Description
Course info
Rating
(253)
Level
Beginner
Updated
Nov 11, 2015
Duration
2h 25m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Vulnerabilities in web server implementations are frequently the vector by which online attackers compromise systems. The impact can range from short periods of outage, to the total disclosure of sensitive internal information. There are many different levels an attacker may focus their efforts on, including the application, the host operating system, and of course the web server itself. Each has their own weaknesses and each must have the appropriate defenses in place to ensure resiliency from online attacks. In this course, we'll look at various attack vectors in web servers. These include exploiting misconfigured servers, leveraging weaknesses in unpatched environments, compromising weak SSL implementations and much, much more. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

About the author
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Modern Browser Security Reports
Beginner
57m
Aug 3, 2018
More courses by Troy Hunt
Section Introduction Transcripts
Section Introduction Transcripts

Other Attacks Against Web Servers
In this final module of the course we're going to take a look at other attacks against web servers. Some of them will be fairly common attacks so we're going to look at defacement very early on. And other ones will be somewhat more obscure. Attacks often referred to when you see ethical hacking of web servers, but attacks that we simply don't see that much today. But we're going to cover a few of them anyway. Let's jump in and take a look at the overview of the module. One thing that's probably very obvious anyway is that web security does go well beyond what we've seen so far. We've merely been looking at a subset of attacks against web assets and we've obviously been focusing on the web server. But it is much more broader than just what we've seen, so we'll drill a little bit more deeper in this module and I'll wrap it up by giving a very quick overview of all sorts of other risks that you need to be conscious of. Now within the scope of web server hacking, there are some more obscure risks, so we're going to look at things like HTTP response splitting and web cache poisoning. Not big risks in today's terms, but risks which do frequently pop up when you see references to web server hacking. So I do want to make sure that we cover them here. And finally, we're also going to touch briefly on automation for streamlining testing, so we're going to use one particular tool to streamline one of the tests we're going to do and then I'm going to refer to a bunch of other tools, many of which are used in various Pluralsight courses, which can be enormously useful for testing purposes. So that's what we're going to do. Let's jump into it and start talking about website defacement.