Module 13: Hacking Web Servers
Web Server Concepts
13.1 Web Server Operations
13.2 Open Source Web Server Architecture
13.3 IIS Web Server Architecture
13.4 Web Server Security Issue
13.5 Why Web Servers Are Compromised?
13.6 Impact of Web Server Attacks
Web Server Attacks
13.7 DoS/DDoS Attacks
13.8 DNS Server Hijacking
13.9 DNS Amplification Attack
13.10 Directory Traversal Attacks
13.11 Man-in-the-Middle/Sniffing Attack
13.12 Phishing Attacks
13.13 Website Defacement
13.14 Web Server Misconfiguration
13.15 HTTP Response Splitting Attack
13.16 Web Cache Poisoning Attack
13.17 SSH Brute Force Attack
13.18 Web Server Password Cracking
13.19 Web Application Attacks
Web Server Attack Methodology
13.20 Information Gathering
-
- Information Gathering from Robots.txt File
13.21 Web Server Footprinting/Banner Grabbing
-
- Web Server Footprinting Tools
- Enumerating Web Server Information Using Nmap
13.22 Website Mirroring
-
- Finding Default Credentials of Web Server
- Finding Default Content of Web Server
- Finding Directory Listings of Web Server
13.23 Vulnerability Scanning
-
- Finding Exploitable Vulnerabilities
13.24 Session Hijacking
13.25 Web Server Passwords Hacking
13.26 Using Application Server as a Proxy
Web Server Attack Tools
13.27 Metasploit
-
- Metasploit Exploit Module
- Metasploit Payload and Auxiliary Module
- Metasploit NOPS Module
13.28 Web Server Attack Tools
Countermeasures
13.29 Place Web Servers in Separate Secure Server Security Segment on Network
13.30 Countermeasures
-
- Patches and Updates
- Protocols
- Accounts
- Files and Directories
13.31 Detecting Web Server Hacking Attempts
13.32 How to Defend Against Web Server Attacks
13.33 How to Defend against HTTP Response Splitting and Web Cache Poisoning
13.34 How to Defend against DNS Hijacking
Patch Management
13.35 Patches and Hotfixes
13.36 What is Patch Management
13.37 Installation of a Patch
13.38 Patch Management Tools
Web Server Security Tools
13.39 Web Application Security Scanners
13.40 Web Server Security Scanners
13.41 Web Server Security Tools
Web Server Pen Testing
13.42 Web Server Penetration Testing
13.43 Web Server Pen Testing Tools