Module 13: Hacking Web Servers

Web Server Concepts

13.1 Web Server Operations
13.2 Open Source Web Server Architecture
13.3 IIS Web Server Architecture
13.4 Web Server Security Issue
13.5 Why Web Servers Are Compromised?
13.6 Impact of Web Server Attacks

Web Server Attacks

13.7 DoS/DDoS Attacks
13.8 DNS Server Hijacking
13.9 DNS Amplification Attack
13.10 Directory Traversal Attacks
13.11 Man-in-the-Middle/Sniffing Attack
13.12 Phishing Attacks
13.13 Website Defacement
13.14 Web Server Misconfiguration
13.15 HTTP Response Splitting Attack
13.16 Web Cache Poisoning Attack
13.17 SSH Brute Force Attack
13.18 Web Server Password Cracking
13.19 Web Application Attacks

Web Server Attack Methodology

13.20 Information Gathering

- Information Gathering from Robots.txt File

13.21 Web Server Footprinting/Banner Grabbing

- Web Server Footprinting Tools
- Enumerating Web Server Information Using Nmap

13.22 Website Mirroring

- Finding Default Credentials of Web Server
- Finding Default Content of Web Server
- Finding Directory Listings of Web Server

13.23 Vulnerability Scanning

- Finding Exploitable Vulnerabilities

13.24 Session Hijacking
13.25 Web Server Passwords Hacking
13.26 Using Application Server as a Proxy

Web Server Attack Tools

13.27 Metasploit

- Metasploit Exploit Module
- Metasploit Payload and Auxiliary Module
- Metasploit NOPS Module

13.28 Web Server Attack Tools

Countermeasures

13.29 Place Web Servers in Separate Secure Server Security Segment on Network
13.30 Countermeasures

- Patches and Updates
- Protocols
- Accounts
- Files and Directories

13.31 Detecting Web Server Hacking Attempts
13.32 How to Defend Against Web Server Attacks
13.33 How to Defend against HTTP Response Splitting and Web Cache Poisoning
13.34 How to Defend against DNS Hijacking

Patch Management

13.35 Patches and Hotfixes
13.36 What is Patch Management
13.37 Installation of a Patch
13.38 Patch Management Tools

Web Server Security Tools

13.39 Web Application Security Scanners
13.40 Web Server Security Scanners
13.41 Web Server Security Tools

Web Server Pen Testing

13.42 Web Server Penetration Testing
13.43 Web Server Pen Testing Tools

Machine Learning Introduction

Machine Learning Algorithms

Supervised Learning

Linear Regression and Logistic Regression

K-Nearest Neighbour (KNN)

Decision Tree

Nau00efve Bayes Classifier

Unsupervised Learning

Advanced Machine Learning Concepts

Random Forest u2013 Ensemble

Support Vector Machine (SVM)

Natural Language Processing (NLP)

Artificial Neural Network (ANN)

Tensorflow overview and Deep Learning Intro

Machine Learning