SlideShare a Scribd company logo

“Can we deface your Web in 10 mins?” - Edu 3.4

E
eLearning Consortium 電子學習聯盟

This document discusses common hacking incidents like website defacement, information theft, and data modification. It provides examples of vulnerabilities like SQL injection, outdated content management systems, and sensitive files with weak protections. The document demonstrates how a hacker could potentially deface a sample educational website within 10 minutes by browsing it, finding unprotected directories, exploiting vulnerabilities like SQL injection, and uploading code to control the server. It concludes with tips to assess websites for security issues, apply countermeasures, and improve security awareness.

Education
1 of 15
Download to read offline
Knownsec Hong Kong  Can we deface your Web in 10 mins?
 News Ref: http://hk.on.cc/hk/bkn/cnt/news/20150708/bkn-20150708133226995-0708_00822_001.html
 News Ref: http://abcnews.go.com/US/ny-high-school-students-accused-hacking-computer-system/story?id=34617530
 News Ref: http://www.appledaily.com.tw/realtimenews/article/new/20151024/718116/
 Some Common Hacking Incidents •  Defacement •  Changing the look of the website – e.g. hackers break into into the web server and modify the content •  Stealing Information •  Getting some sensitive information (e.g. exam paper) because they are not properly protected Ref: https://www.pinoyhacknews.com/web-hacking-terms-what-is- website-defacedefacement
•  Modifying Information •  E.g. Hackers break into the server / through websites vulnerability to modify the database content, like school grades •  Upload Trojan / Shell •  Hackers upload a backdoor to control the webserver, they can change website content, spread virus, make webserver as zombie, etc… •  Etc… Ref: http://vanish.org/t/images/bot1.jpg
 Some Common Vulnerabilities •  SQL Injection •  A website vulnerability that allow hackers to input gain access to database or even execute commands, e.g. dump database, modify content, upload files •  Vulnerable Components •  Using some vulnerable software like outdated CMS, vuln version of Wordpress plugin, old web servers (e.g. webdav exploit)… Ref: http://imgs.xkcd.com/comics/exploits_of_a_mom.png
•  Sensitive Files •  Important files are not properly protected, e.g. simply putting them to be internet accessible •  Weak Passwords •  Using weak password like 000000 and no brute force protection
 Demo – Can we deface your Web in 10mins? •  There is a sample Educational Website
 Can we deface your Web in 10mins? •  Hacking in progress… •  Browsing the website •  Finding vulnerabilities •  Uploading a shell… •  Defacing the homepage…
 Can we deface your Web in 10mins? – Yes!!
 What did the hacker do? •  Browsing the website •  Got interesting directories: /intranet •  Have to login? •  Got an interesting page: /intranet/fck.php using FKCEditor? •  Finding vulnerabilities •  Bypass login by SQL Injection… •  Misconfigured FCKEditor, a vulnerable component J •  Uploading a shell… •  A file that can control the website •  Defacing the homepage… •  Mission completed
 Tips •  Do security assessment on your websites •  Websites vulnerabilities •  Servers configuration •  Apply countermeasures if necessary •  Improve security awareness •  Be aware of the news about the technology that the school is using •  Education
 Contact •  Alan Ho •  alanho@knownsec.com
Thank you!

Recommended

WordPress for Beginners
WordPress for BeginnersWordPress for Beginners
WordPress for Beginners
Brad Williams
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019
stk_jj
 
Modernize your existing teaching materials through Office 365
Modernize your existing teaching materials through Office 365Modernize your existing teaching materials through Office 365
Modernize your existing teaching materials through Office 365
eLearning Consortium 電子學習聯盟
 
“Performance Analytics and Assessment for Learning” - Edu 3.4
“Performance Analytics and Assessment for Learning” - Edu 3.4“Performance Analytics and Assessment for Learning” - Edu 3.4
“Performance Analytics and Assessment for Learning” - Edu 3.4
eLearning Consortium 電子學習聯盟
 
