Question

In: Computer Science

How could a hacker use the following information to their advantage? Also provide a possible method...

How could a hacker use the following information to their advantage? Also provide a possible method to obtain it.

- Personal Web pages of Employees

Solutions

Expert Solution

Answer:-

In simple words, hacking is doing something which you are not allowed to do.
Hacking a website, or any system is done by various ways. Some of most common ways are -

  • SQL Injection
  • Remote Code Execution - RCE
  • Session hijacking / poisoning
  • Client Side Request Forgery

And many other ways.
There hell lot of tools that helps an attacker. Some of the free tools are -

  • Metasploit
  • Nessus
  • Nexpose
  • SQL map
  • Netscan

More people have access to the internet than ever before. This has prompted many organizations to develop web based applications that users can use online to interact with the organization. Poorly written code for web applications can be exploited to gain unauthorized access to sensitive data and web servers.

In this article, we will introduce you to web applications hacking techniques and the counter measures you can put in place to protect against such attacks.

What is a web application? What are Web Threats?

A web application (aka website) is an application based on the client-server model. The server provides the database access and the business logic. It is hosted on a web server. The client application runs on the client web browser. Web applications are usually written in languages such as Java, C# and VB.NET Shop, PHP, ColdFusion Markup Language etc. the database engines used in web applications include MySQL, MS SQL Server, PostgreSQL, SQLite etc.

Most web applications are hosted on public servers accessible via the internet. This makes them vulnerable to attacks due to easy accessibility. The following are common web application threats.

  • SQL Injection – the goal of this threat could be to bypass login algorithms, sabotage the data etc.
  • Denial of Service Attacks– the goal of this threat could be to deny legitimate users access to the resource
  • Cross Site Scripting XSS– the goal of this threat could be to inject code that can be executed on the client side browser.
  • Cookie/Session Poisoning– the goal of this threat is to modify cookies/session data by an attacker to gain unauthorized access.
  • Form tempering– the goal of this threat is to modify form data such as prices in e-commerce applications so that the attacker can get items at reduced prices.
  • Code Injection – the goal of this threat is to inject code such as PHP, python etc that can be executed on the server. The code can install backdoors, reveal sensitive information etc.
  • Defacement– the goal of this threat is to modify the page been displayed on a website and redirecting all page requests to a single page that contains the attacker’s message.

Related Solutions

What kind of information can a hacker get from a good packet sniffer program? How could...
What kind of information can a hacker get from a good packet sniffer program? How could packet sniffing be used in a good way or positive benefits?
If you could show work it would be greatly appreciated also, if possible use the template...
If you could show work it would be greatly appreciated also, if possible use the template that I have provided. Thank you, also this is all the question provides me with. SallyMay, Inc., designs and manufactures T-shirts. It sells its T-shirts to brand name clothes retailers in lots of one dozen. SallyMay's May 2013 static budget and actual results for direct inputs are as follows: Static Budget Number of T-shirt lots (1 lot1 dozen) 400 Per Lot of T-shirts: Direct...
.    How Project Portfolio Management process could provide business advantage to the company? As a project...
.    How Project Portfolio Management process could provide business advantage to the company? As a project manager develop a strong statement (1 pages) supporting implementation of PPM in your organization
Choose Two of the following and provide as technical an explanation as possible: The scientific method...
Choose Two of the following and provide as technical an explanation as possible: The scientific method The birth and growth of the internet The swing of a pendulum Stem cell research
Could you please also give me a code that does not use the string split method...
Could you please also give me a code that does not use the string split method but instead gives an input and output file that you have to compile using "type output.txt" in java. This is the code: Record.java public class Record { private String stateCode, districCode, districtName; private int totalPopulation, childPopulation, childPovertyPopulation; private String miscStats; public Record(String stateCode, String districCode, String districtName, int totalPopulation, int childPopulation, int childPovertyPopulation, String miscStats) { this.stateCode = stateCode; this.districCode = districCode; this.districtName =...
How do Information Systems provide a competitive advantage for a company? Answer this question in the...
How do Information Systems provide a competitive advantage for a company? Answer this question in the context of a company of your choice. In providing your answer state why have you chosen the company and discuss how this company can achieve competitive advantage using Information Systems. Please refer to your readings to support your answer
Hello! If possible, could you provide how and in excel? I'm stuck and trying to learn...
Hello! If possible, could you provide how and in excel? I'm stuck and trying to learn so I can do well on the exam! A 20-year annuity pays $2,350 per month at the end of each month. If the discount rate is 13 percent compounded monthly for the first eight years and 10 percent compounded monthly thereafter, what is the present value of the annuity? (Do not round intermediate calculations and round your answer to 2 decimal places, e.g., 32.16.)...
could you explain the differences and the similarities between undetermined coefficients method and annihilator method? also,...
could you explain the differences and the similarities between undetermined coefficients method and annihilator method? also, could you please solve an example step by step to explain how the annihilator method works?
Please provide introduction (mission, vision, and competitive advantage), history, and background information for the following company....
Please provide introduction (mission, vision, and competitive advantage), history, and background information for the following company. Company: Kohl's (department store company)
Choose a successful company and discuss how they use information technology to achieve their competitive advantage...
Choose a successful company and discuss how they use information technology to achieve their competitive advantage in their market.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT