Abstract image of a woman sitting on books and studying on a laptop

Domain 5 of the CEH Web Application Hacking.pptx

Download as PPTX, PDF
I
Infosectrain3

The document discusses Domain 5 of the Certified Ethical Hacker (CEH) exam, which is web application hacking. It defines a web application as a software program that performs tasks by running on any web browser without needing to be downloaded. Common hacking methods like SQL injection, cross-site scripting, and fuzzing are described. The document also outlines vulnerabilities like unvalidated inputs and directory traversal attacks, and defenses against web application hacking such as authentication, secure coding, and auditing.

Education
Related topics:
Web Application
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Domain 5 of the CEH: Web Application Hacking www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com Domains of CEH 1.Information Security and Ethical Hacking Overview-6% 2.Reconnaissance Techniques-21% 3.System hacking phases and Attack Techniques-17% 4.Network and perimeter hacking-14% 5.Web application hacking-16% 6.Wireless network hacking-6% 7.Mobile platform, IoT, and OT hacking-8% 8.Cloud Computing-6% 9.Cryptography-6%
www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com We will discuss the fifth domain of CEH, which is ‘web application hacking.’ What is a Web Application? Considering that most people have used mobile applications like PUB- G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. What will you do? Login to your account through Google Chrome. Right? And that’s it, as you can use your Instagram by using a web browser. It is called a web application. A few famous examples of web applications are Facebook, MakeMyTrip, Flipboard, and the 2048 Game.
www.infosectrain.com | sales@infosectrain.com The technical definition of a web application: A web application is a software or a program that performs particular tasks by running on any web browser like Google Chrome, Mozilla Firefox, Internet Explorer, etc. One of the coolest things about using web applications is you don’t need to download them. Hence, devices will have space for more important data. Hacking of Web Applications: Web hacking refers to exploiting HTTP applications by manipulating graphics, altering the Uniform Resource Identifier (URI), or altering HTTP elements outside the URI.
www.infosectrain.com | sales@infosectrain.com Different methods to hack web applications are: SQL Injection attacks: We can use Structured Query Language to operate, query, and administrate the data systems. The SQL injection attack is one of the prevalent SQL attacks that attackers use to read, change, or delete data. SQL injections can also command the operating systems to perform particular tasks. Cross-site scripting: Attacks using cross-site scripting, also called XSS, involve injecting malicious code into websites that would otherwise be safe. Using a target web application vulnerability, an attacker can send malicious code to a user. Fuzzing: In software, operating systems, or networks, developers can employ fuzz testing to identify code mistakes and security gaps. Attackers may also apply the same method on our sites or servers to locate weaknesses. It works by first entering a huge amount of random data (fuzz) to crash it. Furthermore, attackers use a fuzzer software tool that is used to detect weak areas. If the security of the target fails, the attacker might exploit it further.
www.infosectrain.com | sales@infosectrain.com Types of vulnerabilities that cause web application hacking Unvalidated Inputs: Web applications accept input from the user, as queries are built on top of that input. The attacker can launch attacks like cross-site scripting (XSS), SQL injection attacks, and directory traversal attacks if these inputs are not properly sanitized. This attack can also lead to identity theft and data theft. Directory traversal attack: As a result of this vulnerability, the attacker can access restricted directories on the web server in addition to the webroot directory. This would allow the attacker to access system files, run OS commands, and find out details about the configuration.
www.infosectrain.com | sales@infosectrain.com Defense Mechanisms There are various defense mechanisms to control web application hacking. Some of them are: Authentication: Authentication is a defense mechanism that checks the user ID and password to verify the users. But with the increasing social engineering techniques, attackers can easily get your login credentials. Hence, the two-step verification came into existence. Two-step verification is nothing but sending a “One Time Password” to your mobile so that only you can have the authority to login into your account. Handling data safely: Most vulnerabilities in Web applications are caused by the improper processing of user data. Vulnerabilities can frequently be overlooked, not by verifying the input itself but by assuring safe processing. Secure Coding approach that prevents typical issues. For example, the proper use of parameterized database access queries can avoid attacks from SQL by injecting.
www.infosectrain.com | sales@infosectrain.com Conducting audits: Effective audit logs should enable the application’s owners to understand precisely what has happened, what vulnerability was exploited by attackers, whether attackers got unwanted data access, or whether attackers conducted any unauthorized actions. Audits can also provide the attacker’s identity. CEH with InfosecTrain InfosecTrain is one of the leading training providers with a pocket-friendly budget. We invite you to join us for an unforgettable journey with industry experts to gain a better understanding of the Certified Ethical Hacker course. Courses can be taken as live instructor-led sessions or as self-paced courses, allowing you to complete your training journey at your convenience.
About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com
Our Endorsements www.infosectrain.com | sales@infosectrain.com
Why InfosecTrain Global Learning Partners Flexible modes of Training Tailor Made Training Post training completion Certified and Experienced Instructors Access to the recorded sessions www.infosectrain.com | sales@infosectrain.com
Our Trusted Clients www.infosectrain.com | sales@infosectrain.com
Domain 5 of the CEH Web Application Hacking.pptx
Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related Content

