SUBDOMAIN 426.4 - HACKING Competencies:
426.4.2: Preattack Planning - The graduate evaluates techniques used in footprinting and implements industry best practices to protect against this type of information asset vulnerability.
426.4.3: System Hacking - The graduate evaluates various network system hacking counter-techniques.
426.4.5: Hacking Web Servers - The graduate identifies known web server vulnerabilities and demonstrates industry best practices to protect against this type of threat.
426.4.6: Web Application Vulnerabilities - The graduate identifies common web application vulnerabilities and uses industry best practices to protect against this type of threat.
Introduction: Maintaining a proactive approach on security requires that an organization perform its own hacking footprinting to see how much information is available to potential hackers. Some organizations do this using internal staff; however, it is much more common to see organizations hire external security consultants to perform these types of security reviews. This allows a truly unbiased outsider to attempt to gather as much information as possible to formulate an attack. Assume that you have been selected as the security consultant to perform a comprehensive security review for an organization of your choosing. Ensure that the organization that you select has a public website that you can access and at least one web application that you can use for this task. You will review the security of the organization’s website and any related web applications and consider security risks such as structured query language (SQL) injection and social engineering techniques. To complete this task, you will need to perform a footprinting analysis of your selected company. Your comprehensive security review will involve a series of tasks that are described in detail below.
Note: