KGiSL Institute of Technology

(Approved by AICTE, New Delhi; Affiliated to Anna University, Chennai)

Recognized by UGC, Accredited by NBA (IT)
365, KGiSL Campus, Thudiyalur Road, Saravanampatti, Coimbatore – 641035.

Department of Artificial Intelligence & Data Science

Name of the Faculty : Mrs.M.Akilandeeswari

Subject Name & Code : CCS344 ETHICAL HACKING

Branch & Department : B.Tech & AI&DS

Year & Semester : 2023 / VI

Academic Year :2023-24

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 1

UNIT I INTRODUCTION 6
Ethical Hacking Overview - Role of Security and Penetration Testers. - Penetration-Testing Methodologies- Laws of the Land -
Overview of TCP/IP- The Application Layer - The Transport Layer - The Internet Layer - IP Addressing. - Network and
Computer Attacks - Malware - Protecting Against Malware Attacks. - Intruder Attacks - Addressing Physical Security
UNIT II FOOT PRINTING, RECONNAISSANCE AND SCANNING NETWORKS 6
Footprinting Concepts - Footprinting through Search Engines, Web Services, Social Networking Sites, Website, Email -
Competitive Intelligence - Footprinting through Social Engineering -Foot printing Tools - Network Scanning Concepts - Port-
Scanning Tools - Scanning Techniques -Scanning Beyond IDS and Firewall
UNIT III ENUMERATION AND VULNERABILITY ANALYSIS 6
Enumeration Concepts - NetBIOS Enumeration – SNMP, LDAP, NTP, SMTP and DNS Enumeration - Vulnerability Assessment
Concepts - Desktop and Server OS Vulnerabilities -Windows OS Vulnerabilities
UNIT IV SYSTEM HACKING 6
Hacking Web Servers - Web Application Components- Vulnerabilities - Tools for Web Attackers and Security Testers Hacking
Wireless Networks - Components of a Wireless Network –War driving- Wireless Hacking - Tools of the Trade –
UNIT V NETWORK PROTECTION SYSTEMS 6
Access Control Lists. - Cisco Adaptive Security Appliance Firewall - Configuration and Risk Analysis Tools for Firewalls and
Routers - Intrusion Detection and Prevention Systems - NetworkBased and Host-Based IDSs and IPSs - Web Filtering - Security
Incident Response Teams –Honeypots.

2
TEXTBOOKS

1. Michael T. Simpson, Kent Backman, and James E. Corley, Hands-On Ethical Hacking and

Network Defense, Course Technology, Delmar Cengage Learning, 2010.

2. The Basics of Hacking and Penetration Testing - Patrick Engebretson, SYNGRESS,

Elsevier, 2013.

3. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, Dafydd

Stuttard and Marcus Pinto, 2011.

REFERENCES

1. Black Hat Python: Python Programming for Hackers and Pentesters, Justin Seitz , 2014

3
SYLLABUS

UNIT IV SYSTEM HACKING 6

Hacking Web Servers - Web Application Components- Vulnerabilities - Tools for

Web Attackers and Security Testers- Hacking Wireless Networks - Components of
a Wireless Network –War driving- Wireless Hacking - Tools of the Trade

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 4

Course Outcomes

COURSE OUTCOMES:

At the end of this course, the students will be able:

CO1: To express knowledge on basics of computer based vulnerabilities

CO2: To gain understanding on different foot printing, reconnaissance and scanning methods.

CO3 To demonstrate the enumeration and vulnerability analysis methods

CO4: To gain knowledge on hacking options available in Web and wireless applications.

CO5: To acquire knowledge on the options for network protection.

CO6: To use tools to perform ethical hacking to expose the vulnerabilities.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 5
Understanding web application vulnerabilities

Application vulnerabilities and countermeasures:

•Open Web Application Security Project (OWASP) is a not-for-profit foundation dedicated to

finding and fighting the causes of Web application vulnerabilities

•OWASP (www.owasp.org) publishes the Ten Most Critical Web Application Security
Vulnerabilities paper, which has been built into the Payment Card Industry (PCI) Data Security
Standard (DSS).

