Sam owns a small business selling smart-phone applications. Sam conducts his business entirely online using an e-commerce website. The e-commerce website includes a web server which hosts the small business’ website, a back-end database-for processing transactions-and a firewall to protect the website from outside attacks.
One day, Sam receives a phone call from a customer complaining about the website being unavailable and displaying a message in red text that says “Hackers were here!” To Sam’s dismay, the website had been defaced by a group of hackers who do not believe in smart-phone applications and as a result, decided to deface Sam’s website.
– What tools could the hackers have used to deface the website?
– What could you, as a security practitioner, do to consult Sam and prevent this type of web attack from happening in the future?