © 2009-Present Mobile88.com. All Right...
Web Security System


                         Website Security Systems

       • Website Security Systems is very importa...
Web Security System


                                                 Web hacking
       • Web hacking is usually done th...
Web Security System


                                                   Deface Site
       • Deface is an activity to cha...
Web Security System


         The techniques of web site Deface
       • Generally the amount of deface can be done
     ...
Web Security System


         The techniques of web site Deface
       2. With TFTP (Trivial File Transfer Protocol) is a...
Web Security System


                                                           Netcat
       • Netcat allows you to form...
Web Security System


              Securing IIS Server from Deface
       • Always updating with the latest service packs...
Web Security System


                                               SQL Injection
       • SQL injection attack is one at...
Web Security System


                                               SQL Injection
       For handling this case is set to...
Web Security System


                       Remote File Inclusion (RFI)
       • Methods that exploit the weaknesses of P...
Web Security System


                             Local File Inclusion (LFI)
       • Methods that exploit the weaknesses...
Web Security System


                           Cross Site Scripting (XSS)
       • XSS also known as the CSS is an acron...
Upcoming SlideShare
Loading in …5
×

Website security systems

3,246 views

Published on

Published in: Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,246
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Website security systems

  1. 1. Web Security System Website Security Systems Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 1
  2. 2. Web Security System Website Security Systems • Website Security Systems is very important for a webmaster. • If a webmaster to ignore the security aspect of a website, the website will be very vulnerable to attacks from a hacker. • To strengthen the web of security in terms of knowledge about web security systems needed to be overcome. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 2
  3. 3. Web Security System Web hacking • Web hacking is usually done through port 80. Because the website using port 80. The attacks are usually carried out are: • Deface Site • SQL Injection • Remote File Inclusion (RFI) • Local File Inclusion (LFI) • Cross Site Scripting (XSS) Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 3
  4. 4. Web Security System Deface Site • Deface is an activity to change the front page (index) or the content of a Web site or its contents so that the view in accordance with the desired. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 4
  5. 5. Web Security System The techniques of web site Deface • Generally the amount of deface can be done in 3 ways: 1. Generally speaking, Enter Illegal Input. The aim is that the user was thrown out of the directory files and go to the web server root directory and then run the cmd.exe and observing the structure of the target directory on the NT server. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 5
  6. 6. Web Security System The techniques of web site Deface 2. With TFTP (Trivial File Transfer Protocol) is a UDP based protocol which listen on ports 69 and is very susceptible safety and most web servers running this TFTP service. 3. With the FTP with a web that has been filled deface materials. Each NT server has ftp.exe file upload to FTP or FTP downloads. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 6
  7. 7. Web Security System Netcat • Netcat allows you to form their own port filter that allows file transfers without using FTP. Furthermore, netcat can be used to avoid the port filters on most firewalls, spoofing IP address, to conduct session hijacking. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 7
  8. 8. Web Security System Securing IIS Server from Deface • Always updating with the latest service packs and the latest hotfix. • Protect with a firewall and IDS (Intrusion Detection System). • Eliminating Options Write on the HTTP protocol (HTTP 1.0 and HTTP 1.1). • Commands supported are: CONNECT*, DELETE*, GET, HEAD, OPTIONS, POST, PUT, TRACE Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 8
  9. 9. Web Security System SQL Injection • SQL injection attack is one attack to reach access to the database system based on Microsoft SQL Server. • These techniques take advantage of weaknesses in the programming language in SQL scripting in processing a database system that allows someone without an account can enter and pass the verification of the MS SQL Server. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 9
  10. 10. Web Security System SQL Injection For handling this case is set to: • Only certain characters may be inputted. • If the illegal character is detected, immediately rejected the request. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 10
  11. 11. Web Security System Remote File Inclusion (RFI) • Methods that exploit the weaknesses of PHP scripts include (), include_once (), Require (), require_once () the variable is not declared properly. • With RFI an attacker can either include a file that is located outside the respective servers. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 11
  12. 12. Web Security System Local File Inclusion (LFI) • Methods that exploit the weaknesses of PHP scripts include (), include_once (), Require (), require_once () the variable is not declared properly. • With LFI an attacker can either include a file that is located on the server concerned. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 12
  13. 13. Web Security System Cross Site Scripting (XSS) • XSS also known as the CSS is an acronym for Cross Site Scripting. • XSS is a method to insert HTML or script code into a website that is run through a browser on the client. Copyright © 2009-Present Mobile88.com. All Rights Reserved. Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 13

×