This document discusses concepts related to web server security including common web server architectures, attack types like DNS hijacking and response splitting, and methodology for attacking web servers which involves information gathering, footprinting, vulnerability scanning, and exploiting vulnerabilities through techniques such as session hijacking and password hacking. It also lists tools that can be used in web server attacks like Metasploit.
This document discusses concepts related to web server security including common web server architectures, attack types like DNS hijacking and response splitting, and methodology for attacking web servers which involves information gathering, footprinting, vulnerability scanning, and exploiting vulnerabilities through techniques such as session hijacking and password hacking. It also lists tools that can be used in web server attacks like Metasploit.
This document discusses concepts related to web server security including common web server architectures, attack types like DNS hijacking and response splitting, and methodology for attacking web servers which involves information gathering, footprinting, vulnerability scanning, and exploiting vulnerabilities through techniques such as session hijacking and password hacking. It also lists tools that can be used in web server attacks like Metasploit.
Open-source Web Server Architecture IIS Web Server Architecture Web Server Security Issues Why are Web Servers Compromised DEMONSTRATE DIFFERENT WEB SERVER ATTACKS DNS Server Hijacking DNS Amplification Attack DNS Amplification Attack (cont) Directory Traversal Attacks Web Defacement Web Server Misconfiguration HTTP Response-Splitting Attack Example of an HTTP Response-Splitting Attack Web Cache Poisoning Attack SSH Brute Force Attack Web Server Password Cracking Other Web Server Attacks Other Web Server Attacks (Cont) Other Web Server Attacks (Cont) Other Web Server Attacks (Cont) EXPLAIN WEB SERVER ATTACK METHODOLOGY Web Server Attack Methodology Information Gathering Information Gathering from Robots.txt File Web Server Footprinting/Banner Grabbing Web Server Footprinting Tools Enumerating Web Server Information Using Nmap Website Mirroring Finding Default Credentials of Web Server Finding Default Content of Web Server Finding Directory Listings of Web Server Finding Directory Listings of Web Server Vulnerability Scanning Finding Exploitable Vulnerabilities Session Hijacking Web Server Password Hacking Using Application Server as a Proxy Web Server Attack Tools: Metasploit