Government Polytechnic Khamgaon

Applications Hacking

Guided By: Submitted By:

❑ Prof. R. A. Bhurani 1. Vaishnavi Avadhut (37)
2. Shivani Jangle(64)
3. Sanika Dose(66 )
Content…

❑ Introduction
❑ Messaging System
❑ Web Application Hacking
❑ Database System Vulnerabilities.
❑ Conclusion
❑ Reference
Introduction

❑ What is Application Hacking:

Application Hacking. It is a type, in which a program or an
application is hacked. The coding is changed and the user can use the
premium feature of that application without owner knowing.

❑ There are three types of application hacking:

▪ Messaging System
▪ Web Application Hacking
▪ Database System Vulnerabilities
Messaging System

❑ Messaging System are those email and instant messaging (IM)

applications that we depend on are often hacked within a network.
❑ A hacker can obtain passwords, system configuration information, and
sensitive files via instant messaging.
❑ Messaging system vulnerabilities.
• E-mail and instant messaging applications are hacking target on your
network.
• Security is rarely integrated into software development.
 Email Attacks
Email is a universal service used by number of people worldwide. Email hacking is
the unauthorized access to, or manipulation of, an account or email correspondence.
Different email attacks are email bomb, banners attack.

Email Attack

Email Bomb Banners

Attachment Overloading
Connection Attack Autoresponder Attack
Attack
Banners Attack
❑ Banner grabbing is a technique used by hackers and security teams to gain
information about a computer system on a network and services running on its
open ports.
❑ Tools like Nmap, Netcat, and Telnet perform banner grabbing

Email Bombs
❑ The sending of huge volumes of emails to one address in an attempt to
overwhelm the system and shut it down.
❑ Email bombs are a type of Denial of Service (DoS) attack.
❑ Different email bomb attacks are as attachments overloading attack, connection
attack, autoresponder attack.
Attachment Overloading Attack

❑ An attacker can create an attachment overloading attack by sending

hundred or thousand of emails with very large attachments.
❑ The whole email server may be targeted for a complete interruption of
service with these failure like:
• Storage Overload
• Bandwidth blocking
❑ Countermeasures:
• Limit the size of either email or email attachments.
• Limit each user’s space on the server.
Connection Attack

❑ A hacker can send a huge number of emails simultaneously to

address on your network, to hack your email system.
❑ This attack is often carried out as a spam attack.
❑ Countermeasures:
• Prevent email hacks as far out on your network perimeter as
you can
• limit the number of resources used for inbound connections
Autoresponders Attack

❑ Autoresponder is that annoying automatic email response you often

get back from random users when you are subscribing to a mailing
list.

❑ Countermeasures:
• Make it policy that no one sets up an autoresponder message.
• Prevent e-mail attack as far considering perimeter of your
network.
Practices for minimizing email security risk.

✓ Protect your data

✓ Avoid pop-ups, unknown emails, and links
✓ Use strong password protection and authentication
✓ Connect to secure Wi-Fi
✓ Enable firewall protection at work and at home
✓ Install security software updates and back up your files
Web Application

➢ What is web application ?

▪ Web-application is an application program that is usually stored on a remote server,
and users can access it through the use of web-browser.
▪ It is a client –server based model.
▪ A web application can contain online shops, webmail's, calculators, social media
platforms etc
Web application vulnerabilities
❑ Web application vulnerabilities involve a system flaw or weakness in a web-based
application. .
❑ In general refers to the exploitation of applications via Hypertext Transfer Protocol
(HTTP) which can be done by manipulating the application through its graphical
web interface, tampering the Uniform Resource Identifier (URI) or exploiting
HTTP elements.
❑ Web application security vulnerabilities are as follow
▪ SQL Injection
▪ Cross site Scripting
▪ Security Misconfiguration
▪ Directory Traversals
SQL Injection
❑ SQL Injection is a code injection techniques used to execute malicious SQL
statements on the database.
❑ This attack allow attackers to spoof identity, tamper with existing data and
cause repudiation issues.
❑ Countermeasure:
▪ Perform strict input validation
▪ Use of prepared statements.
▪ Continuously monitor SQL statements from database-connected applications
▪ Discard any unwanted or unimportant database functionality.
Cross Site Scripting
❑ Cross Site Scripting (XSS)is a code injection attack executed on the client side of a web
application.
▪ Attackers inject the malicious script through the web browser
▪ The malicious script is execute when the victim visits the web page and web server.
▪ Steal cookies , session tokens and other sensitive information.
▪ Also used to modify the content of the website.
❑ Countermeasure:
▪ User input escaping
▪ Consider input has a treat
▪ Data Validation
▪ Sanitize data
Security Misconfiguration

❑ Security misconfigurations arise when an application components is vulnerable to attack a result

of insecure configuration and misconfiguration
❑ Misconfiguration normally happens when a system or database administrator or developer does
not properly configure the security framework of an application, website, desktop, or server
leading to dangerous open pathways for hackers.
❑ Countermeasures:
▪ Encryption
▪ Least Privilege
▪ Updatet software
Directory Traversal

❑ Directory traversal an HTTP attack which allows attackers to access restricted directories and
execute commands outside of the web server’s root directory.
❑ Two main levels of security mechanisms.
▪ Access Control Lists(ACLs)
▪ Root Directory
❑ Countermeasures:
▪ Don’t store old, sensitive ot otherwise non public files on your Web server
▪ Ensure that your Web server is properly configured to allow public access only to
those directories that are needed for the site to the function.
Database System

A database is an organized collection of structured information, or

data, typically stored electronically in a computer system. A database
is usually controlled by a database management system (DBMS).
Together, the data and the DBMS, along with the applications that are
associated with them, are referred to as a database system, often
shortened to just database.
Database Vulnerability
❑ A database vulnerability is a hole or weakness in the database
which can be design flaw or an implementation bug that allows
an attacker to cause harm to the stakeholders of the database.
Database Vulnerabilities

✓ Missing Security Patches For Databases

✓ Database backups

✓ Poor encryption

✓ Data Breaches

✓ Denial-of-Service attack

✓ Outdated database Protection Tool

✓ SQL Injection

✓ Data exposure
Best security practices for minimizing
the database security risks

1. Ensure that the physical databases are secure

2. Separate database server
3. Install a proxy server that provides HTTPS access
4. Implement an encryption protocol
5. Ensure your database is regularly backed up
6. Update applications on a regular basis
7. Minimize the use of third party apps
Conclusion

Through this presentation, we have covered whole topic of Application

hacking from our syllabus in which we have covered vulnerabilities of
messaging systems, web applications and database systems and
countermeasures for minimizing the risks.
References

❑ Websites:
▪ https://backendless.com/database-security-best-practices/
▪ www.datasunrise.com
▪ www.zednet.com
❑ Books:
▪ Hacking for Dummies By Wiley Brand
Thank You!