PDF
Domain 5 of the CEH: Web Application Hacking
ShivamSharma909
 
PDF
CEH Domain 5.pdf
infosec train
 
DOCX
Unit 5 Web Application and Hacking Techniques.docx
Guna Dhondwad
 
PPTX
Web and Mobile Application Security
Prateek Jain
 
PDF
Web Application Penetration Testing Course in 2025.pdf
daksh908982
 
PPTX
CyberSecurityppt. pptx
iamayesha2526
 
PDF
C01461422
IOSR Journals
 
PDF
How Can I Reduce The Risk Of A Cyber-Attack?
Osei Fortune
 
Domain 5 of the CEH: Web Application Hacking
ShivamSharma909
 
CEH Domain 5.pdf
infosec train
 
Unit 5 Web Application and Hacking Techniques.docx
Guna Dhondwad
 
Web and Mobile Application Security
Prateek Jain
 
Web Application Penetration Testing Course in 2025.pdf
daksh908982
 
CyberSecurityppt. pptx
iamayesha2526
 
C01461422
IOSR Journals
 
How Can I Reduce The Risk Of A Cyber-Attack?
Osei Fortune
 

Similar to Domain 5 of the CEH Web Application Hacking.pptx (20)

PDF
T04505103106
IJERA Editor
 
PDF
Application security testing an integrated approach
Idexcel Technologies
 
PDF
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
PPTX
AW-Infs201101067.pptx
AnonymousDevil2
 
PPT
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
 
DOCX
21CSB02T UNIT 1 NOTES. FOR WEB APPLICATION SECURITY VERTICAL COURSES
Rajkumars275092
 
PDF
cyber security
Naveed Ahmed Siddiqui
 
PPTX
How Does a Data Breach Happen?
Claranet UK
 
PDF
Web App Security: Top Threats and How to Protect Your App.pdf
Nathan Smith
 
PDF
What is web Attack tools.pdf
uzair
 
PPTX
Web Application Hacking tools .pptx
Guna Dhondwad
 
PDF
Secure coding guidelines
Zakaria SMAHI
 
PPTX
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Infosectrain3
 
PDF
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 
PDF
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
Editor IJMTER
 
PDF
Web Application Security Tips
tcellsn
 
PDF
OWASP Top 10 List Overview for Web Developers
Benjamin Floyd
 
PPTX
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
PPT
Andrews whitakrer lecture18-security.ppt
SilverGold16
 
PPT
Security Testing
ISsoft
 
T04505103106
IJERA Editor
 
Application security testing an integrated approach
Idexcel Technologies
 
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
AW-Infs201101067.pptx
AnonymousDevil2
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
 
21CSB02T UNIT 1 NOTES. FOR WEB APPLICATION SECURITY VERTICAL COURSES
Rajkumars275092
 
cyber security
Naveed Ahmed Siddiqui
 
How Does a Data Breach Happen?
Claranet UK
 
Web App Security: Top Threats and How to Protect Your App.pdf
Nathan Smith
 
What is web Attack tools.pdf
uzair
 
Web Application Hacking tools .pptx
Guna Dhondwad
 
Secure coding guidelines
Zakaria SMAHI
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Infosectrain3
 
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 
A Review paper on Securing PHP based websites From Web Application Vulnerabil...
Editor IJMTER
 
Web Application Security Tips
tcellsn
 
OWASP Top 10 List Overview for Web Developers
Benjamin Floyd
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
Andrews whitakrer lecture18-security.ppt
SilverGold16
 
Security Testing
ISsoft
 

More from Infosectrain3 (20)

