Chapter 6 - Web-Based Hacking: Servers & Apps Flashcards
IETF
Internet Engineering Task Force - Creates engineering documents to help make the internet work better
W3C
World Wide Web Consortium - A standards-developing community
OWASP
Open Web Application Security Project - Organization focused on improving the security of software.
Web Server attack Methodology
Information Gathering (Whois), Footprinting (banner grab), Website mirroring, Vulnerability Scanning, Session Hijacking, Password Cracking
Banner Grab
Method for web server footprinting
Netcraft
Web server footprinting tool
HTTPRecon
Web server footprinting tool
ID Serve
Web server footprinting tool
nmap
Powerful footprinting tool
nmap -script http-trace -p80 localhost.
Detects vulnerable TRACE method
nmap -script http-google-email
Lists email addresses
nmap -script hostmap-*
Discovers virtual hosts on the IP address you are tryingto footprint; * is replaced by online database
nmap -script http-enum -p80
enumerates common web apps
nmap -p80 -script http-robots.txt
Grabs the robots.txt file
Nikto
Vulnerability scanner specifically suited for web servers
Wget
Website mirroring tool
Black Widow
Website mirroring tool
HTTrack
Website mirroring tool
WebCopier Pro
Website mirroring tool
Web Ripper
Website mirroring tool
SurfOffline
Website mirroring tool
HTTPrint
Website mirroring tool
What is N-Tier Architecture?
Distributes processes across multiple servers; normally as three tier: Presentation (web), logic (application), and data (database)
What is WebGoat
Project maintained by OWASP which is an insecure web app meant to be tested.