Cryptography is the technique of protecting data from unauthorized persons on a system. This technique involves taking a message, passing it through an encryption cipher (algorithm), and providing an output known as ciphertext (an encrypted message):
Cryptography has the following objectives:
- Confidentiality
- Integrity
- Authentication
- Non-repudiation
However, web applications can use poorly designed encryption code within their application to secure data being transferred between the end user's browser and the web application, and between the web application and the database server.
Such security flaws can lead to an attacker stealing and/or modifying sensitive data on a web or database server.
Next, we will learn about various web vulnerabilities and how to exploit file upload and file inclusion vulnerabilities on a target web server.