PDF
Turning off Autofill.pdf
Infosectrain3
 
PDF
Targeted Ransomware.pdf
Infosectrain3
 
PDF
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Infosectrain3
 
PDF
LoT & 5G Threats Unveiled1.pdf
Infosectrain3
 
PDF
Security tips for Travelers.pdf
Infosectrain3
 
PDF
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Infosectrain3
 
PDF
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
Infosectrain3
 
PDF
The Cyber Villains.pdf
Infosectrain3
 
PDF
Types of Servers in Computing.pdf
Infosectrain3
 
PDF
Types of Web Application Firewalls (1).pdf
Infosectrain3
 
PDF
Google's AI Red Team.pdf
Infosectrain3
 
PDF
A to Z Guide Data Privacy in Operational Technology.pdf
Infosectrain3
 
PPTX
IOT and Security.pptx
Infosectrain3
 
PPTX
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Infosectrain3
 
PPTX
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Infosectrain3
 
PPTX
IBM QRadar’s DomainTools Application.pptx
Infosectrain3
 
PPTX
How to become a SOC Analyst and build a dream career with it.pptx
Infosectrain3
 
PPTX
How to Analyze Data (1).pptx
Infosectrain3
 
PPTX
How DNS Works.pptx
Infosectrain3
 
PPTX
Frequently Asked Questions in the AWS Security Interview.pptx
Infosectrain3
 
Turning off Autofill.pdf
Infosectrain3
 
Targeted Ransomware.pdf
Infosectrain3
 
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Infosectrain3
 
LoT & 5G Threats Unveiled1.pdf
Infosectrain3
 
Security tips for Travelers.pdf
Infosectrain3
 
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Infosectrain3
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
Infosectrain3
 
The Cyber Villains.pdf
Infosectrain3
 
Types of Servers in Computing.pdf
Infosectrain3
 
Types of Web Application Firewalls (1).pdf
Infosectrain3
 
Google's AI Red Team.pdf
Infosectrain3
 
A to Z Guide Data Privacy in Operational Technology.pdf
Infosectrain3
 
IOT and Security.pptx
Infosectrain3
 
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Infosectrain3
 
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Infosectrain3
 
IBM QRadar’s DomainTools Application.pptx
Infosectrain3
 
How to become a SOC Analyst and build a dream career with it.pptx
Infosectrain3
 
How to Analyze Data (1).pptx
Infosectrain3
 
How DNS Works.pptx
Infosectrain3
 
Frequently Asked Questions in the AWS Security Interview.pptx
Infosectrain3
 

Recently uploaded (20)

PPTX
Macbeth play - analysis .pptx english lit
helenamistry
 
PPTX
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 
PDF
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
PDF
Chevening Scholarship Application and Interview Preparation Guide
Leneka Rhoden
 
PDF
Health aspects of bilberry: A review on its general benefits
Open Access Research Paper
 
PDF
Compact First Student's Book Cambridge Official
TunHng48
 
PDF
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
PDF
Hospital Case Study .architecture design
Amlan Priyadarshan
 
PDF
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
Nay Aung
 
PDF
The TKT Course. Modules 1, 2, 3.for self study
Aydelina Medina
 
PDF
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
PPTX
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
PPTX
Cite It Right: A Compact Illustration of APA 7th Edition.pptx
ZeeKeZahid
 
PDF
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 
PDF
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
PDF
Physical education and sports and CWSN notes
0rajeev14
 
PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
PPTX
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
PPTX
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
Jeyasunitha
 
Macbeth play - analysis .pptx english lit
helenamistry
 
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
Chevening Scholarship Application and Interview Preparation Guide
Leneka Rhoden
 
Health aspects of bilberry: A review on its general benefits
Open Access Research Paper
 
Compact First Student's Book Cambridge Official
TunHng48
 
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
Hospital Case Study .architecture design
Amlan Priyadarshan
 
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
Nay Aung
 
The TKT Course. Modules 1, 2, 3.for self study
Aydelina Medina
 
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
Cite It Right: A Compact Illustration of APA 7th Edition.pptx
ZeeKeZahid
 
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
Physical education and sports and CWSN notes
0rajeev14
 