“Learn the fundamental of programming with animals and robots” - Edu 3.4
“Learn the fundamental of programming with animals and robots” - Edu 3.4“Learn the fundamental of programming with animals and robots” - Edu 3.4
“Learn the fundamental of programming with animals and robots” - Edu 3.4
eLearning Consortium 電子學習聯盟
 
「有機上網」了,然後呢? - Edu 3.4
「有機上網」了,然後呢? - Edu 3.4「有機上網」了,然後呢? - Edu 3.4
「有機上網」了,然後呢? - Edu 3.4
eLearning Consortium 電子學習聯盟
 
"Google雲端學習:跳出校園輕鬆教學" - Edu 3.4
"Google雲端學習:跳出校園輕鬆教學" - Edu 3.4"Google雲端學習:跳出校園輕鬆教學" - Edu 3.4
"Google雲端學習:跳出校園輕鬆教學" - Edu 3.4
eLearning Consortium 電子學習聯盟
 
共享創意知多D及如何利用共享創意分享教材與創作 - 校本經驗分享 - Edu 3.4
共享創意知多D及如何利用共享創意分享教材與創作 - 校本經驗分享 - Edu 3.4共享創意知多D及如何利用共享創意分享教材與創作 - 校本經驗分享 - Edu 3.4
共享創意知多D及如何利用共享創意分享教材與創作 - 校本經驗分享 - Edu 3.4
eLearning Consortium 電子學習聯盟
 

Recommended

WordPress for Beginners
WordPress for BeginnersWordPress for Beginners
WordPress for Beginners
Brad Williams
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019
stk_jj
 
Modernize your existing teaching materials through Office 365
Modernize your existing teaching materials through Office 365Modernize your existing teaching materials through Office 365
Modernize your existing teaching materials through Office 365
eLearning Consortium 電子學習聯盟
 
“Performance Analytics and Assessment for Learning” - Edu 3.4
“Performance Analytics and Assessment for Learning” - Edu 3.4“Performance Analytics and Assessment for Learning” - Edu 3.4
“Performance Analytics and Assessment for Learning” - Edu 3.4
eLearning Consortium 電子學習聯盟
 
“Learn the fundamental of programming with animals and robots” - Edu 3.4
“Learn the fundamental of programming with animals and robots” - Edu 3.4“Learn the fundamental of programming with animals and robots” - Edu 3.4
“Learn the fundamental of programming with animals and robots” - Edu 3.4
eLearning Consortium 電子學習聯盟
 
「有機上網」了,然後呢? - Edu 3.4
「有機上網」了,然後呢? - Edu 3.4「有機上網」了,然後呢? - Edu 3.4
「有機上網」了,然後呢? - Edu 3.4
eLearning Consortium 電子學習聯盟
 
"Google雲端學習:跳出校園輕鬆教學" - Edu 3.4
"Google雲端學習:跳出校園輕鬆教學" - Edu 3.4"Google雲端學習:跳出校園輕鬆教學" - Edu 3.4
"Google雲端學習:跳出校園輕鬆教學" - Edu 3.4
eLearning Consortium 電子學習聯盟
 
共享創意知多D及如何利用共享創意分享教材與創作 - 校本經驗分享 - Edu 3.4
共享創意知多D及如何利用共享創意分享教材與創作 - 校本經驗分享 - Edu 3.4共享創意知多D及如何利用共享創意分享教材與創作 - 校本經驗分享 - Edu 3.4
共享創意知多D及如何利用共享創意分享教材與創作 - 校本經驗分享 - Edu 3.4
eLearning Consortium 電子學習聯盟
 
Hour of code computer science class
Hour of code computer science classHour of code computer science class
Hour of code computer science class
Holly Akers
 
Learning with Lenovo - Edu 3.4
Learning with Lenovo - Edu 3.4Learning with Lenovo - Edu 3.4
Learning with Lenovo - Edu 3.4
eLearning Consortium 電子學習聯盟
 
(Open Hack Night Fall 2014) Hacking Tutorial
(Open Hack Night Fall 2014) Hacking Tutorial(Open Hack Night Fall 2014) Hacking Tutorial
(Open Hack Night Fall 2014) Hacking Tutorial
James Griffin
 
