SlideShare a Scribd company logo

Website attack n defacement n its control measures

Download as PPTX, PDF
أحلام انصارى, profile picture
أحلام انصارى

This document discusses website attacks and defenses against them. It describes common attack methods like SQL injection that target vulnerabilities in website databases. The document outlines different types of attacks, including passive and active attacks, and defenses against each. Specifically, it discusses controls for denial of service attacks, including firewalls and filtering spoofed packets. It also details SQL injection sources, types, and prevention techniques to safeguard websites through secure coding practices and detection systems.

1 of 11
Downloaded 39 times
1
2
3
4
5
6
7
8
9
10
11
W EBSITE ATTACKS AND DEFACEMENT WITH ITS CONTROL MEASURES
 What is website defacement?  It’s a work of system crackers.  What are system crackers? -black hats, white hats  “SQL Injection” the most common method  Harmless defacement/uploading malware  Second method by FTP
 What do you mean by “ATTACKS”?  Types: 1. Passive : -Read only attack -silent in nature -difficult to detect 2. Active: -Data alteration or disruption -wide used technique(IP masquerading) -Denial of services(DOS) -Ping of death
C ONTROL MEASURES  For Ping of death attack:  Prohibit creation of ICMP packets of invalid size  For Denial of Service attack:  Firewalls and routers at network boundaries can use filters to prevent spoofed packets from leaving the network  Filter incoming packets with a broadcast address  Turning off direct broadcasts on all internal routers  Block known private IP addresses being used as destination IP (e.g., 10.0.0.0, 172.16.24.0, 192.168.0.0, 224.0.0.0, 127.0.0.1)
 Web server- h/w and s/w  Common use- host website  Other uses – gaming, data storage, running enterprise application  What is “SQL Injection”?
S OURCES OF SQL I NJECTION  Injection through user input Malicious strings in web forms  Injection through cookies Modified cookie fields contain attack strings  Injection through server variables Headers are manipulated to contain attack strings  Second order injection Trojan horse input seems fine untill used in a certain situation
T YPES OF SQL I NJECTIONS  Piggy backed queries  Tautologies  Alternate encodings  Inference  Illegal/logically incorrect queries  Union query  Stored procedures
C OUNTER MEASURES  Prevention Augment code Detect vulnerabilities in code Safe libraries  Detection detect attacks at runtime
P REVENTION TECHNIQUES  Penetration technique  Defensive coding best practices  Static analysis of code  Safe development libraries  Proxy filters
C ONCLUSIONS  SQLIAs have:  Many sources  Many goals  Many types  Detection techniques can be effective, but limited by lack of automation  Prevention technique can be very effective, but should move away from developer defence
T HANK YOU

More Related Content

PPTX
Web defacement
student
 
PPT
Ethical hacking
zing12345
 
PPT
ETHICAL HACKING
Sweta Leena Panda
 
PPTX
Ethical hacking
United Group Of Institution
 
PPT
Hacking Kishor
kishor sharma
 
PPSX
Information Security and Ethical Hacking
Divyank Jindal
 
PPTX
Information security & ethical hacking
eiti panchkula
 
PPTX
Ethical Hacking
Aditya Vikram Singhania
 
Web defacement
student
 
Ethical hacking
zing12345
 
ETHICAL HACKING
Sweta Leena Panda
 
Ethical hacking
United Group Of Institution
 
Hacking Kishor
kishor sharma
 
Information Security and Ethical Hacking
Divyank Jindal
 
Information security & ethical hacking
eiti panchkula
 
Ethical Hacking
Aditya Vikram Singhania
 

What's hot (19)

PPTX
Ethical hacking
Rishabha Garg
 
PPTX
Ethical hacking
Nandan Kushwaha
 
PPSX
Ethical Hacking
Adnan Mansha
 
PPTX
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
PPT
Basic Introduction to hacking
Sainath Volam
 
ODP
Ethical hacking ppt
himanshujoshi238
 
PPT
Ethical hacking
Ravi Rajput
 
PPTX
Hacking
vkradhika
 
PPT
Hacker
Ramasubbu .P
 
PPTX
Ethical hacking
Alapan Banerjee
 
ODP
Introduction To Hacking
Aitezaz Mohsin
 
PPTX
Ethical hacking
Devendra Yadav
 
PPTX
Ethical hacking
S Sai Karthik
 
PPTX
Hacktrikz - Introduction to Information Security & Ethical Hacking
Ravi Sankar
 
PPTX
Introduction ethical hacking
Vishal Kumar
 
PPTX
Penetration testing
PTC
 
PPTX
Introduction To Ethical Hacking
Neel Kamal
 
PPTX
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
PPTX
Black hat hackers
Santosh Kumar
 
Ethical hacking
Rishabha Garg
 
Ethical hacking
Nandan Kushwaha
 
Ethical Hacking
Adnan Mansha
 
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
Basic Introduction to hacking
Sainath Volam
 
