GreyCampus Logo
AboutContact
Premium Resources
Training Courses
Free Resources
Open CampusBlogMock ExamsDownloadables

Hacking Methodology | Ethical Hacking


Hacking Methodology



Web footprinting:


Gathering information related to the web application like-



  • Whois information


  • Netcraft information


  • Firewall information


  • Ports and services running


  • Server and OS discovery


  • Hidden contents



Vulnerability scanners:


Scanners like Nikto, Nessus, URLscan, Acunetix can be used to find out vulnerabilities in a web application.


Identify Entry Points and Attack surface:


The next step is to know the entry points like login screens, URLs, cookies, and output points like display screens, reports, etc. We need to find vulnerabilities to bypass the access controls and break into the application. All the above discussed attacks should be tested for the possibility.


Countermeasures:



  • Always validate the input fields.


  • Limit the entry in the input fields.


  • Check for arbitrary inputs like scripts, SQL injection codes, etc.


  • Use a Web application firewall.


  • Run database accounts with minimal access rights.


  • Use input/output encoding.


  • Use prepared statements and parameterised sql queries to avoid Sql injection.


  • Configure the firewall with strict rules.


  • Use secure protocols.


  • Encrypt cookies.


  • Use random numbers for cookies and proper session expiry.






GreyCampus Logo
Company
AboutContactTerms of UsePrivacy Policy
Resources
BlogOpenCampus
Bootcamps
Data Science CoursePower BI CourseApplied Generative AI CourseCertificate Program in Data Science and Machine Learning