Cara mendeface sebuah website
Cara mendeface sebuah websiteCara mendeface sebuah website
Cara mendeface sebuah website
yogigreat
 
Web hack & attacks
Web hack & attacksWeb hack & attacks
Web hack & attacks
Apurva Dhanwantri - CISA ,SCJP,C|EH, ISO/IEC 27001 LA,CPISI
 
Why java is important in programming language?
Why java is important in programming language?Why java is important in programming language?
Why java is important in programming language?
NexSoftsys
 
Panduan Instalasi Android Studio
Panduan Instalasi Android StudioPanduan Instalasi Android Studio
Panduan Instalasi Android Studio
Agus Haryanto
 
Teach your kids how to program with Python and the Raspberry Pi
Teach your kids how to program with Python and the Raspberry PiTeach your kids how to program with Python and the Raspberry Pi
Teach your kids how to program with Python and the Raspberry Pi
Juan Gomez
 
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card ViewBelajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Agus Haryanto
 
Android Sliding Menu dengan Navigation Drawer
Android Sliding Menu dengan Navigation DrawerAndroid Sliding Menu dengan Navigation Drawer
Android Sliding Menu dengan Navigation Drawer
Agus Haryanto
 
Kids Can Code
Kids Can CodeKids Can Code
Kids Can Code
eLearning Consortium 電子學習聯盟
 
Belajar Android Studio Memberi Efek animasi pada Button
Belajar Android Studio Memberi Efek animasi pada ButtonBelajar Android Studio Memberi Efek animasi pada Button
Belajar Android Studio Memberi Efek animasi pada Button
Agus Haryanto
 
Kenalan Dengan Firebase Android
Kenalan Dengan Firebase AndroidKenalan Dengan Firebase Android
Kenalan Dengan Firebase Android
Agus Haryanto
 
Java basic introduction
Java basic introductionJava basic introduction
Java basic introduction
Ideal Eyes Business College
 
Building Web Hack Interfaces
Building Web Hack InterfacesBuilding Web Hack Interfaces
Building Web Hack Interfaces
Christian Heilmann
 
Android Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySqlAndroid Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySql
Agus Haryanto
 
How to Teach how to Code for kids
How to Teach how to Code for kidsHow to Teach how to Code for kids
How to Teach how to Code for kids
eLearning Consortium 電子學習聯盟
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
vinod kumar
 
Belajar Android PHP MySQL Login dengan Volley
Belajar Android PHP MySQL Login dengan VolleyBelajar Android PHP MySQL Login dengan Volley
Belajar Android PHP MySQL Login dengan Volley
Agus Haryanto
 
jQTouch – Mobile Web Apps with HTML, CSS and JavaScript
jQTouch – Mobile Web Apps with HTML, CSS and JavaScriptjQTouch – Mobile Web Apps with HTML, CSS and JavaScript
jQTouch – Mobile Web Apps with HTML, CSS and JavaScript
Philipp Bosch
 
Web 1.0, Web 2.0 and Digital Preservation
Web 1.0, Web 2.0 and Digital PreservationWeb 1.0, Web 2.0 and Digital Preservation
Web 1.0, Web 2.0 and Digital Preservation
lisbk
 
MS PowerPoint format
MS PowerPoint formatMS PowerPoint format
MS PowerPoint format
webhostingguy
 

More Related Content

Viewers also liked

Hour of code computer science class
Hour of code computer science classHour of code computer science class
Hour of code computer science class
Holly Akers
 
Learning with Lenovo - Edu 3.4
Learning with Lenovo - Edu 3.4Learning with Lenovo - Edu 3.4
Learning with Lenovo - Edu 3.4
eLearning Consortium 電子學習聯盟
 
(Open Hack Night Fall 2014) Hacking Tutorial
(Open Hack Night Fall 2014) Hacking Tutorial(Open Hack Night Fall 2014) Hacking Tutorial
(Open Hack Night Fall 2014) Hacking Tutorial
James Griffin
 
Cara mendeface sebuah website
Cara mendeface sebuah websiteCara mendeface sebuah website
Cara mendeface sebuah website
yogigreat
 