Ethical hacking ppt
himanshujoshi238
 
Ethical hacking
Ravi Rajput
 
Hacking
vkradhika
 
Hacker
Ramasubbu .P
 
Ethical hacking
Alapan Banerjee
 
Introduction To Hacking
Aitezaz Mohsin
 
Ethical hacking
Devendra Yadav
 
Ethical hacking
S Sai Karthik
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Ravi Sankar
 
Introduction ethical hacking
Vishal Kumar
 
Penetration testing
PTC
 
Introduction To Ethical Hacking
Neel Kamal
 
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Black hat hackers
Santosh Kumar
 
Ad

Viewers also liked (19)

PPT
Sql injection
Nikunj Dhameliya
 
PPTX
SQL Injection Attacks cs586
Stacy Watts
 
PPT
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
PPT
SQLMAP Tool Usage - A Heads Up
Mindfire Solutions
 
PDF
Prevention of SQL Injection Attacks having XML Database
IOSR Journals
 
PPTX
Devouring Security XML Attack surface and Defences
gmaran23
 
PDF
Sql injection with sqlmap
Herman Duarte
 
PPT
Sql Injection Attacks And Defense Presentatio (1)
guest32e5cfe
 
PPT
Sql injection
Nitish Kumar
 
PPT
Sql Injection Attacks Siddhesh
Siddhesh Bhobe
 
PPT
Sql injection attack
RajKumar Rampelli
 
PDF
Advanced SQL Injection: Attacks
Nuno Loureiro
 
PPTX
Understanding and preventing sql injection attacks
Kevin Kline
 
PPT
D:\Technical\Ppt\Sql Injection
avishkarm
 
PPTX
SQL INJECTION
Anoop T
 
PPTX
Sql injection
Zidh
 
PPTX
Sql Injection attacks and prevention
helloanand
 
PPT
Sql injection
Pallavi Biswas
 
PDF
3 Things Every Sales Team Needs to Be Thinking About in 2017
Drift
 
Sql injection
Nikunj Dhameliya
 
SQL Injection Attacks cs586
Stacy Watts
 
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
SQLMAP Tool Usage - A Heads Up
Mindfire Solutions
 
Prevention of SQL Injection Attacks having XML Database
IOSR Journals
 
Devouring Security XML Attack surface and Defences
gmaran23
 
Sql injection with sqlmap
Herman Duarte
 
Sql Injection Attacks And Defense Presentatio (1)
guest32e5cfe
 
Sql injection
Nitish Kumar
 
Sql Injection Attacks Siddhesh
Siddhesh Bhobe
 
Sql injection attack
RajKumar Rampelli
 
Advanced SQL Injection: Attacks
Nuno Loureiro
 
Understanding and preventing sql injection attacks
Kevin Kline
 
D:\Technical\Ppt\Sql Injection
avishkarm
 
SQL INJECTION
Anoop T
 
Sql injection
Zidh
 
Sql Injection attacks and prevention
helloanand
 
Sql injection
Pallavi Biswas
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
Drift
 
Ad

Similar to Website attack n defacement n its control measures (20)

PDF
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
PPT
Day4
Jai4uk
 
PPT
Web Application Security
Abdul Wahid
 
PPT
Web Based Security
John Wiley
 
PDF
Eximbank security presentation
laonap166
 
PPTX
Intrusion detection system
Sweta Sharma
 
PPTX
Network security and System Admin
MD SAHABUDDIN
 
PPT
Idps technology starter v2.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PPT
Windows network security
Information Technology
 
PPTX
Security Threats and Vulnerabilities-2.pptx
AmardeepKumar621436
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PPTX
Network security
Fekadu Abera
 
PDF
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
PPT
Chapter 2
shahhardik27
 
PDF
Linux Security best Practices with Fedora
Uditha Bandara Wijerathna
 
PPT
ids.ppt
Agostinho9
 
PPT
Hacking and its Defence
Greater Noida Institute Of Technology
 
PPTX
Cyper security & Ethical hacking
Cmano Kar
 
PPT
DDOS (1).ppt
HaipengCai1
 
PPT
Anton Chuvakin on Honeypots
Anton Chuvakin
 
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Day4
Jai4uk
 
Web Application Security
Abdul Wahid
 
Web Based Security
John Wiley
 
Eximbank security presentation
laonap166
 
Intrusion detection system
Sweta Sharma
 
Network security and System Admin
MD SAHABUDDIN
 
Idps technology starter v2.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Windows network security
Information Technology
 
Security Threats and Vulnerabilities-2.pptx
AmardeepKumar621436
 
Introduction to penetration testing
Nezar Alazzabi
 
Network security
Fekadu Abera
 
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
Chapter 2
shahhardik27
 
Linux Security best Practices with Fedora
Uditha Bandara Wijerathna
 
ids.ppt
Agostinho9
 
Hacking and its Defence
Greater Noida Institute Of Technology
 
Cyper security & Ethical hacking
Cmano Kar
 
DDOS (1).ppt
HaipengCai1
 
Anton Chuvakin on Honeypots
Anton Chuvakin
 

More from أحلام انصارى (20)

