SlideShare a Scribd company logo

What Are the Most Common Types of Hacks?

Download as PPTX, PDF
Sucuri , profile picture
Sucuri

The document discusses common types of hacks and cyber threats, focusing on definitions, attack vectors, and the OWASP Top 10 security risks. It highlights various hacking techniques such as DDoS, malware, and backdoor access, along with the risks associated with cross-site scripting (XSS). Key figures from the related webinar include Joshua Hammer and Stephen Johnston, who address these security issues and provide insights into mitigating them.

Internet
Related topics:
Website DesignWebsite Security Overview Information Security
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
What Are the Most Common Types of Hacks? Joshua Hammer, Sales Operations Manager Stephen Johnston, Sales Consultant S U C U R I W E B I N A R
Joshua Hammer Sales Operations Manager Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
Joshua Hammer Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R • Sucuri 4 years • Sales Operations Manager • Married with 2 kids • Loves board games, video games, security, and laughing
Stephen Johnston Sales Consultant Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
Stephen Johnston Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R • Sucuri 1.5 years • Agency Sales Consultant • Married with 3 kids • Loves religion, his family, guitar, technology and security
Tweet #AskSucuri to @SucuriSecurity In this webinar you will learn: • How do you define a Hack? • What are the OWASP Top 10 • What is a back door? • XSS, SQL Injection, and others.
Tweet #AskSucuri to @SucuriSecurity What are hacks? Before we discuss what the most common types of hacks are, we need to decide what a hack is.
Tweet #AskSucuri to @SucuriSecurity DDoS • Distributed Denial of Service (DDoS) attacks are designed to disrupt a website’s availability. • The objective is to prevent legitimate users from accessing your website. • To be successful, the attacker needs to send more requests than the victim server can handle. Another way successful attacks occur is when the attacker sends bogus requests.
Tweet #AskSucuri to @SucuriSecurity Malware Generic term used for browser- side code to create drive-by downloads.
Tweet #AskSucuri to @SucuriSecurity Attack Vectors An attack vector is the way or means an attacker tries to gain access to your digital environment to infect it with malicious code.
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
Tweet #AskSucuri to @SucuriSecurity Cross-Site Scripting (XSS) Reflected XSS • The application or API includes unvalidated and unescaped user input as part of HTML output. Stored XSS • Application stores user data that is later looked at by an admin or another user. DOM XSS • JavaScript frameworks, single-page applications and API that dynamically include attacker controllable data.
Tweet #AskSucuri to @SucuriSecurity Backdoors • A way back in for the attackers • Or something built into a program to give unauthorized access to a system. In 2018 Website Hack Trend Report, 68% of malware removed were backdoors it was the top malware installed during a infection.

More Related Content

PPTX
Sucuri Webinar: Website Security for Web Agencies
Sucuri
 
PPTX
Sucuri Webinar: What is SEO Spam and How to Fight It
Sucuri
 
PPTX
Webinar: Personal Online Privacy - Sucuri Security
Sucuri
 
PPTX
Why Do Hackers Hack?
Sucuri
 
PPTX
Steps to Keep Your Site Clean
Sucuri
 
PPTX
Sucuri Webinar: Is SSL enough to secure your website?
Sucuri
 
PPTX
Sucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri
 
PPTX
Logs: Understanding Them to Better Manage Your WordPress Site
Sucuri
 
Sucuri Webinar: Website Security for Web Agencies
Sucuri
 
Sucuri Webinar: What is SEO Spam and How to Fight It
Sucuri
 
Webinar: Personal Online Privacy - Sucuri Security
Sucuri
 
Why Do Hackers Hack?
Sucuri
 
Steps to Keep Your Site Clean
Sucuri
 
Sucuri Webinar: Is SSL enough to secure your website?
Sucuri
 
Sucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri
 
Logs: Understanding Them to Better Manage Your WordPress Site
Sucuri
 

What's hot (20)

PDF
Sucuri Webinar: How to clean hacked WordPress sites
Sucuri
 
PPTX
Sucuri Webinar: How Websites Get Hacked
Sucuri
 
PPTX
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri
 
PPTX
Sucuri Webinar: Preventing Cross-Site Contamination for Beginners
Sucuri
 
PPTX
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri
 
PDF
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
Sucuri
 
PPTX
Sucuri Webinar: Tis the Season for Credit Card Scraping and Malware Trends
Sucuri
 
