The presentation is all about the techniques of website hacking and testing weather website is secure by attacking and or letting know weather the site is being attacked.

1. WEBSITE ETHICAL HACKING AND TESTING
SUMMER TRAINING PROJECT
CHANDIGARH UNIVERSITY
SUBMITTED BY:
NAME: KARAN JINDAL
UID: 17BCS3171

2. A LIST OF DIVISIONS
 What is hacking and ethical hacking?
 Subdivision of hacking.
 Information Gathering.
 Google Hacking
 Website Testing
 Testing Techniques
 Proxy

3. What is hacking?
Hacking is an shot to exploit a digital computer or into a private network inside a computer.
Simply put it is gaining unauthorised access to take some personal information for some
wrongful purpose.
What is ethical hacking?
Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and
information systems by duplicating the intent and actions of malicious hackers. Ethical hacking
is also known as penetration testing, intrusion testing, or red teaming.

4. What are benefits of ethical hacking?
The primary benefit of ethical hacking is to prevent data from being stolen and misused by
malicious attackers, as well as:
• Discovering vulnerabilities • Implementing a secure network
• Defending national security• Gaining trust of customers and investors

5. Categories of HACKING

6. INFORMATION GATHERNING
Information Gathering and getting to know the target systems is the first process in ethical hacking.
Reconnaissance is a set of processes and techniques ( Foot-printing , Scanning & Enumeration) used to
covertly discover and collect information about a target system.
There are many ways to know about the target system’s services ,like
 Social engineering
 “Whois.com”
 “Pipl.com”
 “archive.org”
 “reverseip.domaintools.com”

7. “Whois.com”
This website provides all the details of the target domain like owner e-mail, phone number,
server names, registration services etc.

8. “archive.org”
This domain provides all the previous snapshots of the target domain since the
website was first updated, these screen shots help hacker to know about the
details of the website that were updated.
Domain name to
gather information
About.
This shows the
changes made
on domain.

9. GOOGLE DORKING
Google hacking involves using advanced operators in the Google search
engine to locate specific strings of text within search results.
The commonly used operators are like :
 Intitle:
 Inurl:
 Site:
 url:
 Filetype:

10. Google hacking database (GHDB) is a website which contains all the dorks
that are used to know more about google hacking.

11. GOOGLE DORKING EXAMPLES:

12. z
WEBSITE TESTING
Website testing is basically getting into website in a way a hacker
can gain access to website database or make changes to website
illegally and then closing all the ways to get hacker into it.

13. z
HOW A HACKER CAN GET INTO WEBSITE?

14. z
SQL INJECTION
SQL injection is a code injection technique, used to attack data-
driven applications, in which malicious SQL statements are inserted
into an entry field for execution.

15. z
 SQL Injection Based on 1=1 is Always True
 SQL Injection Based on ""="" is Always True

16. z
DISTRIBUTED-DOS ATTACK
DDoS is short for Distributed Denial of Service. DDoS is a type of DOS
attack where multiple compromised systems, are used to target a
single system causing a Denial of Service (DoS) attack.

17. z

18. z
TOOLS FOR DOS ATTACK
 LOIC (Low Orbit Ion Canon)
 XOIC
 HOIC
 JMETER
 HP LOADRUNNER

19. z
LOIC

20. z
How to know that website is attacked?
 “uptimerobot.com”
 “Cloudflare.com”
 “Sucuri.net”
PREVENTION OF DENIAL OF SERVICE ATTACK
• By more bandwidth.
• Build redundancy into infrastructure.
• Firewall.
• Internet service provider(ISP).
• Protect your DNS server.

21. z
PROXY