There are two types of Web application attacks: automated and manual.
Automated attacks can be used to exploit a Web application using automated
Web application attack tools such as wget, curl, blackwidow and teleport pro.
Using these automated tools, crawling and attacks can be done shortly.
This type of attack can be avoided by setting “honey traps” using HTTP Module
(used in pre/post-processing of requests). The attacker can be put into an infinite
loop using defence trick once it is trapped.
To launch manual attacks, hackers must conduct information gathering such as
address identification, port scanning, social engineering and vulnerability scanning
to find out vulnerabilities that can be exploited.
Resources:
http://www.cybersecurity.my/data/content_files/13/87.pdf?.diff=1176417313
No comments:
Post a Comment