Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

What Are the Most Common Types of Hacks?

In this webinar, we will highlight the different types of hacks, how they work, and what to do post-hack.

We will also share some examples of hacked websites and discuss the most common methods attackers use to target them, plus how they determine if your site is a worthy candidate and how they operate once access is gained.

A few takeaways from this webinar include:
- How do you define a hack?
- What are the OWASP Top 10?
- What is a back door?
- XSS, SQL injection, and others

  • Sé el primero en comentar

What Are the Most Common Types of Hacks?

  1. 1. What Are the Most Common Types of Hacks? Joshua Hammer, Sales Operations Manager Stephen Johnston, Sales Consultant S U C U R I W E B I N A R
  2. 2. Joshua Hammer Sales Operations Manager Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
  3. 3. Joshua Hammer Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R • Sucuri 4 years • Sales Operations Manager • Married with 2 kids • Loves board games, video games, security, and laughing
  4. 4. Stephen Johnston Sales Consultant Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
  5. 5. Stephen Johnston Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R • Sucuri 1.5 years • Agency Sales Consultant • Married with 3 kids • Loves religion, his family, guitar, technology and security
  6. 6. Tweet #AskSucuri to @SucuriSecurity In this webinar you will learn: • How do you define a Hack? • What are the OWASP Top 10 • What is a back door? • XSS, SQL Injection, and others.
  7. 7. Tweet #AskSucuri to @SucuriSecurity What are hacks? Before we discuss what the most common types of hacks are, we need to decide what a hack is.
  8. 8. Tweet #AskSucuri to @SucuriSecurity DDoS • Distributed Denial of Service (DDoS) attacks are designed to disrupt a website’s availability. • The objective is to prevent legitimate users from accessing your website. • To be successful, the attacker needs to send more requests than the victim server can handle. Another way successful attacks occur is when the attacker sends bogus requests.
  9. 9. Tweet #AskSucuri to @SucuriSecurity Malware Generic term used for browser- side code to create drive-by downloads.
  10. 10. Tweet #AskSucuri to @SucuriSecurity Attack Vectors An attack vector is the way or means an attacker tries to gain access to your digital environment to infect it with malicious code.
  11. 11. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  12. 12. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  13. 13. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  14. 14. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  15. 15. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  16. 16. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  17. 17. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  18. 18. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  19. 19. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  20. 20. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  21. 21. Tweet #AskSucuri to @SucuriSecurity OWASP Top 10 • Injection • Broken authentication • Sensitive data exposure • Xml external entities XXE • Broken access control • Security misconfigurations • Cross site Scripting • Insecure deserialization • Using components with known vulnerabilities • Insufficient logging and monitoring https://blog.sucuri.net/2019/01/owasp-top-10-security-risks-part-v.html https://www.owasp.org/index.php/Main_Page
  22. 22. Tweet #AskSucuri to @SucuriSecurity Cross-Site Scripting (XSS) Reflected XSS • The application or API includes unvalidated and unescaped user input as part of HTML output. Stored XSS • Application stores user data that is later looked at by an admin or another user. DOM XSS • JavaScript frameworks, single-page applications and API that dynamically include attacker controllable data.
  23. 23. Tweet #AskSucuri to @SucuriSecurity Backdoors • A way back in for the attackers • Or something built into a program to give unauthorized access to a system. In 2018 Website Hack Trend Report, 68% of malware removed were backdoors it was the top malware installed during a infection.

×