Defacement Use Cases
Cases of defacement are consist of several types. We classified based on page suffer the defacement and the case repeatability. Here we go:
H = defacement happens in homepage
Defacer attack the homepage, because it is the very first page a user landed. Besides, it is the most remember URL of an institution's website. As the homepage is attacked, user shall feel hard to navigate throughout the website.
M = defacement happens in many page of the respective IP address.
While defacer attack many pages of a website, tend to destroy the experience of user and inhibit the functionalities they should get from a digital application system.
R = redefacement; the defacement happens again after had been treating a while ago. It must be very annoying right, for the administrator.
Consistent redefacement is dangerous for website's owner. In short term, user can't access and get benefit from the digital app. In long term, it shall damage owner's brand and reputation.
The vulnerability was previously not bug fixed, so it is possible to have defacement with the same pattern.
There was another vulnerability on the same page that could turn out to be possible for another defacement.
This site is being attacked (due to certain issues and other things) so that there are many defacement attempts that may lead to re-defacement by other groups.
Abovementioned are types of defacement use cases categorisation. To prevent those happening, deploying SentryPage, one of defacement monitoring tool, is the correct answer in preventing defacement. Cost of time and resource to recovery must be higher than deploying a defacement monitoring tool like SentryPage.
Careful evaluation and configuration of the tools to detect both full and partial defacements involving HTML as well as linked images, scripts and stylesheets are important to ensure an effective tool is in place.