Web Application Hacking | The Basics ~ Devil's Blog On Security

A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES

Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials

Web Application Hacking | The Basics

In this following post we will have a little basic understanding about web application and web application hacking. Now before our discussion on what is web application hacking lets understand first what a web application is? A web application is application which can be accessed over Internet or Intranet. Usually a term web application is used for a computer application hosted over a web server which can be accessed using web browser.

The main motive of a web application is to give more functionality than just a website. Webmails, database, login forms, flash scripts, Java scripts and applets, discussion boards, guest books, blogs including blogger and word-press all are examples of web applications.

A web application works on principle of client/server architecture where a web browser usually acts as a client and web server acts as application server. In early days usually Java was held as programming language for web application development but things are changed with time. All web applications are designed to perform some specific task or job in a possible easier way like online shopping, banking, social networking(even facebook is a web app), mailing and even sharing of information in an interactive way. Since there are several types of web applications it’s still little problematic situation to classify them on basis of application, vulnerability and threat level. But most commonly web application related threats can be classified as follows,

Cross Site Scripting (XSS) Attacks

SQL Injection

Command Injection

Cookie Attacks

Parameter/Form Tampering

Buffer Overflow

Directory Transversal

Cryptographic Authentication Attack or SSL Attack

Platform Exploiting

File Inclusion

Few of above are still under controversy about getting included as web application threat. By the way as you can see list is long and we will surely spend a lot of time understanding and creating countermeasure to them. There some other basic things too to consider before we move towards real web application hacking but we will cover them next time. Till then thanks for reading, have a nice time and keep visiting.