1
00:00:15,590 --> 00:00:22,220
Let us continue with the Web application protesting in this lecture, we are going to see different

2
00:00:22,220 --> 00:00:24,980
and important types of attacks on Web servers.

3
00:00:25,790 --> 00:00:28,100
So why are the Web servers compromised?

4
00:00:28,850 --> 00:00:35,960
Web servers are compromised due to improper file and direct permissions, installing the server for

5
00:00:35,970 --> 00:00:42,350
default settings, unnecessary servers enabled, including content management and remote administration

6
00:00:43,040 --> 00:00:50,000
security, conflicts with business, ease of use cases, lack of proper security policy procedures and

7
00:00:50,000 --> 00:00:56,570
maintenance, improper authentication with external systems, default accounts for default passwords

8
00:00:56,570 --> 00:01:01,220
or no passwords, unnecessary default backup or sample files.

9
00:01:01,640 --> 00:01:05,780
Misconfiguration in Web servers, operating systems and networks.

10
00:01:06,230 --> 00:01:07,940
Bugs and server software.

11
00:01:08,210 --> 00:01:10,460
Operating system and web applications.

12
00:01:11,330 --> 00:01:18,770
Configured SSL certificates also expired SSL certificates and misconfiguration and encryption settings.

13
00:01:19,400 --> 00:01:24,860
Administrative or debugging functions that have enabled or accessible on web servers.

14
00:01:25,310 --> 00:01:28,740
Use of cellphones are difficult and default certificates.

15
00:01:29,450 --> 00:01:32,210
So what is the impact of Web server attacks?

16
00:01:32,850 --> 00:01:39,490
It results in the compromise of user account Web site defacement, secondary attacks from the website

17
00:01:39,800 --> 00:01:46,220
route, access to other applications or servers, data tampering and data theft.

18
00:01:46,970 --> 00:01:50,020
Now we will see some important attacks.

19
00:01:50,480 --> 00:01:55,910
I'm not going into details of these attacks, but I will give you an overview of what these attacks

20
00:01:55,910 --> 00:01:56,120
are.

21
00:01:57,490 --> 00:02:04,870
The first is denial of service attacks, attack ads and numerous fake requests to the Web server, which

22
00:02:04,870 --> 00:02:10,750
results in the Web server crashing or becoming unavailable to the legitimate users, attackers then

23
00:02:10,870 --> 00:02:17,560
target high profile Web servers such as banks, credit card payment gateways, government owned services

24
00:02:17,560 --> 00:02:19,030
to steal user credentials.

25
00:02:19,550 --> 00:02:24,640
We will see how Bulgaria could lead a spectacle and further lectures the next.

26
00:02:25,600 --> 00:02:33,220
Is server hijacking in server hijacking, attacker compromises DNS server and changes their DNS settings

27
00:02:33,220 --> 00:02:40,210
so that all the requests coming towards the target of Observer are directed towards his or her own malicious

28
00:02:40,210 --> 00:02:40,900
servers.

29
00:02:41,710 --> 00:02:47,140
The next is the director who travels of attacks in Telcel attacks.

30
00:02:47,320 --> 00:02:53,620
Attackers use dot, dot slash sequence to access restricted directories outside the web server that

31
00:02:53,620 --> 00:02:54,580
is route directly.

32
00:02:55,240 --> 00:03:01,030
Attackers can use trial and error method to navigate outside of the room directly and access sensitive

33
00:03:01,030 --> 00:03:02,440
information in the system.

34
00:03:03,550 --> 00:03:08,310
The next is the man in the middle of sniffing attack man in the middle.

35
00:03:08,530 --> 00:03:15,160
Also koala's my team attack allows an attacker to access sensitive information by intercepting and altering

36
00:03:15,160 --> 00:03:18,040
communications between an end user and the web server.

37
00:03:18,880 --> 00:03:20,520
Attacker acts as a proxy.

38
00:03:20,530 --> 00:03:26,830
So that's all the communication between the user and the web server passes to him and he can read all

39
00:03:26,830 --> 00:03:27,850
the data you the to the.

40
00:03:28,960 --> 00:03:30,080
The next is Web site.

41
00:03:30,130 --> 00:03:31,090
Defacement attack.

42
00:03:31,750 --> 00:03:37,930
Web defacement occurs when an intruder maliciously alters the visual appearance of the page by inserting

43
00:03:38,140 --> 00:03:41,530
or substituting provocative and frequently offending data.

44
00:03:42,130 --> 00:03:49,030
Defaced pages expose visitors to some propaganda or misleading information until the unaddressed changes

45
00:03:49,030 --> 00:03:50,440
are discovered and corrected.

46
00:03:51,280 --> 00:03:56,910
Attackers use a variety of methods as my ESKIL injection Web site in order to defeat it.

47
00:03:57,700 --> 00:04:01,090
The next is the Web server misconfiguration server.

48
00:04:01,090 --> 00:04:06,670
Misconfiguration refers to configuration of weaknesses in the Web infrastructure that can be exploited

49
00:04:06,820 --> 00:04:14,040
to launch various attacks on Web servers, such as directly traversal server intrusion and data theft.

50
00:04:14,980 --> 00:04:22,060
Some of the Web server misconfiguration are Worboys debug or error messages, anonymous or default users

51
00:04:22,060 --> 00:04:28,420
and passwords, sample configuration and script files, remote administration functions, unnecessary

52
00:04:28,420 --> 00:04:33,430
services, annable and mis configured or default SSL certificates.

53
00:04:33,850 --> 00:04:37,700
In the next lecture, we will see a web server brain testing.

54
00:04:37,750 --> 00:04:40,750
That is how to carry out Pentax on a web server.