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
Jeyasunitha
 

Domain 5 of the CEH Web Application Hacking.pptx

  • 1. Domain 5 of the CEH: Web Application Hacking www.infosectrain.com | [email protected]
  • 3. www.infosectrain.com | [email protected] Domains of CEH 1.Information Security and Ethical Hacking Overview-6% 2.Reconnaissance Techniques-21% 3.System hacking phases and Attack Techniques-17% 4.Network and perimeter hacking-14% 5.Web application hacking-16% 6.Wireless network hacking-6% 7.Mobile platform, IoT, and OT hacking-8% 8.Cloud Computing-6% 9.Cryptography-6%
  • 5. www.infosectrain.com | [email protected] We will discuss the fifth domain of CEH, which is ‘web application hacking.’ What is a Web Application? Considering that most people have used mobile applications like PUB- G, Instagram, and WhatsApp. I will give you an example of a web application that is also a mobile app. Now assume you’ve lost your mobile or your mobile is switched off, and you are willing to scroll the insta feed. What will you do? Login to your account through Google Chrome. Right? And that’s it, as you can use your Instagram by using a web browser. It is called a web application. A few famous examples of web applications are Facebook, MakeMyTrip, Flipboard, and the 2048 Game.
  • 6. www.infosectrain.com | [email protected] The technical definition of a web application: A web application is a software or a program that performs particular tasks by running on any web browser like Google Chrome, Mozilla Firefox, Internet Explorer, etc. One of the coolest things about using web applications is you don’t need to download them. Hence, devices will have space for more important data. Hacking of Web Applications: Web hacking refers to exploiting HTTP applications by manipulating graphics, altering the Uniform Resource Identifier (URI), or altering HTTP elements outside the URI.
  • 7. www.infosectrain.com | [email protected] Different methods to hack web applications are: SQL Injection attacks: We can use Structured Query Language to operate, query, and administrate the data systems. The SQL injection attack is one of the prevalent SQL attacks that attackers use to read, change, or delete data. SQL injections can also command the operating systems to perform particular tasks. Cross-site scripting: Attacks using cross-site scripting, also called XSS, involve injecting malicious code into websites that would otherwise be safe. Using a target web application vulnerability, an attacker can send malicious code to a user. Fuzzing: In software, operating systems, or networks, developers can employ fuzz testing to identify code mistakes and security gaps. Attackers may also apply the same method on our sites or servers to locate weaknesses. It works by first entering a huge amount of random data (fuzz) to crash it. Furthermore, attackers use a fuzzer software tool that is used to detect weak areas. If the security of the target fails, the attacker might exploit it further.
  • 8. www.infosectrain.com | [email protected] Types of vulnerabilities that cause web application hacking Unvalidated Inputs: Web applications accept input from the user, as queries are built on top of that input. The attacker can launch attacks like cross-site scripting (XSS), SQL injection attacks, and directory traversal attacks if these inputs are not properly sanitized. This attack can also lead to identity theft and data theft. Directory traversal attack: As a result of this vulnerability, the attacker can access restricted directories on the web server in addition to the webroot directory. This would allow the attacker to access system files, run OS commands, and find out details about the configuration.
  • 9. www.infosectrain.com | [email protected] Defense Mechanisms There are various defense mechanisms to control web application hacking. Some of them are: Authentication: Authentication is a defense mechanism that checks the user ID and password to verify the users. But with the increasing social engineering techniques, attackers can easily get your login credentials. Hence, the two-step verification came into existence. Two-step verification is nothing but sending a “One Time Password” to your mobile so that only you can have the authority to login into your account. Handling data safely: Most vulnerabilities in Web applications are caused by the improper processing of user data. Vulnerabilities can frequently be overlooked, not by verifying the input itself but by assuring safe processing. Secure Coding approach that prevents typical issues. For example, the proper use of parameterized database access queries can avoid attacks from SQL by injecting.
  • 10. www.infosectrain.com | [email protected] Conducting audits: Effective audit logs should enable the application’s owners to understand precisely what has happened, what vulnerability was exploited by attackers, whether attackers got unwanted data access, or whether attackers conducted any unauthorized actions. Audits can also provide the attacker’s identity. CEH with InfosecTrain InfosecTrain is one of the leading training providers with a pocket-friendly budget. We invite you to join us for an unforgettable journey with industry experts to gain a better understanding of the Certified Ethical Hacker course. Courses can be taken as live instructor-led sessions or as self-paced courses, allowing you to complete your training journey at your convenience.
  • 11. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | [email protected]
  • 13. Why InfosecTrain Global Learning Partners Flexible modes of Training Tailor Made Training Post training completion Certified and Experienced Instructors Access to the recorded sessions www.infosectrain.com | [email protected]
  • 16. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 [email protected] www.infosectrain.com