> Cyber Security Strategy - From Idea to Mobile App RealityVinova Our team will brainstorm with you on where to begin, where to go, and how to get you there. Whether you have a spark of an idea or an existing app – we can help. Getting your mobile strategy right is what our unique services are all about. We’ll wrestle with business challenges, discover new opportunities that will help you define and refine your product ideas into mobile app reality.

Web Server Penetration Testing Checklist – GBHackers

by | 14 Oct 2019 | Cyber Security |

Web Server Penetration Testing Checklist – GBHackers

Web server pen testing performing under 3 major category which is identity, Analyse, Report Vulnerabilities such as authentication weakness, configuration errors, protocol Relation vulnerabilities.

 1.  “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web server along with this to work through all of the different application Vulnerabilities.

2.  “Collecting as Much as Information” about an organization Ranging from operation environment is the main area to concentrate on the initial stage of web server Pen testing.

3.  Performing web server Authentication Testing, use Social engineering techniques to collect the information about the Human Resources, contact Details and other  Social Related information.

4.  Gathering Information about the Target, use whois database query tools to get the Details such as Domain name, IP address, Administrative Details, autonomous system number, DNS etc.

5.  Fingerprint web server to gather information such as server name, server type, operating systems, an application running on the server etc use fingerprint scanning tools such as, Netcraft, HTTPrecon, ID Serve.

6.  Crawel Website to gather Specific information  from web pages, such as email addresses

7.  Enumerate web server Directories to extract important information about web functionalities, login forms etc.

8.  Perform Directory traversal Attack to access Restricted Directories and execute the command from outside of the Web server root directories.

9.  Performing vulnerability scanning to identify the weakness in the network use the vulnerability scanning tools such as HPwebinspect, Nessus . and determine if the system can be exploited.

10. Perform we cache poisoning attack to force the web server’s cache to flush its actual cache content and send a specifically crafted request which will be stored in the cache.

11. Performing HTTP response splitting attack to pass malicious data to a vulnerable application that includes the data in an HTTP response header.

12. Bruteforce SSH,FTP, and other services login credentials to gain unauthorized access.13. Perform session hijacking to capture valid session cookies and ID’s,use tools such as Burb suite , Firesheep ,jhijack to automated session hijacking.

14. Performing MITM attack to access the sensitive information by intercepting the altering the communications between the end users and web servers.

15. Use tools such as  webalizer, AWStats to examine the web server logs .

Important Checklist Suggested by Microsoft

Services

Protocols

Accounts

Files and Directories

Shares

Ports

Registry

Auditing and Logging

Server Certificates

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Share and Support Us :

Malcare WordPress Security

website development singapore,graphic designer in singapore,developers in singapore,app development singapore,web development company singapore,singapore app developer,developer in singapore,ios developer singapore,website design singapore,singapore mobile application developer,web development singapore,mobile application development singapore,web design services singapore,web design singapore,mobile game developer singapore,mobile application developer singapore,web application singapore,design agency singapore,mobile app development singapore,singapore website design,mobile apps singapore,design firms in singapore,singapore web design,app developer singapore,web designer singapore,android developer singapore,ruby on rails developer singapore,mobile developer singapore,web design company singapore,website developer singapore,mobile app developer singapore,singapore mobile app developer,ios app development singapore,website designer singapore,singapore web development,singapore web design services,mobile apps development singapore