PDF
Sucuri Webinar: How to Clean a Hacked Magento Website
Sucuri
 
PPTX
Sucuri Webinar: How To Know For Sure You Can Trust A Plugin
Sucuri
 
PDF
Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri
 
PPTX
2018 Hacked Website Trends
Sucuri
 
PPTX
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri
 
PDF
Sucuri Webinar: Impacts of a website compromise
Sucuri
 
PPTX
Webinar: CWAF for Mid Market/Enterprise Organizations
Sucuri
 
PPTX
Kludges and PHP. Why Should You Use a WAF?
Sucuri
 
PDF
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri
 
PPTX
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri
 
PDF
Sucuri Webinar: Oh No! My Website Has Been Hacked.
Sucuri
 
PPTX
Sucuri Webinar: Leveraging Sucuri's API
Sucuri
 
PPTX
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri
 
Sucuri Webinar: How to clean hacked WordPress sites
Sucuri
 
Sucuri Webinar: How Websites Get Hacked
Sucuri
 
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri
 
Sucuri Webinar: Preventing Cross-Site Contamination for Beginners
Sucuri
 
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri
 
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
Sucuri
 
Sucuri Webinar: Tis the Season for Credit Card Scraping and Malware Trends
Sucuri
 
Sucuri Webinar: How to Clean a Hacked Magento Website
Sucuri
 
Sucuri Webinar: How To Know For Sure You Can Trust A Plugin
Sucuri
 
Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri
 
2018 Hacked Website Trends
Sucuri
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri
 
Sucuri Webinar: Impacts of a website compromise
Sucuri
 
Webinar: CWAF for Mid Market/Enterprise Organizations
Sucuri
 
Kludges and PHP. Why Should You Use a WAF?
Sucuri
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri
 
Sucuri Webinar: Oh No! My Website Has Been Hacked.
Sucuri
 
Sucuri Webinar: Leveraging Sucuri's API
Sucuri
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri
 

Similar to What Are the Most Common Types of Hacks? (20)

PPTX
owasp features in secure coding techniques
Sri Latha
 
PDF
Secure coding guidelines
Zakaria SMAHI
 
PPTX
Owasp
penetration Tester
 
PPTX
Owasp top 10 vulnerabilities
OWASP Delhi
 
PPTX
OWASP TOP 10
Robert MacLean
 
PPTX
Security risks awareness
Janagi Kannan
 
PPT
Owasp top 10 & Web vulnerabilities
RIZWAN HASAN
 
PPT
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 
PDF
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
 
PDF
Truetesters presents OWASP Top 10 Web Vulnerability
TrueTesters
 
PDF
Security Awareness
Lucas Hendrich
 
PDF
Web hackingtools 2015
ColdFusionConference
 
PDF
Web hackingtools 2015
devObjective
 
PDF
Owasp top 10_openwest_2019
Sean Jackson
 
PDF
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Minded Security
 
ODP
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
PPTX
Word camp orange county 2012 enduser security
Tony Perez
 
PPTX
OWASP Top 10 2021 What's New
Michael Furman
 
PPTX
Essential security measures in ASP.NET MVC
Rafał Hryniewski
 
PDF
Web hackingtools cf-summit2014
ColdFusionConference
 
owasp features in secure coding techniques
Sri Latha
 
Secure coding guidelines
Zakaria SMAHI
 
Owasp
penetration Tester
 
Owasp top 10 vulnerabilities
OWASP Delhi
 
OWASP TOP 10
Robert MacLean
 
Security risks awareness
Janagi Kannan
 
Owasp top 10 & Web vulnerabilities
RIZWAN HASAN
 
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
 
Truetesters presents OWASP Top 10 Web Vulnerability
TrueTesters
 
Security Awareness
Lucas Hendrich
 
Web hackingtools 2015
ColdFusionConference
 
Web hackingtools 2015
devObjective
 
Owasp top 10_openwest_2019
Sean Jackson
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Minded Security
 
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
Word camp orange county 2012 enduser security
Tony Perez
 
OWASP Top 10 2021 What's New
Michael Furman
 
Essential security measures in ASP.NET MVC
Rafał Hryniewski
 
Web hackingtools cf-summit2014
ColdFusionConference
 

More from Sucuri (12)

PPTX
Sucuri Webinar: Sucuri Introduces the Sales Enablement Department
Sucuri
 
PPTX
Sucuri Webinar: Getting Started with Sucuri
Sucuri
 
PPTX
Webinar: eCommerce Compliance - PCI meets GDPR
Sucuri
 
PPTX
Webinar: 10 Consejos para Mejorar la Postura de Seguridad de tu Sitio Web
Sucuri
 
PPTX
Ecommerce Website Security
Sucuri
 
PPTX
Otimização de Websites para Ganho de Performance & Resiliência
Sucuri
 
PPTX
Guia de Segurança para WordPress
Sucuri
 
PPTX
Gambiarra e PHP. Por que você deveria usar um WAF?
Sucuri
 
PPTX
Segurança para Agências: Proteja seus Clientes
Sucuri
 
PPTX
Seguridad para Agencias de Desarrollo Web: Protege tus Clientes y tu Negocio
Sucuri
 
