Hi, todays topic
are the reasons for website breaches and infiltrations. Among the frequent
things I see are outdated third-party programs, open ports that are not
firewalled, and improper permissions on website navigation. These are among the
things I've noticed while conducting penetration tests and online security research
on active sites. Since it's not always required to exploit those issues, the
attacker has already been given the chance to compromise them. Therefore, even
though the front end is fantastic, the security is relatively low.
Moreover, information
databases that are built on any programming language also have a weakness. For
example, if the information database is built on the Java programming language,
it can easily be decompiled and expose the source code of the program, and the
attacker can then modify it. Information systems that are web-based are also
vulnerable to distributed denial of service (DDOS). For me, DDOS is not hacking
but denying the service of a website. It is critical if the information system
it serves is in need for the populace. Thus, providing a strong firewall to
mitigate the risk of Denial of Service.
Nowadays, site administrators
use CMS. If the CMS is not well secured or not patch, it will expose
vulnerabilities, and one of these is directory listing. Directory listing is a
vulnerability that exposes a certain folder of a website that can be access over
the internet, for example, www.vulnerablewebsite.com/images/. When you
navigate to the images part, there will be a list of files there. If the site
administrator puts some files there, then the attacker can download them and
see through them.
On the Blue Team, some websites and CMS apply redirection, in which if a threat
actor tries to compromise the website, it will redirect to another server. It
is a security measure to repel or slow attackers from gaining access to a
website.
Attackers are just looking for vulnerable systems to be breached, and the responsible person on that system did not conduct a vulnerability test on that website and made an opening to be exploited. Further, the attacker can then exploit connected systems.
If you like my post,
please do support me by subscribing, liking and sharing my YouTube
Channel: MrCh0x
0 Comments