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 6

Understanding web application vulnerabilities

OWASP Top ten web application vulnerabilities

1)Cross-site scripting (XSS) flaws:

•In this vulnerability, a Web browser might carry out code sent from a Web site. Attackers can
use a Web application to run a script on the Web browser of the system they’re attacking.

• XSS is one of the easiest types of attacks to perform, which also makes it one of the most
common; attackers simply save the form to their local computers and change the form field
values.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 7

Understanding web application vulnerabilities

2)Injection flaws:

•Many Web applications pass parameters when accessing an external system. For example, a
Web application that accesses a database server needs to pass logon information to the
database server.

•An attacker can embed malicious code and run a program on the database server or send
malicious code in an HTTP request. Basically, the attacker is tricking the Web application into
running malware or making unauthorized changes to data

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 8

Understanding web application vulnerabilities

3) Malicious file execution

•Some Web applications allow users to reference or upload files containing malware.

•If these references or files aren’t checked before the Web application executes them, they can
give attackers complete control of the system

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 9

Understanding web application vulnerabilities

4)Unsecured direct object reference

•This vulnerability occurs when information returned via the URL to a user’s Web browser
contains information (references) about files, directories, or database records. By simply
changing the information in the URL, attackers can gain unauthorized access to information.

• For example, a Web application from the IRS with this vulnerability might show your Social
Security number in the URL returned to your Web browser. By changing the SSN in the URL and
sending it back to the Web application, you could then access another person’s information.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 10

Understanding web application vulnerabilities

5)Cross-site request forgery (CSRF)

•This vulnerability is also known as a one-click or session-riding attack. To send malicious code
to a Web application, the attacker exploits a Web browser that has already been authenticated
and is, therefore, trusted.

• Because the malicious code is coming from a trusted Web browser, it’s normally executed
without being checked or validated. This vulnerability can be extremely dangerous

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 11

Understanding web application vulnerabilities

6)Information leakage and incorrect error handling

•If an error occurs during normal operations and isn’t handled correctly, information sent to
users might reveal information attackers can use.

•For example, attackers can take advantage of error messages that reveal what was executed
on the stack or indicate what Web software is used

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 12

Understanding web application vulnerabilities

7) Broken authentication and session management

•These vulnerabilities enable attackers to compromise passwords or session cookies to gain

access to accounts.

• To reduce this risk, using strong authentication methods is critical, and credentials must be
kept secret.

•You can also incorporate back-end servers to authenticate credentials instead of just relying
on the Web server.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 13

Understanding web application vulnerabilities

8)Unsecured cryptographic storage

•Storing keys, certificates, and passwords on a Web server can be dangerous. If an attacker can
gain access to these mechanisms, the server is vulnerable to attack.

•To decrease the chances of a compromise, don’t store confidential data, such as customers’
credit card numbers, on your Web server.

•Instead, require that confidential data be entered each time users visit the Web site.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 14

Understanding web application vulnerabilities

9)Unsecured communication

•Connections between the Web browser and the Web application should be encrypted to
protect information as it travels across the Internet.

•Web applications need to encrypt not only the session to the Web browser, but also sessions
to any other servers, such as back-end databases.

•This vulnerability occurs when sessions are left unencrypted. The PCI DSS requires encrypting
all credit card information sent over any network, whether it’s the Internet or a private LAN.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 15

Understanding web application vulnerabilities

10) Failure to restrict URL access

This vulnerability occurs when developers don’t use adequate access controls for URLs. Instead,
they rely on a “security through obscurity” model, which depends on users simply not being
aware of the location of critical files and directories. It’s like assuming that because a door isn’t
advertised as unlocked, no one will try to open it.

CW3551/DIS/III AI&DS/V SEM/KG-KiTE 16