IT 4510 : Information Security

Web Security

Dr Joe Francom

Risks

• The OWASP Top 10 Web Application Security Risks
• Remember that software security also applies to web software and websites.
• INPUT VALIDATION!

Scanning

• Banner grabbing (nikto, telnet)
• https://sitereport.netcraft.com/
  • How could that site be useful to an attacker?
• Site ripper?
  • httrack
  • let's rip some of the cit website and see if we can host on our Kali machine

Web server Attacks

See if you can find an example:

• DDOS
• DNS server hijacking
• DNS amplification attack
• Directory traversal
• MitM (burp)
• Website defacement
• Web server misconfiguration
• HTTP response splitting
• Web server password cracking

Vulnerability Scanners

• Nessus

Web application Attacks

• Injection
• XSS attacks
• clickjacking
• buffer overflow