PPTX
WHDusa 2017: Bridging the Divide between Human Behavior & Security
Sucuri
 
PPTX
Sucuri Webinar: Beginner's Guide to CDNs
Sucuri
 
Sucuri Webinar: Sucuri Introduces the Sales Enablement Department
Sucuri
 
Sucuri Webinar: Getting Started with Sucuri
Sucuri
 
Webinar: eCommerce Compliance - PCI meets GDPR
Sucuri
 
Webinar: 10 Consejos para Mejorar la Postura de Seguridad de tu Sitio Web
Sucuri
 
Ecommerce Website Security
Sucuri
 
Otimização de Websites para Ganho de Performance & Resiliência
Sucuri
 
Guia de Segurança para WordPress
Sucuri
 
Gambiarra e PHP. Por que você deveria usar um WAF?
Sucuri
 
Segurança para Agências: Proteja seus Clientes
Sucuri
 
Seguridad para Agencias de Desarrollo Web: Protege tus Clientes y tu Negocio
Sucuri
 
WHDusa 2017: Bridging the Divide between Human Behavior & Security
Sucuri
 
Sucuri Webinar: Beginner's Guide to CDNs
Sucuri
 

Recently uploaded (20)

PDF
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
PDF
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PPTX
innovation process that make everything different.pptx
SoumyadipPaul18
 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
innovation process that make everything different.pptx
SoumyadipPaul18
 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
Internet___Basics___Styled_ presentation
poonam62133
 
Digital Literacy And Online Safety on internet
riksa rifqi
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
artificial intelligence overview of it and more
yafotin445
 
Funds Management Learning Material for Beg
NKKumar16
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 

What Are the Most Common Types of Hacks?

  • 1. What Are the Most Common Types of Hacks? Joshua Hammer, Sales Operations Manager Stephen Johnston, Sales Consultant S U C U R I W E B I N A R
  • 2. Joshua Hammer Sales Operations Manager Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
  • 3. Joshua Hammer Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R • Sucuri 4 years • Sales Operations Manager • Married with 2 kids • Loves board games, video games, security, and laughing
  • 4. Stephen Johnston Sales Consultant Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
  • 5. Stephen Johnston Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R • Sucuri 1.5 years • Agency Sales Consultant • Married with 3 kids • Loves religion, his family, guitar, technology and security
  • 6. Tweet #AskSucuri to @SucuriSecurity In this webinar you will learn: • How do you define a Hack? • What are the OWASP Top 10 • What is a back door? • XSS, SQL Injection, and others.
  • 7. Tweet #AskSucuri to @SucuriSecurity What are hacks? Before we discuss what the most common types of hacks are, we need to decide what a hack is.
  • 8. Tweet #AskSucuri to @SucuriSecurity DDoS • Distributed Denial of Service (DDoS) attacks are designed to disrupt a website’s availability. • The objective is to prevent legitimate users from accessing your website. • To be successful, the attacker needs to send more requests than the victim server can handle. Another way successful attacks occur is when the attacker sends bogus requests.
  • 9. Tweet #AskSucuri to @SucuriSecurity Malware Generic term used for browser- side code to create drive-by downloads.
  • 10. Tweet #AskSucuri to @SucuriSecurity Attack Vectors An attack vector is the way or means an attacker tries to gain access to your digital environment to infect it with malicious code.
  • 11. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 12. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 13. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 14. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 15. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 16. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 17. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 18. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 19. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 20. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 21. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  • 22. Tweet #AskSucuri to @SucuriSecurity Cross-Site Scripting (XSS) Reflected XSS • The application or API includes unvalidated and unescaped user input as part of HTML output. Stored XSS • Application stores user data that is later looked at by an admin or another user. DOM XSS • JavaScript frameworks, single-page applications and API that dynamically include attacker controllable data.
  • 23. Tweet #AskSucuri to @SucuriSecurity Backdoors • A way back in for the attackers • Or something built into a program to give unauthorized access to a system. In 2018 Website Hack Trend Report, 68% of malware removed were backdoors it was the top malware installed during a infection.

Editor's Notes

  • #9: Is an hack a ddos?
  • #10: Or perhaps its malware
  • #11: Or maybe its attack vectors
  • #12: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #13: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #14: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #15: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #16: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #17: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #18: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #19: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #20: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #21: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #22: * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware > Injection (where a hacker trys to inject code such as sql injection attacks) Broken authentication (flaws in authentication or brute force) Sensitvie data exposure (either in transit or stored data) XML External Entities (when either by uploading an xml script or injecting a xml script into axml processor) Broken access control (by gaining access to areas they are not suppose to have access to) Security misconfigurations (not changing defaults for example) Crosssite scripting (will go into more detail on next page) Insecure deserialization (serialization is changing objects to byte strings deserialization is from byte strings to objects (recent attack type was a cookie that stored info as user and was changed to admin in host file thus giving admin access to the site) Known vulnerabilities (using plugins with known issues makes easier target) Insufficient logging and monitoring (cant protect what you don’t know is happing)
  • #23: Reflected (allows the attacker to execute html and javascript in the victims browser) Stored(allows attacker to view user input Dom (replace or defacement