1.5 History of Ethical Hacking: 1.5.1 Narendramodi App: 1.5.2 Rajya Sabha Website:On the march 19 group of hacker which is known as the Lulzsec india claimed that they have hacked in the rajya sabha website in which only member of rajya sabha and admin have access.They had bypassed the password verification page and gained access to the website.They uploaded two screenshots on Twitter showing that they have hacked in the Amit Shah’s(President of the Bharatiya Janata Party) account, one screen shot was having the photo of amit shah portal and the second screen shot was showing the request that he has to change his address1.
5.3 Fortnite Game Hack:Fortnite is very famous online game and it’s users are increasing every day because of this more and more hackers are paying attention to hack into the users account. Recently some users claimed that their accounts have been taken over and they have charged for the items that they never bought and because of this they have lost hundreds of dollars.1.
5.4 ISRO server hack:Security experts have claimed that the ISRO servers are affected by the malware this malware was so dangerous that hacker could have taken control on the rocket launches and failed them. On the december 2017 security researchers claimed that there is one virus in the ISRO server that is known as the XtremeRAT, at the starting they ignored this after that when the french researcher Robert Baptiste reported through the twitter ISRO removed that virus from the servers.1.
5.5 facebook data leak:2. OWASP vulnerabilities The Open Web Application Security Project (OWASP) is the world wide non profitable organization with the main goal to improve security of the software. Every year they publish a list of top 10 vulnerabilities of the web application for the reference purpose. According to the top 10 vulnerabilities list published in 2018 they are as follows with the way to prevent them:2.1 SQL Injection: Injection attacks are the type of attacks with provide ability to the hacker for data theft, data loss and even full system compromise. In this attack attacker provide untrusted input to the program ,which then get executed by the interpreter and effect the software or data.
Injection attack is one of the most powerful and oldest attack to hack the web application. Suppose we have one application in which user need to login first in order to use the application. We ask for username and password and then using below SQL search query we search for the user, and compare it with the entered data if it mach user is logged in. “SELECT * FROM Table WHERE Name=”+name;Here we are taking data from the user and using it in the query without checking that it is valid or not. It provide attacker flexibility to run SQL query and do whatever he wants with the database. For example if we type { ” or “”=””; DELETE * FROM Table WHERE “1”=”1} instead of name of the user SQL search query will be converted into two queries which are as follows: SELECT * FROM Table WHERE Name=”” or “”=””; DELETE * FROM Table WHERE “1”=”1″ Here Second statement delete all the data form the table.
To prevent this attack we must check user input for validation some of the techniques by which injection attack can be prevented are as follows:
