Security Testing - Exploitation



Exploitation is the last phase where a security tester actively exploits the security weaknesses present in the system under consideration. Once the attack is successful, it is possible to penetrate more systems in the domain, because the penetration testers then have the access to more potential targets that were not available before.

Techniques Used in Exploitation

The types of exploitation are segregated into three different categories −

  • Attack Against WEB-SERVERS

    • SQL Injection
    • Cross-site Scripting
    • Code Injection
    • Session Hijacking
    • Directory Traversal
  • Attack against NETWORKS

    • Man in the Middle Attack
    • Spoofing
    • Firewall Traversal
    • WLAN
    • ARP Poisoning
  • Attack against SERVICES

    • Buffer Overflows
    • Format Strings
    • Dos
    • Authentication flaws

Flow Diagram