Module 13: Hacking Web Servers
├── Web Servers Overview
│   ├── Components
│   │   ├── Document Root
│   │   ├── Server Root
│   │   ├── Virtual Document Tree
│   │   ├── Virtual Hosting
│   │   └── Web Proxy
│   └── Architectures
│       ├── LAMP Stack
│       └── Microsoft IIS
├── Security Issues
│   ├── Vulnerabilities
│   │   ├── Software Vulnerabilities
│   │   ├── Configuration Errors
│   │   └── Goals of Attackers
│   └── Security Flaws
│       ├── Lack of Updates
│       ├── Credential Reuse
│       ├── Unrestricted Traffic
│       └── Unhardened Applications
├── Common Attacks
│   ├── DNS Server Hijacking
│   ├── DNS Amplification Attack
│   ├── Directory Traversal Attacks
│   ├── Website Defacement
│   ├── Web Server Misconfiguration
│   ├── HTTP Response-Splitting Attack
│   ├── Web Cache Poisoning Attack
│   ├── SSH Brute Force Attacks
│   ├── Web Server Password Cracking
│   │   ├── Dictionary Attacks
│   │   ├── Brute-Force Attacks
│   │   └── Hybrid Attacks
│   ├── DoS/DDoS Attack
│   └── Man-in-the-Middle Attack
├── Preventive Measures
│   ├── Regular Updates and Patching
│   ├── Strong Authentication
│   ├── Application Hardening
│   ├── Traffic Restrictions
│   ├── Proper Configuration
│   └── Monitoring and Security
└── Perspectives
    ├── Webmaster’s Perspective
    ├── Network Administrator’s Perspective
    └── End User’s Perspective