Web hack & attacks
Web hack & attacksWeb hack & attacks
Web hack & attacks
Apurva Dhanwantri - CISA ,SCJP,C|EH, ISO/IEC 27001 LA,CPISI
 
Why java is important in programming language?
Why java is important in programming language?Why java is important in programming language?
Why java is important in programming language?
NexSoftsys
 
Panduan Instalasi Android Studio
Panduan Instalasi Android StudioPanduan Instalasi Android Studio
Panduan Instalasi Android Studio
Agus Haryanto
 
Teach your kids how to program with Python and the Raspberry Pi
Teach your kids how to program with Python and the Raspberry PiTeach your kids how to program with Python and the Raspberry Pi
Teach your kids how to program with Python and the Raspberry Pi
Juan Gomez
 
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card ViewBelajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Agus Haryanto
 
Android Sliding Menu dengan Navigation Drawer
Android Sliding Menu dengan Navigation DrawerAndroid Sliding Menu dengan Navigation Drawer
Android Sliding Menu dengan Navigation Drawer
Agus Haryanto
 
Kids Can Code
Kids Can CodeKids Can Code
Kids Can Code
eLearning Consortium 電子學習聯盟
 
Belajar Android Studio Memberi Efek animasi pada Button
Belajar Android Studio Memberi Efek animasi pada ButtonBelajar Android Studio Memberi Efek animasi pada Button
Belajar Android Studio Memberi Efek animasi pada Button
Agus Haryanto
 
Kenalan Dengan Firebase Android
Kenalan Dengan Firebase AndroidKenalan Dengan Firebase Android
Kenalan Dengan Firebase Android
Agus Haryanto
 
Java basic introduction
Java basic introductionJava basic introduction
Java basic introduction
Ideal Eyes Business College
 
Building Web Hack Interfaces
Building Web Hack InterfacesBuilding Web Hack Interfaces
Building Web Hack Interfaces
Christian Heilmann
 
Android Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySqlAndroid Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySql
Agus Haryanto
 
How to Teach how to Code for kids
How to Teach how to Code for kidsHow to Teach how to Code for kids
How to Teach how to Code for kids
eLearning Consortium 電子學習聯盟
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
vinod kumar
 
Belajar Android PHP MySQL Login dengan Volley
Belajar Android PHP MySQL Login dengan VolleyBelajar Android PHP MySQL Login dengan Volley
Belajar Android PHP MySQL Login dengan Volley
Agus Haryanto
 
jQTouch – Mobile Web Apps with HTML, CSS and JavaScript
jQTouch – Mobile Web Apps with HTML, CSS and JavaScriptjQTouch – Mobile Web Apps with HTML, CSS and JavaScript
jQTouch – Mobile Web Apps with HTML, CSS and JavaScript
Philipp Bosch
 

Viewers also liked (20)

Hour of code computer science class
Hour of code computer science classHour of code computer science class
Hour of code computer science class
 
Learning with Lenovo - Edu 3.4
Learning with Lenovo - Edu 3.4Learning with Lenovo - Edu 3.4
Learning with Lenovo - Edu 3.4
 
(Open Hack Night Fall 2014) Hacking Tutorial
(Open Hack Night Fall 2014) Hacking Tutorial(Open Hack Night Fall 2014) Hacking Tutorial
(Open Hack Night Fall 2014) Hacking Tutorial
 
Cara mendeface sebuah website
Cara mendeface sebuah websiteCara mendeface sebuah website
Cara mendeface sebuah website
 
Web hack & attacks
Web hack & attacksWeb hack & attacks
Web hack & attacks
 
Why java is important in programming language?
Why java is important in programming language?Why java is important in programming language?
Why java is important in programming language?
 
