Web Security System Website Security Systems
Website Security Systems is very important for a webmaster.
If a webmaster to ignore the security aspect of a website, the website will be very vulnerable to attacks from a hacker.
To strengthen the web of security in terms of knowledge about web security systems needed to be overcome.
Web Security System Web hacking
Web hacking is usually done through port 80. Because the website using port 80. The attacks are usually carried out are:• Deface Site
• SQL Injection
• Remote File Inclusion (RFI)
• Local File Inclusion (LFI)
• Cross Site Scripting (XSS)
Web Security System Deface Site
• Deface is an activity to change the front page (index) or the content of a Web site or its contents so that the view in accordance with the desired.
Web Security System The techniques of web site Deface
• Generally the amount of deface can be done in 3 ways:
1. Generally speaking, Enter Illegal Input. The aim is that the user was thrown out of the directory files and go to the web server root directory and then run the cmd.exe and observing the structure of the target directory on the NT server.
2. With TFTP (Trivial File Transfer Protocol) is a UDP based protocol which listen on ports 69 and is very susceptible safety and most web servers running this TFTP service. 3. With the FTP with a web that has been filled deface materials. Each NT server has ftp.exe file upload to FTP or FTP downloads.
Web Security System Netcat
• Netcat allows you to form their own port filter that allows file transfers without using FTP. Furthermore, netcat can be used to avoid the port filters on most firewalls, spoofing IP address, to conduct session hijackingWeb Security System Securing IIS Server from Deface
• Always updating with the latest service packs and the latest hotfix
. • Protect with a firewall and IDS (Intrusion Detection System).
• Eliminating Options Write on the HTTP protocol (HTTP 1.0 and HTTP 1.1).
• Commands supported are: CONNECT*, DELETE*, GET, HEAD, OPTIONS, POST, PUT, TRACE
Web Security System SQL Injection
• SQL injection attack is one attack to reach access to the database system based on Microsoft SQL Server
• These techniques take advantage of weaknesses in the programming language in SQL scripting in processing a database system that allows someone without an account can enter and pass the verification of the MS SQL Server.
Web Security System SQL Injection For handling this case is set to:
• Only certain characters may be inputted. • If the illegal character is detected, immediately rejected the request.
Web Security System Remote File Inclusion (RFI)
• Methods that exploit the weaknesses of PHP scripts include (), include_once (), Require (), require_once () the variable is not declared properly.
• With RFI an attacker can either include a file that is located outside the respective servers.
Web Security System Local File Inclusion (LFI)
• Methods that exploit the weaknesses of PHP scripts include (), include_once (), Require (), require_once () the variable is not declared properly
. • With LFI an attacker can either include a file that is located on the server concerned.
Web Security System Cross Site Scripting (XSS)
• XSS also known as the CSS is an acronym for Cross Site Scripting.
• XSS is a method to insert HTML or script code into a website that is run through a browser on the client.
for useful tips approach the
ReplyDeletesql server expert.They will clear your doubts and help you enhance your performance