What is website application pentration testing?
Website Application Pentration testing is discovering vulnerabilities and bugs inside of a website.
websites are explosed to the internet, which means means anyone it is open to the public.
This of course brings pros and cons, we shall cover the cons though.
Because anyone can visit it and look at it,then anyone can also try to attack it.
A hacker will try to execute different methods of the attacks from code injection to brute force attacks to try and gain access.
For example If there is a login page. the hacker can try extracting data from the database and changing the code of the webpage itself.
This could be malicious JavaScript code that could send the victim's private information to the hackers machine where they would be able to read all of the information the victim has inputted.
For example, let us say a website has a search bar where you can search for different things.
To a normal user, they would type in that search bar in order to find the item or user that they are looking for,A hacker though would try writing code there instead. If the website is poorly filtered and it allows anything to be written in the search field then the code injection will most likely work and the hacker would be able to inject code into the site.
HTML is static, which means the only HTML code injectionis we can do is to change the look of a webpage. While with JavaScript, we can execute various functions which allow us to preform alot more, for example we can try is to communicate with the database.
What if the website is working with SQL?
Let us say that the website takes a input for the username and password using a with something from their database, and if they do,then the website will log in the user to their profile.
This type of communication between the website and the database can be done with something called SQL Queries. SQL is a language that allows the user to interact with databases.
A hacker may try sending an SQL query instead of a username, In this case we could have two outcomes either the web page will filter out user input so it will not allow SQL syntax and it'll not be process it to the database, or it is poorly coded and it will just forward the SQL query to their database.
In the case that the website is poorly coded and a successful SQL injection has gone through, the website could print out the database connected to the website and all the information, such as, the usernames, contact details, credit card details and more.
Hashtags
#hacking #hacker #cybersecurity #ethicalhacking #hackers #linux #programming #hack #technology #kalilinux #security #coding #infosec #python #tech #hackingtools #ethicalhacker #pentesting #cyber #malware #programmer #computerscience #cybercrime #cyberattack #informationsecurity #hacked #anonymous #cybersecurityawareness #coder #metasploit #Nmap #Networking #exploits
Comments