PPTX
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
أحلام انصارى
 
PPTX
Intention recognition for dynamic role exchange in haptic
أحلام انصارى
 
PPT
Noise Adaptive Training for Robust Automatic Speech Recognition
أحلام انصارى
 
PPTX
Human behaviour analysis based on New motion descriptor
أحلام انصارى
 
PPTX
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
أحلام انصارى
 
PDF
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
أحلام انصارى
 
PPTX
Security issues in cloud database
أحلام انصارى
 
PPTX
Html5 offers 5 times better ways to hijack the website
أحلام انصارى
 
PPTX
Honey pot in cloud computing
أحلام انصارى
 
PPT
grid authentication
أحلام انصارى
 
PPTX
Security As A Service In Cloud(SECaaS)
أحلام انصارى
 
PPT
Dos presentation by ahlam shakeel
أحلام انصارى
 
PPTX
Soa
أحلام انصارى
 
PPTX
Rbac
أحلام انصارى
 
PPTX
Password craking techniques
أحلام انصارى
 
PPT
Operating system vulnerability and control
أحلام انصارى
 
PPT
Network ssecurity toolkit
أحلام انصارى
 
PPTX
Image forgery and security
أحلام انصارى
 
PPTX
Image based authentication
أحلام انصارى
 
PPT
Dmz
أحلام انصارى
 
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
أحلام انصارى
 
Intention recognition for dynamic role exchange in haptic
أحلام انصارى
 
Noise Adaptive Training for Robust Automatic Speech Recognition
أحلام انصارى
 
Human behaviour analysis based on New motion descriptor
أحلام انصارى
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
أحلام انصارى
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
أحلام انصارى
 
Security issues in cloud database
أحلام انصارى
 
Html5 offers 5 times better ways to hijack the website
أحلام انصارى
 
Honey pot in cloud computing
أحلام انصارى
 
grid authentication
أحلام انصارى
 
Security As A Service In Cloud(SECaaS)
أحلام انصارى
 
Dos presentation by ahlam shakeel
أحلام انصارى
 
Soa
أحلام انصارى
 
Rbac
أحلام انصارى
 
Password craking techniques
أحلام انصارى
 
Operating system vulnerability and control
أحلام انصارى
 
Network ssecurity toolkit
أحلام انصارى
 
Image forgery and security
أحلام انصارى
 
Image based authentication
أحلام انصارى
 
Dmz
أحلام انصارى
 

Website attack n defacement n its control measures

  • 1. W EBSITE ATTACKS AND DEFACEMENT WITH ITS CONTROL MEASURES
  • 2.  What is website defacement?  It’s a work of system crackers.  What are system crackers? -black hats, white hats  “SQL Injection” the most common method  Harmless defacement/uploading malware  Second method by FTP
  • 3. What do you mean by “ATTACKS”?  Types: 1. Passive : -Read only attack -silent in nature -difficult to detect 2. Active: -Data alteration or disruption -wide used technique(IP masquerading) -Denial of services(DOS) -Ping of death
  • 4. C ONTROL MEASURES  For Ping of death attack:  Prohibit creation of ICMP packets of invalid size  For Denial of Service attack:  Firewalls and routers at network boundaries can use filters to prevent spoofed packets from leaving the network  Filter incoming packets with a broadcast address  Turning off direct broadcasts on all internal routers  Block known private IP addresses being used as destination IP (e.g., 10.0.0.0, 172.16.24.0, 192.168.0.0, 224.0.0.0, 127.0.0.1)
  • 5.  Web server- h/w and s/w  Common use- host website  Other uses – gaming, data storage, running enterprise application  What is “SQL Injection”?
  • 6. S OURCES OF SQL I NJECTION  Injection through user input Malicious strings in web forms  Injection through cookies Modified cookie fields contain attack strings  Injection through server variables Headers are manipulated to contain attack strings  Second order injection Trojan horse input seems fine untill used in a certain situation
  • 7. T YPES OF SQL I NJECTIONS  Piggy backed queries  Tautologies  Alternate encodings  Inference  Illegal/logically incorrect queries  Union query  Stored procedures
  • 8. C OUNTER MEASURES  Prevention Augment code Detect vulnerabilities in code Safe libraries  Detection detect attacks at runtime
  • 9. P REVENTION TECHNIQUES  Penetration technique  Defensive coding best practices  Static analysis of code  Safe development libraries  Proxy filters
  • 10. C ONCLUSIONS  SQLIAs have:  Many sources  Many goals  Many types  Detection techniques can be effective, but limited by lack of automation  Prevention technique can be very effective, but should move away from developer defence
  • 11. T HANK YOU