Web application provides an interface between the web server and the client to communicate through a set of web pages generated at the server end or that contain script code to be executed dynamically within the client Web browser.
The data is passed between client and server in the form of HTML pages through HTTP protocol. To hack websites as well as web applications.
An individual requires knowledge of ASP, PHP, and SQL, among others. Knowledge of such languages combined with access to some web application hacking tools will enable you to hack almost any website or web application with relative ease.
- Best WiFi Hacking Apps For Android
- What is Active Online Attacks and how to Defend
- What is Antispyware and Who Needs It
- What is Cookies and What Information it contains
According to Gartner market research, 75% of all malicious hacking attacks target complex web applications.
This is hardly surprising if we consider a couple of basic common sense facts. Web applications are popular due to the ubiquity of web browsers, and the convenience of using a web browser as a client.
Common Web Application Vulnerabilities
1. Hidden Field Manipulation
Hidden fields are embedded within HTML forms to maintain values that will be sent back to the server.
Such hidden fields serve as a means for the web application to pass information between different parts of one application or between different applications.
Using this method, an application may pass the data without saving it to a common backend system (typically a database).
However, a major assumption about hidden fields is that since they’re non-visible (i.e. hidden) they will not be viewed or changed by the client.
2. Application Buffer Overflow
Web applications that receive parameters are
By sending long parameters or values it is possible to achieve memory corruption in the application which can result in the application shutting down or the ability to gain high privileges on the server machine.
3. Cross-Site Scripting
A link to a valid website can be manipulated so that one of the parameters of the URL or maybe even the referrer will hold a script.
This script will then be implanted by the server into a dynamic web page and will run on the client side.
The script can then perform a “virtual hijacking” of the user’s session and can capture information transferred between the user and the legitimate web application.
The user activates the malicious link when he crawls through a 3rd party site or by receiving an
an email with the link in a web-enabled email client.
Web Applications Hacking
- Identify common attack vectors for web applications
- identify command injection attacks
- match the layer to the web service attack type that can be performed at that layer
- match the hacking activity to the stage in the web application hacking methodology
- match the web application hacking countermeasure to the type of attack it helps defend against
- determine what you test for at which stage of web application penetration
- identify web applications hacking techniques and tools and how to counter them