How could a hacker use the following information to their advantage? Also provide a possible method...

How could a hacker use the following information to their advantage? Also provide a possible method to obtain it.

- Personal Web pages of Employees

Expert Solution

Answer:-

In simple words, hacking is doing something which you are not allowed to do.
Hacking a website, or any system is done by various ways. Some of most common ways are -

SQL Injection
Remote Code Execution - RCE
Session hijacking / poisoning
Client Side Request Forgery

And many other ways.
There hell lot of tools that helps an attacker. Some of the free tools are -

Metasploit
Nessus
Nexpose
SQL map
Netscan

More people have access to the internet than ever before. This has prompted many organizations to develop web based applications that users can use online to interact with the organization. Poorly written code for web applications can be exploited to gain unauthorized access to sensitive data and web servers.

In this article, we will introduce you to web applications hacking techniques and the counter measures you can put in place to protect against such attacks.

What is a web application? What are Web Threats?

A web application (aka website) is an application based on the client-server model. The server provides the database access and the business logic. It is hosted on a web server. The client application runs on the client web browser. Web applications are usually written in languages such as Java, C# and VB.NET Shop, PHP, ColdFusion Markup Language etc. the database engines used in web applications include MySQL, MS SQL Server, PostgreSQL, SQLite etc.

Most web applications are hosted on public servers accessible via the internet. This makes them vulnerable to attacks due to easy accessibility. The following are common web application threats.

SQL Injection – the goal of this threat could be to bypass login algorithms, sabotage the data etc.
Denial of Service Attacks– the goal of this threat could be to deny legitimate users access to the resource
Cross Site Scripting XSS– the goal of this threat could be to inject code that can be executed on the client side browser.
Cookie/Session Poisoning– the goal of this threat is to modify cookies/session data by an attacker to gain unauthorized access.
Form tempering– the goal of this threat is to modify form data such as prices in e-commerce applications so that the attacker can get items at reduced prices.
Code Injection – the goal of this threat is to inject code such as PHP, python etc that can be executed on the server. The code can install backdoors, reveal sensitive information etc.
Defacement– the goal of this threat is to modify the page been displayed on a website and redirecting all page requests to a single page that contains the attacker’s message.

venereology answered 9 months ago

If you could show work it would be greatly appreciated also, if possible use the template...

If you could show work it would be greatly appreciated also, if possible use the template that I have provided. Thank you, also this is all the question provides me with. SallyMay, Inc., designs and manufactures T-shirts. It sells its T-shirts to brand name clothes retailers in lots of one dozen. SallyMay's May 2013 static budget and actual results for direct inputs are as follows: Static Budget Number of T-shirt lots (1 lot1 dozen) 400 Per Lot of T-shirts: Direct...

. How Project Portfolio Management process could provide business advantage to the company? As a project...

. How Project Portfolio Management process could provide business advantage to the company? As a project manager develop a strong statement (1 pages) supporting implementation of PPM in your organization

Choose Two of the following and provide as technical an explanation as possible: The scientific method...

Choose Two of the following and provide as technical an explanation as possible: The scientific method The birth and growth of the internet The swing of a pendulum Stem cell research

Could you please also give me a code that does not use the string split method...

Could you please also give me a code that does not use the string split method but instead gives an input and output file that you have to compile using "type output.txt" in java. This is the code: Record.java public class Record { private String stateCode, districCode, districtName; private int totalPopulation, childPopulation, childPovertyPopulation; private String miscStats; public Record(String stateCode, String districCode, String districtName, int totalPopulation, int childPopulation, int childPovertyPopulation, String miscStats) { this.stateCode = stateCode; this.districCode = districCode; this.districtName =...

How do Information Systems provide a competitive advantage for a company? Answer this question in the...

How do Information Systems provide a competitive advantage for a company? Answer this question in the context of a company of your choice. In providing your answer state why have you chosen the company and discuss how this company can achieve competitive advantage using Information Systems. Please refer to your readings to support your answer

Hello! If possible, could you provide how and in excel? I'm stuck and trying to learn...

Hello! If possible, could you provide how and in excel? I'm stuck and trying to learn so I can do well on the exam! A 20-year annuity pays $2,350 per month at the end of each month. If the discount rate is 13 percent compounded monthly for the first eight years and 10 percent compounded monthly thereafter, what is the present value of the annuity? (Do not round intermediate calculations and round your answer to 2 decimal places, e.g., 32.16.)...

could you explain the differences and the similarities between undetermined coefficients method and annihilator method? also,...

could you explain the differences and the similarities between undetermined coefficients method and annihilator method? also, could you please solve an example step by step to explain how the annihilator method works?

Please provide introduction (mission, vision, and competitive advantage), history, and background information for the following company....

Please provide introduction (mission, vision, and competitive advantage), history, and background information for the following company. Company: Kohl's (department store company)

Suggest the best instrumental method(s) for the following analyses. Also suggest possible sample pre-treatment methods or...

Suggest the best instrumental method(s) for the following analyses. Also suggest possible sample pre-treatment methods or accessaries if there are any. Consider the sample concentration, possible interferences, sample size, etc. 6) To measure the concentration (about 10-3 M) of Cu2+ samples. 7) To know the crystalline structure of solid samples. 8) To measure Ca2+ concentration (about 1 ppm); the sample volume is very small. 9) To know the molecular structure of a carbonyl-containing organometallic compound [M(CO)n]. 10) Roughly estimate the...

(3) Use the Hungarian Method to find the minimum possible cost for assigning the following jobs...

(3) Use the Hungarian Method to find the minimum possible cost for assigning the following jobs to the following four workers. The three jobs are new flooring, a new roof, and a new boiler. The costs for each person are as follows: (25 pts.) Steve: 105 for Flooring, 321 for Roofing, 580 for Boiler. Hoshi: 215 for Flooring, 300 for Roofing, 500 for Boiler. Iqbal: 150 for Flooring, 315 for Roofing, 520 for Boiler. Daphne: 240 for Flooring, 280 for...

Question