Panduan Instalasi Android Studio
Panduan Instalasi Android StudioPanduan Instalasi Android Studio
Panduan Instalasi Android Studio
 
Teach your kids how to program with Python and the Raspberry Pi
Teach your kids how to program with Python and the Raspberry PiTeach your kids how to program with Python and the Raspberry Pi
Teach your kids how to program with Python and the Raspberry Pi
 
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card ViewBelajar Android Studio Material Design Penggunaan RecyclerView dan Card View
Belajar Android Studio Material Design Penggunaan RecyclerView dan Card View
 
Android Sliding Menu dengan Navigation Drawer
Android Sliding Menu dengan Navigation DrawerAndroid Sliding Menu dengan Navigation Drawer
Android Sliding Menu dengan Navigation Drawer
 
Kids Can Code
Kids Can CodeKids Can Code
Kids Can Code
 
Belajar Android Studio Memberi Efek animasi pada Button
Belajar Android Studio Memberi Efek animasi pada ButtonBelajar Android Studio Memberi Efek animasi pada Button
Belajar Android Studio Memberi Efek animasi pada Button
 
Kenalan Dengan Firebase Android
Kenalan Dengan Firebase AndroidKenalan Dengan Firebase Android
Kenalan Dengan Firebase Android
 
Java basic introduction
Java basic introductionJava basic introduction
Java basic introduction
 
Building Web Hack Interfaces
Building Web Hack InterfacesBuilding Web Hack Interfaces
Building Web Hack Interfaces
 
Android Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySqlAndroid Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySql
 
How to Teach how to Code for kids
How to Teach how to Code for kidsHow to Teach how to Code for kids
How to Teach how to Code for kids
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
 
Belajar Android PHP MySQL Login dengan Volley
Belajar Android PHP MySQL Login dengan VolleyBelajar Android PHP MySQL Login dengan Volley
Belajar Android PHP MySQL Login dengan Volley
 
jQTouch – Mobile Web Apps with HTML, CSS and JavaScript
jQTouch – Mobile Web Apps with HTML, CSS and JavaScriptjQTouch – Mobile Web Apps with HTML, CSS and JavaScript
jQTouch – Mobile Web Apps with HTML, CSS and JavaScript
 

Similar to “Can we deface your Web in 10 mins?” - Edu 3.4

Web 1.0, Web 2.0 and Digital Preservation
Web 1.0, Web 2.0 and Digital PreservationWeb 1.0, Web 2.0 and Digital Preservation
Web 1.0, Web 2.0 and Digital Preservation
lisbk
 
MS PowerPoint format
MS PowerPoint formatMS PowerPoint format
MS PowerPoint format
webhostingguy
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Michael Pirnat
 
Django (Web Applications that are Secure by Default)
Django �(Web Applications that are Secure by Default�)Django �(Web Applications that are Secure by Default�)
Django (Web Applications that are Secure by Default)
Kishor Kumar
 
Penetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterPenetration testing experience at the University of Worcester
Penetration testing experience at the University of Worcester
Jisc
 
How to fix a hacked site and harden June 2019
How to fix a hacked site and harden June 2019How to fix a hacked site and harden June 2019
How to fix a hacked site and harden June 2019
Tim Plummer
 
Web security
Web securityWeb security
Web security
kareem zock
 
MS PowerPoint format
MS PowerPoint formatMS PowerPoint format
MS PowerPoint format
webhostingguy
 
Advanced Site Studio Class, June 18, 2012
Advanced Site Studio Class, June 18, 2012Advanced Site Studio Class, June 18, 2012
Advanced Site Studio Class, June 18, 2012
Lee Klement
 
Uweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website ExploitsUweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website Exploits
tamuwww
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
Angela Bowman
 
Making the Web Fireproof: A Building Code for Websites
Making the Web Fireproof: A Building Code for WebsitesMaking the Web Fireproof: A Building Code for Websites
Making the Web Fireproof: A Building Code for Websites
Dylan Wilbanks
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
Robert Vidal
 
Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for Sitecore
PINT Inc
 
Confidence web
Confidence webConfidence web
Confidence web
Dan Kaminsky
 
USG Rock Eagle 2017 - PWP at 1000 Days
USG Rock Eagle 2017 - PWP at 1000 DaysUSG Rock Eagle 2017 - PWP at 1000 Days
USG Rock Eagle 2017 - PWP at 1000 Days
Eric Sembrat
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
Shubham Takode
 
Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)
Aleks (Aleksander) Shklyar
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa
 

Similar to “Can we deface your Web in 10 mins?” - Edu 3.4 (20)

Web 1.0, Web 2.0 and Digital Preservation
Web 1.0, Web 2.0 and Digital PreservationWeb 1.0, Web 2.0 and Digital Preservation
Web 1.0, Web 2.0 and Digital Preservation
 
MS PowerPoint format
MS PowerPoint formatMS PowerPoint format
MS PowerPoint format
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
Django (Web Applications that are Secure by Default)
Django �(Web Applications that are Secure by Default�)Django �(Web Applications that are Secure by Default�)
Django (Web Applications that are Secure by Default)
 
Penetration testing experience at the University of Worcester
Penetration testing experience at the University of WorcesterPenetration testing experience at the University of Worcester
Penetration testing experience at the University of Worcester
 
How to fix a hacked site and harden June 2019
How to fix a hacked site and harden June 2019How to fix a hacked site and harden June 2019
How to fix a hacked site and harden June 2019
 
Web security
Web securityWeb security
Web security
 
MS PowerPoint format
MS PowerPoint formatMS PowerPoint format
MS PowerPoint format
 
Advanced Site Studio Class, June 18, 2012
Advanced Site Studio Class, June 18, 2012Advanced Site Studio Class, June 18, 2012
Advanced Site Studio Class, June 18, 2012
 
Uweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website ExploitsUweb Meeting Presentation - Website Exploits
Uweb Meeting Presentation - Website Exploits
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
Making the Web Fireproof: A Building Code for Websites
Making the Web Fireproof: A Building Code for WebsitesMaking the Web Fireproof: A Building Code for Websites
Making the Web Fireproof: A Building Code for Websites
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for Sitecore
 
Confidence web
Confidence webConfidence web
Confidence web
 
USG Rock Eagle 2017 - PWP at 1000 Days
USG Rock Eagle 2017 - PWP at 1000 DaysUSG Rock Eagle 2017 - PWP at 1000 Days
USG Rock Eagle 2017 - PWP at 1000 Days
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
 
Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
 

More from eLearning Consortium 電子學習聯盟

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
eLearning Consortium 電子學習聯盟
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
eLearning Consortium 電子學習聯盟
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
eLearning Consortium 電子學習聯盟
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
eLearning Consortium 電子學習聯盟
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
eLearning Consortium 電子學習聯盟
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
eLearning Consortium 電子學習聯盟
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
eLearning Consortium 電子學習聯盟
 
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
eLearning Consortium 電子學習聯盟
 
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
eLearning Consortium 電子學習聯盟
 
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
eLearning Consortium 電子學習聯盟
 
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
eLearning Consortium 電子學習聯盟
 
3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf
eLearning Consortium 電子學習聯盟
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
eLearning Consortium 電子學習聯盟
 
1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
eLearning Consortium 電子學習聯盟
 
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
eLearning Consortium 電子學習聯盟
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
eLearning Consortium 電子學習聯盟
 
07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
eLearning Consortium 電子學習聯盟
 
06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
eLearning Consortium 電子學習聯盟
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
eLearning Consortium 電子學習聯盟
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
eLearning Consortium 電子學習聯盟
 

More from eLearning Consortium 電子學習聯盟 (20)

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
 
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
 
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
 
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
 
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
 
3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
 
1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
 
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
 
07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
 
06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛06 網絡安全挑戰與防衛
06 網絡安全挑戰與防衛
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
 

Recently uploaded

Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
nitinpv4ai
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
nitinpv4ai
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
TechSoup
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
MJDuyan
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
IsmaelVazquez38
 
Electric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger HuntElectric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger Hunt
RamseyBerglund
 
Educational Technology in the Health Sciences
Educational Technology in the Health SciencesEducational Technology in the Health Sciences
Educational Technology in the Health Sciences
Iris Thiele Isip-Tan
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
ImMuslim
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
indexPub
 
Accounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record ProperlyAccounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record Properly
TechSoup
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
Celine George
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
blueshagoo1
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapitolTechU
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
How to Predict Vendor Bill Product in Odoo 17
How to Predict Vendor Bill Product in Odoo 17How to Predict Vendor Bill Product in Odoo 17
How to Predict Vendor Bill Product in Odoo 17
Celine George
 
SWOT analysis in the project Keeping the Memory @live.pptx
SWOT analysis in the project Keeping the Memory @live.pptxSWOT analysis in the project Keeping the Memory @live.pptx
SWOT analysis in the project Keeping the Memory @live.pptx
zuzanka
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
RidwanHassanYusuf
 
How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17
Celine George
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
Celine George
 

Recently uploaded (20)

Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
 
Electric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger HuntElectric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger Hunt
 
Educational Technology in the Health Sciences
Educational Technology in the Health SciencesEducational Technology in the Health Sciences
Educational Technology in the Health Sciences
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
 
Accounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record ProperlyAccounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants When and How To Record Properly
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
 
CIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdfCIS 4200-02 Group 1 Final Project Report (1).pdf
CIS 4200-02 Group 1 Final Project Report (1).pdf
 
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptx
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
How to Predict Vendor Bill Product in Odoo 17
How to Predict Vendor Bill Product in Odoo 17How to Predict Vendor Bill Product in Odoo 17
How to Predict Vendor Bill Product in Odoo 17
 
SWOT analysis in the project Keeping the Memory @live.pptx
SWOT analysis in the project Keeping the Memory @live.pptxSWOT analysis in the project Keeping the Memory @live.pptx
SWOT analysis in the project Keeping the Memory @live.pptx
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
 
How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
 

“Can we deface your Web in 10 mins?” - Edu 3.4

  • 1. Knownsec Hong Kong  Can we deface your Web in 10 mins?
  • 5.  Some Common Hacking Incidents •  Defacement •  Changing the look of the website – e.g. hackers break into into the web server and modify the content •  Stealing Information •  Getting some sensitive information (e.g. exam paper) because they are not properly protected Ref: https://www.pinoyhacknews.com/web-hacking-terms-what-is- website-defacedefacement
  • 6. •  Modifying Information •  E.g. Hackers break into the server / through websites vulnerability to modify the database content, like school grades •  Upload Trojan / Shell •  Hackers upload a backdoor to control the webserver, they can change website content, spread virus, make webserver as zombie, etc… •  Etc… Ref: http://vanish.org/t/images/bot1.jpg
  • 7.  Some Common Vulnerabilities •  SQL Injection •  A website vulnerability that allow hackers to input gain access to database or even execute commands, e.g. dump database, modify content, upload files •  Vulnerable Components •  Using some vulnerable software like outdated CMS, vuln version of Wordpress plugin, old web servers (e.g. webdav exploit)… Ref: http://imgs.xkcd.com/comics/exploits_of_a_mom.png
  • 8. •  Sensitive Files •  Important files are not properly protected, e.g. simply putting them to be internet accessible •  Weak Passwords •  Using weak password like 000000 and no brute force protection
  • 9.  Demo – Can we deface your Web in 10mins? •  There is a sample Educational Website
  • 10.  Can we deface your Web in 10mins? •  Hacking in progress… •  Browsing the website •  Finding vulnerabilities •  Uploading a shell… •  Defacing the homepage…
  • 11.  Can we deface your Web in 10mins? – Yes!!
  • 12.  What did the hacker do? •  Browsing the website •  Got interesting directories: /intranet •  Have to login? •  Got an interesting page: /intranet/fck.php using FKCEditor? •  Finding vulnerabilities •  Bypass login by SQL Injection… •  Misconfigured FCKEditor, a vulnerable component J •  Uploading a shell… •  A file that can control the website •  Defacing the homepage… •  Mission completed
  • 13.  Tips •  Do security assessment on your websites •  Websites vulnerabilities •  Servers configuration •  Apply countermeasures if necessary •  Improve security awareness •  Be aware of the news about the technology that the school is using •  Education
  • 14.  Contact •  Alan Ho •  alanho@knownsec.com