tailieunhanh - Ethical Hacking Techniques to Audit and Secure Web-enabled Applications

Apple’s worker empowerment program reached a major milestone as the one- millionth participant completed training this year. Through this program, workers learn about our Code of Conduct, their rights as workers, occupational health and safety standards, and more. We expanded Apple’s Supplier Employee Education and Development (SEED) program to all final assembly facilities. This program offers workers the opportu- nity to take free classes on a range of subjects including finance, computer skills, and English. More than 60,000 workers have taken one or more of these professional development courses. The curriculum continues to expand, and we have partnered with local universities. | SANCTUM Ethical Hacking Techniques to Audit and Secure Web-enabled Applications As public and private organizations migrate more of their critical functions to the Internet criminals have more opportunity and incentive to gain access to sensitive information through the Web application. Gartner Group estimates that 75 percent of Web site hacks that occur today happen at the application level and this number is expected to increase. Hackers target the web application because it easily provides access to the most valuable business assets such as employee and customer data like health records and credit card information as well as corporate proprietary information. While most web sites are heavily secured at the network level with firewalls and encryption tools these sites still allow hackers complete access to the enterprise through web application manipulation. Attackers break into the web application by thinking like a programmer identifying how the application is intended to work and determining shortcuts used to build the application. The hacker then attempts to interact with the application and its surrounding infrastructure in malicious ways simply by using the web browser or any of a large number of automatic hacker tools such as CGI scanners and HTTP proxys. Understanding the techniques hackers use to manipulate Web applications and steal credit card data falsify financial transactions or access proprietary information is the first step in learning how to secure the Web application. This article will explain why the Web application is so vulnerable to attack and discuss three of the most common Web application hacking techniques and detail how to protect against these attacks and protect your mission critical information. What is a Web Application The first important question is What is a Web application Although most people have an intuitive notion of what comprises a Web-enabled application rarely do we think about its scope and complexity. Web applications