book

CEH Certified Ethical Hacker Cert Guide, 5th Edition

by Omar Santos, Michael Gregg

August 2025

Intermediate to advanced

917 pages

19h 41m

English

Pearson IT Certification

Read now

Unlock full access

How to Use This BookThe Companion Website for Online Content ReviewHow to Access the Pearson Test Prep (PTP) AppCustomizing Your ExamsUpdating Your ExamsPremium Edition eBook and Practice TestsEnd-of-Chapter Review ToolsGoals and MethodsWho Should Read This Book?Strategies for Exam PreparationHow This Book Is Organized
“Do I Know This Already?” QuizFoundation TopicsSecurity FundamentalsSecurity TestingHacking Methodologies and FrameworksHacking Concepts: Hacker and Cracker DescriptionsEthical Hacking Concepts: Ethical HackersTest Plans—Keeping It LegalEthics and LegalitySummaryExam Preparation TasksReview All Key TopicsDefine Key TermsExercisesReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsThe Hacking ProcessThe Ethical Hacker’s ProcessInformation Security Systems and the StackSummaryExam Preparation TasksReview All Key TopicsDefine Key TermsExercisesReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsFootprintingScanningSummaryExam Preparation TasksReview All Key TopicsDefine Key TermsExercisesReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsEnumerationSystem Hacking Phases and Attack TechniquesEstablishing PersistenceSummaryExam Preparation TasksReview All Key TopicsDefine Key TermsExerciseReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsSocial EngineeringMalware ThreatsVulnerability AnalysisSummaryExam Preparation TasksReview All Key TopicsDefine Key TermsCommand Reference to Check Your MemoryExercisesReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsSniffersSession HijackingDenial of Service (DoS) and Distributed Denial of Service (DDoS)SummaryExam Preparation TasksReview All Key TopicsDefine Key TermsExercisesReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsWeb Server HackingWeb Application HackingDatabase HackingSummaryExam Preparation TasksReview All Key TopicsExerciseReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsWireless and Mobile Device TechnologiesWi-FiSummaryExam Preparation TasksReview All Key TopicsDefine Key TermsReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsIntrusion Detection and Prevention SystemsFirewallsEvading NAC and Endpoint SecurityHoneypotsSummaryExam Preparation TasksReview All Key TopicsDefine Key TermsReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsCryptography History and ConceptsEncryption AlgorithmsPublic Key InfrastructureEmail and Disk EncryptionCryptoanalysis Tools and AttacksSecurity Protocols and CountermeasuresSummaryExam Preparation TasksReview All Key TopicsDefine Key TermsExercisesReview QuestionsSuggested Reading and Resources
“Do I Know This Already?” QuizFoundation TopicsCloud ComputingCloud SecurityIoTBotnetsSummaryExam Preparation TasksReview All Key TopicsDefine Key TermsReview QuestionsSuggested Reading and Resources
Hands-on ActivitiesSuggested Plan for Final Review and StudySummary

Content preview from CEH Certified Ethical Hacker Cert Guide, 5th Edition

Chapter 7 Web Server Hacking, Web Applications, and Database Attacks

This chapter covers the following topics:

Web Server Hacking: Because they are available to anyone with an Internet connection, web servers are a constant target of attackers.
Web Application Hacking: Application developers have an important job in that they must verify all data and understand that all input/output and processed data must be validated because organizations rely heavily on modern web applications.
Database Hacking: SQL injection has been one of the most common attacks for years. It takes advantage of unvalidated input and potentially can give attackers access to sensitive data (even credit card numbers).

Web-based applications are everywhere. You can find ...