Please enable JavaScript.
Coggle requires JavaScript to display documents.
Web Attacks (Protection Against Web Attacks (Use a Web Application…
Web Attacks
Type of Web Attacks
Cross-site scripting (XSS)
Tools
XSSer,DVWA
Exploit
Stored XSS
Reflected XSS
Local file inclusion
Tools
Burpsuite,DVWA
Exploit
Log Poisioning
proc/self/enriron
Remote file inclusion
Tools
CrabStick
Exploit
Remote Code execution
Sql injection
Tools
SQLmap, Burpsuite
Exploit
Get DB access
Get cookie
Changing GET to POST
Remote code execution
Exploit
Command injection
Tools
RoCET
File Path Traversal
Tools
BurpSuite
Exploit
LFI,RFI,remote code execution
Cross-Site Request Forgery
Tools
Burpsuite,DVWA
Exploit
Forging login requests
GET/POST scenario
Server-Side Request Forgery
Tools
Burpsuite
Exploit
Make HTTP request back to server
Steps to Perform Attack
3.Access and escalation
4.Exfiltration
2.Scanning
5.Sustainment
1.Reconnaissance
6.Assault
7.Obfuscation
Protection Against Web Attacks
Use a Web Application Firewall (WAF)
Use parameterised queries
Keep software up to date
Beware of error messages
Avoid file uploads
Use HTTPS
Validate input on both(C/S) sides
URL Rewriting
Scan Local or External Networks
(Injection of malicious malicious scripts into trusted websites)
(Trick the web application into exposing or running files on the web server.)
(Include remote files and execute them on web application)
( Using SQL Injection vulnerabilities to bypass application security measures.)
(Remotely execute commands on someone else’s computing device)
(Read arbitrary files on the server that is running an application)
(Force authenticated user to execute unwanted actions on a web application.)
(Induce the server-side application to make HTTP requests to an arbitrary domain)
(Find target)
(Identify weak point)
(Get access privilege)
(Data stealing)
(Install malicious programs to come and go easily)
(Alter the functionality of victim’s h/w)
(Hide track)
(XSSer)