The problem of website security has never been as acute as in the 21st century. Of course, this is due to the comprehensive spread of the Internet in almost all industries and fields. Every day, hackers and security experts find several new site vulnerabilities. Many of them are immediately closed by the owners and developers, while some remain as they are. This is what attackers use. But with the help of a hacked site, you can do great harm to both its users and the servers on which it is hosted.
Types of site vulnerabilities
When creating web pages, many related electronic technologies are used. Some are perfect and time-tested, and some new and not yet run-in. In any case, there are a lot of varieties of site vulnerabilities:
- XSS. . - , . , .
- SQL-. . , . , . .
- HTML-. , XSS, -, HTML.
- , . , -, .
- . , .
- . — . , .
- . , . .
- -. , , .
- . , , «» . , IP .
- , . . , CMS, .
SQL-
, . . SQL ? .
, -.. - . , - -./?product_id=1. , . . -./?product_id=1'. "" , .
. , , .
XSS
— .
. .
, .
XSS Cookies. . .
, .
. - , - , Kali Linux. .
Nmap
, , , . :
nmap -sS 127.0.0.1, IP .
, , . .
nmap :
- -A. , , .
- -O. , .
- -D. IP , , , .
- -p. . .
- -S. IP .
WPScan
Kali Linux. - WordPress. Ruby, :
ruby ./wpscan.rb --help. .
:
ruby ./wpscan.rb --url --.
WPScan - "" .
Nikto
, Kali Linux. :
nikto , perl. :
perl nikto.pl -h 192.168.0.1.
«» , -:
perl nikto.pl -h file.txt
, .
Burp Suite
, . . , . , . , , .
, , , , .
SQLmap
, SQL XSS . :
SQLmap — , -.
, . , .
Webslayer
, . «» , , . , . . .
:
- coder-diary.ru. . «». , , . 2500 .
- https://cryptoreport.websecurity.symantec.com/checker/. - SSL TLS Symantec. .
- https://find-xss.net/scanner/. PHP ZIP. , .
- http://insafety.org/scanner.php. "1-". .
:
- , . , .
- . , CMS, . SQL-, .
- . , .
- - , : , .
- .
- .
, , .
, .
, .
- CMS, , . .
.
.
— .
SSL. .
. .
, . , . . , -. , , .