In this article, I want to talk about web hacking. Web hacking is a very interesting topic because there are so many web sites today and it's a way to attack a company.
The first reference for website attacks is the OWASP top ten! https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
OWASP top ten is a free document made to spread awareness about the most critical security risk for the web applications. They update the top ten every few years so it stays up to date.
The top ten from 2017:
Injection flaws happens when you can send untrusted data to the target so it executes unintended commands.
A2: Broken authentication
This flaw happens when the authentication and session management are implemented improperly.
A3: Sensitive data exposure
Some sensitive data (credit card numbers) are not encrypted properly in transit or in storage.
A4: XML external entities (XXE)
Poorly configured XML processors evaluate external entity within the XML documents. The attacker could include code inside the XML document to be evaluated and executed.
A5: Broken access control
The access control doesn't properly restrict the user so he can access unauthorized data.
A6: Security misconfiguration
Some insecure default configurations can lead to some flaws.
A7: Cross-site scripting (XSS)
XSS happens when the user can send untrustred data to the web application without the page validating the data or escaping unsafe characters.
A8: Insecure deserialization
This can lead to remote code execution.
A9: Using components with known vulnerabilities
Some libraries, framework, modules already have vulnerabilities that can be exploited to attack web applications.
A10: Insufficient logging and monitoring
This is the impossibility to detect a breach and react before it's too late.
In the next articles I will show you some of these attacks taht are very interesting like SQL injection, XSS and more!! If you want more information fell free to ask and check the OWASP website! https://www.owasp.org/index.php/Main_Page
The information provided on hacking is to be used for educational purpose only. The creator is in no way responsible for any misuse of the information provided. All the information provided is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word "Hacking" should be regarded as "Ethical hacking". You implement the information given at your own risk