By Creighton Linza for IT IS 3200. Introduction  Search Engine  an information retrieval system that searches its database for matches based on a query.

Slides:



Advertisements
Similar presentations
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Advertisements

Mello-Dee Simmons Liza Klosterman.  Who We Are ‣Largest community-owned utility in Florida and the eighth largest in the United States. ‣Electric system.
Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Attacks to Databases October 2014.
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
Introduction The Basic Google Hacking Techniques How to Protect your Websites.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Introduction Web Development II 5 th February. Introduction to Web Development Search engines Discussion boards, bulletin boards, other online collaboration.
Enterprise Network Security Accessing the WAN Lecture week 4.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
WEB HOSTING & UPLOADING SITI ZULAIHA BINTI MOHD RAIS PGC
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
What is FORENSICS? Why do we need Network Forensics?
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Why do you need to think about security?  Data loss  System loss  Identity theft.
Searching Information. General Steps Identifying Key Words, Synonyms, and Key Phrases Constructing an effective search statement Advance search/boolean.
FLOOR CANDY.
McLean HIGHER COMPUTER NETWORKING Lesson 7 Search engines Description of search engine methods.
Copyright Security-Assessment.com 2005 GoogleMonster Using The Google Search Engine For Underhand Purposes by Nick von Dadelszen.
Web Applications Testing By Jamie Rougvie Supported by.
Electronic Security Initiative 2005 Security Assessment & Security Services 23 August 2005.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Topic 5: Basic Security.
CERN IT Department CH-1211 Genève 23 Switzerland t Security Overview Luca Canali, CERN Distributed Database Operations Workshop April
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Minimizing your vulnerabilities. Lets start with properly setting up your servers which includes… Hardening your servers Setting your file and folder.
Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
Introduction to Security Dr. John P. Abraham Professor UTPA.
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Zemana AntiLogger (2012) Zemana AntiLogger (2012) Zemana Antilogger has been specifically developed to protect PC from numerous security.
1 (c) 2013 FabSoft. MOST Cloud Service What is a Cloud Service? A cloud service is internet-based, meaning that MOST is hosted on a server farm on the.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Kevin Watson and Ammar Ammar IT Asset Visibility.
SEMINAR ON INTERNET SEARCHING PRESENTED BY:- AVIPSA PUROHIT REGD NO GUIDED BY:- Lect. ANANYA MISHRA.
Information Security Analytics
Hotspot Shield Protect Your Online Identity
Web Application Protection Against Hackers and Vulnerabilities
Critical Security Controls
Common Methods Used to Commit Computer Crimes
World Wide Web policy.
Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.
Kennesaw State University
How to Secure Facebook Using Norton. If you are Norton customers and holds a Facebook account, this is how you can secure your account in few simple steps:
Mcafee updates Mcafee antivirus uses a database of known virus definitions to identify malware and other threats on your computer system. So it is important.
Nessus Vulnerability Scanning
What is a Search Engine EIT, Author Gay Robertson, 2017.
Brute force attacks, DDOS, Botnet, Exploit, SQL injection
Modular Object Scanning Technology (MOST)
Lecture 2 - SQL Injection
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Presentation transcript:

By Creighton Linza for IT IS 3200

Introduction  Search Engine  an information retrieval system that searches its database for matches based on a query  Web Crawler  a program or script that automatically browses the web

Introduction  Search Engine Attacks  Passive  Stealth  Have the ability to use the ‘huge memory’ of the internet

Main Issues  Exploits in software used to secure databases  ‘Simple’ Identity theft  Little information required to get the attacker going  Financial threats

Who benefits from this research?  The Good  Security personnel  Individual Users  The Bad  Hackers  Solicitors

Who has worked with this research?  Founders of Search Engine Attacks  Oliver Peek  Kristjan Lepik  What they did  Found press releases in advance  Overall made 7.8 million dollars

General Attacks  Search for Passwords  “index of” htpasswd / passwd  filetype:xls + Search Terms  “WS_FTP.LOG”  Web help forums

General Attacks (cont’d)  Google cache  Bad for those who thought their problem was fixed  Google Code Search  Exploitable code  Common files and directories  “index of” “listener.ora”

Database Attacks  Potentially vulnerable web applications searched for via a search engine  Allow for advanced, specific, target-oriented searching  Use exploits to attack holes  ‘Protected’ databases found completely exposed by web crawlers

Oracle Attacks Example  Oracle servers/database attack on iSQLPlus  Java servlet that listens on port 7777 or 5560  If either port is exposed to the internet  Web server and applications can be inventoried by a web crawler  A route to access an internal database is created  From here, user accounts can be easily stolen  Do-it-yourself  allinurl: “/isqlplus”

What can be improved  Latest updates and patches  Disable directory browsing  No sensitive information online  Unless using proper authentication  Analyze server’s log for web crawler’s access  Ask the search engine provider to remove any necessary content

Conclusion  Web Crawler program/script overhaul  Google Webmaster Tools  More security  Workload  WYSIWYG (me)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.