1. Web Security System
Website Security Systems
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 1

2. Web Security System
Website Security Systems
• Website Security Systems is very important for
a webmaster.
• If a webmaster to ignore the security aspect of
a website, the website will be very vulnerable
to attacks from a hacker.
• To strengthen the web of security in terms of
knowledge about web security systems
needed to be overcome.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 2

3. Web Security System
Web hacking
• Web hacking is usually done through port 80.
Because the website using port 80. The
attacks are usually carried out are:
• Deface Site
• SQL Injection
• Remote File Inclusion (RFI)
• Local File Inclusion (LFI)
• Cross Site Scripting (XSS)
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 3

4. Web Security System
Deface Site
• Deface is an activity to change the front page
(index) or the content of a Web site or its
contents so that the view in accordance with
the desired.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 4

5. Web Security System
The techniques of web site Deface
• Generally the amount of deface can be done
in 3 ways:
1. Generally speaking, Enter Illegal Input.
The aim is that the user was thrown out of
the directory files and go to the web server
root directory and then run the cmd.exe
and observing the structure of the target
directory on the NT server.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 5

6. Web Security System
The techniques of web site Deface
2. With TFTP (Trivial File Transfer Protocol) is a
UDP based protocol which listen on ports 69
and is very susceptible safety and most web
servers running this TFTP service.
3. With the FTP with a web that has been filled
deface materials. Each NT server has ftp.exe
file upload to FTP or FTP downloads.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 6

7. Web Security System
Netcat
• Netcat allows you to form their own port
filter that allows file transfers without using
FTP. Furthermore, netcat can be used to avoid
the port filters on most firewalls, spoofing IP
address, to conduct session hijacking.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 7

8. Web Security System
Securing IIS Server from Deface
• Always updating with the latest service packs and
the latest hotfix.
• Protect with a firewall and IDS (Intrusion Detection
System).
• Eliminating Options Write on the HTTP protocol
(HTTP 1.0 and HTTP 1.1).
• Commands supported are:
CONNECT*, DELETE*, GET, HEAD, OPTIONS, POST,
PUT, TRACE
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 8

9. Web Security System
SQL Injection
• SQL injection attack is one attack to reach
access to the database system based on
Microsoft SQL Server.
• These techniques take advantage of
weaknesses in the programming language in
SQL scripting in processing a database system
that allows someone without an account can
enter and pass the verification of the MS SQL
Server.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 9

10. Web Security System
SQL Injection
For handling this case is set to:
• Only certain characters may be inputted.
• If the illegal character is detected,
immediately rejected the request.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 10

11. Web Security System
Remote File Inclusion (RFI)
• Methods that exploit the weaknesses of PHP
scripts include (), include_once (), Require (),
require_once () the variable is not declared
properly.
• With RFI an attacker can either include a file
that is located outside the respective servers.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 11

12. Web Security System
Local File Inclusion (LFI)
• Methods that exploit the weaknesses of PHP
scripts include (), include_once (), Require (),
require_once () the variable is not declared
properly.
• With LFI an attacker can either include a file
that is located on the server concerned.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 12

13. Web Security System
Cross Site Scripting (XSS)
• XSS also known as the CSS is an acronym for
Cross Site Scripting.
• XSS is a method to insert HTML or script code
into a website that is run through a browser
on the client.
Copyright © 2009-Present Mobile88.com. All Rights Reserved.
Restricted & Non Disclosed Use Only. Strictly Private, Confidential & Intellectual Property Protected. Slide 13