Web-Based Hacking: Servers and Applications
This chapter includes questions from the following topics:
• Identify features of common web server architecture
• Describe web server and web application attacks
• Identify web server and application vulnerabilities
• Identify web application hacking tools
In the Spring of 1863, a mismatch was shaping up on the battlefield. General Robert E. Lee and Stonewall Jackson had amassed a sizeable Confederate force of around 60,000 men in and around Chancellorsville, Virginia, after the recent victory in Fredericksburg. Major General Joseph Hooker, however, commanded a Union army of around 130,000 men and was under direct orders from President Lincoln to annihilate the Confederate army. He thus decided upon a plan of action, well based in current military strategy, to apply his vastly superior forces and march against the enemy. By any measure, this was shaping up as an easy victory for the North.
General Lee, however, wasn’t well known for following strict rules of battle. While Hooker amassed forces for a front-on attack, Lee did something that, at the time, was considered either the dumbest move in history or brilliant strategy: He split his already outnumbered army into three groups. He left a paltry 10,000 men to meet the head-on charge, but sent the other 50,000 men in two groups to surround and flank the Union troops. Through a series of improbable victories on the Confederate side and utterly tentative and puzzling decision making by their Northern counterparts, the battle became a treatise on victory against all odds, and the power of mind and strategy on the battlefield.
And what is the relevance here for us, you may ask? By changing the focus of his attack, General Lee succeeded in pulling off one of the most unbelievable military victories in history. You can do the same in your pen testing by focusing your efforts on those areas the strong defenses of your target may overlook: their web applications and servers (yes, I know it’s corny, just go with it). Businesses and corporations are like that Union army, with so many defenses arrayed against you they seem impenetrable. But most of them can be outflanked, via their public-facing web fronts (which may or may not have proper security included) and their customized, internal web applications. This chapter is all about web servers and applications and how you can exploit them. After all, if the target is going to trust them, why not have a look?
STUDY TIPS Thankfully, most questions you’ll see about these topics are of the straightforward, definition-based variety. Be careful with the wording in these questions, though, because they’ll sometimes try to trick you up with petty minutia instead of actually testing your knowledge.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.