Website Hacking, Penetration Testing

Nov 18, 2024

🔗 Course

Tools and Techniques:

  • Website Information:

    • Use who.is and Robtex to gather website details.
    • Discovering subdomains can expose vulnerabilities in less-secured or experimental subdomains, potentially allowing access to other subdomains on the same server.

  • SQL Map

    • Tool for automating SQL injection testing.

  • Cross-Site Scripting (XSS):

    • Three types of XSS.
    • Client-side input validation is weak since attackers can edit the client-side HTML.

  • Backdoors:

    • Two types:
      • Direct: Hacker initiates contact with the victim.
      • Reverse: Victim initiates contact with the hacker.

  • Cross-Site Request Forgery (CSRF):

    • Exploits API calls from another site (e.g., changing passwords).

  • Brute Force Attacks:

    • Method of systematically trying all possible passwords or keys.
🏷️#work#udemy#security