Web Server Application Attacks Essay

991 words - 4 pages

Introduction
There are more Web application vulnerabilities than one can even count, and they have become so widespread that most hacking sites have tools that you can download to search, find, and exploit tools these vulnerabilities. This makes it very easy for even a rookie hacker to exploit these flaws. The three common web application vulnerabilities and attacks are as follows: Username enumeration, Security misconfiguration, and SQL Injection.

Three common Web application vulnerabilities and attacks
Username enumeration is my first common Web application vulnerability and/or attack. This type of attack is backend validation script that helps an attacker determine if a username is correct or not. This vulnerability opens the door for an attacker allowing them to test different usernames in order to locate valid ones. Attackers often use default usernames and passwords such as admin/admin, etc. Some mitigation strategies that can help minimize these type of attacks would be to limit the amount of failed attempt that can be performed, as well as making sure default usernames and passwords are changed and never used in production systems. (Cobb, 2011)
Security misconfiguration is my second common Web application vulnerability and/or attack. If a network infrastructure supports any type of Web applications running on such things as databases, firewalls, and servers, there is a definite need them to be more securely configured and maintained. Some mitigation strategies might include a configuration with the minimal amount of privileges set. Making sure that users are adequately trained. It may also be beneficial to perform some penetration tests to determine if the Web applications are able securely configured and able to withstand an attack. (Kennedy, 2005)
SQL injection is my third common Web application vulnerability and/or attack. This attack is the most popular that many hackers use. Critical information from a can be retrieved from a database when this technique is used on a Web application server. Some mitigation strategies might include preventing users from connecting to a database as a super-user. Making sure popular commands such as POST, GET, etc. are limited or disabled.

Describe an architectural design to protect Web servers from a commonly known Denial of Service (DOS) attack
DOS attacks are very common and hard to prevent. I would use a web application firewall in my architectural design to help protect my Web Servers from DOS attacks. The web application firewall would offer protection by its process of inspecting all of the HTTP traffic to help prevent web applications exploits. The firewall checks the transmitted and received packets, IP addresses, and ports against the allowed or denied rules. This would also help to protect against other web attack techniques such as SQL Injection attacks and cross-site scripting.

Based on research from the Justice Department Website
Based on the article, “How was the Justice Department...

Find Another Essay On Web Server Application Attacks

The Client/Server Database Environment Essay

967 words - 4 pages information in a logical way. This also means that several different clients can be developed depending on the needs that arise. To simplify this process the Server applications will often include several exposed Application Program Interfaces, APIs, which allow the client to communicate with the Server without knowing any of the inner workings of the Processing or Storage Logic. The most common example of a thin client is a web browser. The

Structure of Web-Based UMS Using SOA

1212 words - 5 pages Basically, a Browser/Server (B/S) model is adopted in the system design where nearly all computing load is located on the server side, while the client side is only responsible for displaying. In this project, SOA is used to facilitate data communication and interactive operations for the reason that each web service is an independent unit in SOA. The general structure of the web-based UMS using SOA is described as follows (Figure 2). In Figure

Vulnerability assessment of the company system and recommendations on measures to mitigate or eliminate potential risks

1167 words - 5 pages scanning capabilities that include checking patches, windows checks, security updates, service packs, desktop application checks, configuration of errors (Simpson, Backman & Corley 2011: 211). MBSA can be used to perform vulnerability assessment in the company because all computers on the internal network are running Windows XP Professional (32 bit), Microsoft Office 2000, Adobe Reader, Java and other applications. The Web company Web server is

Web Vulnerabilities Paper

2243 words - 9 pages , defacing of websites can occur, and the attacker can even redirect users to other malicious sites. Cross-site scripting can occur in two ways… When data enters a web application through an untrusted source Dynamic content is sent to a web browser without being filtered for malicious content There is vast flexibility in cross-site scripting attacks that makes it so effective and hard to prevent. The data can contain malicious content in various

Vulnerability assessment of the company system and recommendations on measures to mitigate or eliminate potential risks

1339 words - 6 pages injection attacks that can be used to attack the system. All versions before SQL Server 2005 could allow remote users to gain access to the System Administrator (SA) through the SA account on the server (Simpson, Backman & Corley 2011: 209). As the company is running its Server with MySQL 3.23, it is therefore exposed to the risk of allowing users to access the SA and perform malicious activities or the third party can access the SA through users

The Cloud and Datacenter Utilization

1029 words - 4 pages prevents active attacks, which directly attack the IDSes.[Hypersector- Base]. Securing databases is an important consideration, exploitation of cloud application and databases may require virtual server separately. These servers are not believed as a physical server. These are dedicated to virtual applications and those are reconstructed with dedicated Network Interface Card (NIC).[Data base security ,-Sentrigo paper] Hardware of virtualization

Developing Secure Web Applications

1560 words - 6 pages then malicious code could be allowed to execute. To guard against these attacks, the application should use the server to validate the data entered in the web application. Often web applications rely on client side validation to reduce round trips to the server but this is a flawed approach because an attacker can bypass the client [11]. A recommended approach for input validation involves the following three steps: constrain, reject, and

sql injection

5877 words - 24 pages sensitive data. With improved performance of database server s most of the web applications use RDBMS (Relational Database Management Systems). And the web applications allow its valid users to either store/edit/view the data stored in RDBMS through the interface coded by the application programmers. Traditionally programmers have been trained in terms of writing code to implement the intended functionality but they are not aware of the security aspects

data reverse engineering in smart phones

787 words - 4 pages . The ANTI application also allows the user to perform MiTM attacks, allows the user to exploit Server and Client Sides. MiTM is normally use in cryptography and computer security. MiTM is basically eavesdropping. The application also comes with password cracker which determines the security level's in a password. ANTI may also replace an image in Denial of Service attacks and demos. All of these features are parrt of the Android Network Toolkit

Policing The Cloud

2169 words - 9 pages server and they cant access it, its because there are too many people on that server at once. To get more people using that web application at the same time a cluster of servers has to be set up this means that multiple server are connected together so that they can handle all of the people using that application. All of the servers are connected up together and their data bases have to copied from one server to the others so if a user connects to a

Computer Viruses and Malware

871 words - 3 pages INTRODUCTION Two of the common known attacks on computing systems are the deployment of computer viruses and malware. Computer viruses are minute program which is “embedded inside an application or within a data file which can copy itself into another program“(Adams et al, 2008 ) for the sole determination of meddling with normal computer operations. The consequences may range from corruption and deletion of data; propagation of virus on

Similar Essays

Local Web Server Essay

1011 words - 5 pages proposed that Alexus Enterprises opts to move forward to the use of a Windows Server 2012 system that will allow for the hosting of their own sites, ensuring that their web presence remains secure. To this end, the following proposal will work to detail the requirements for hosting a website on Windows Server 2012, the development plan needed to secure the server and to secure the website, and the plan for name resolution at the main location

Networked Applications, Notes From Business Data Communication Csi120, Describes Applications Used For Networking Ther Functions, Benefits, And How They Work. (Download Document For Ease Of Reading)

3068 words - 12 pages applications e-mail videoconferencing world wide web electronic commerce Application layer The only layer whose functionality users see directly TRADTIONAL APPLICATION ARCHITECTURES Terminal-host systems, client/server architectures (both file server program access and client/server processing. Hosts with Dump terminals         The first step beyond stand-alone machines still place the processing power on a single host computer but

Firewalls Why Is A Firewall Valuable?

651 words - 3 pages except web server transmission on a web server. However, they are normally used in conjunction with other firewalls. A drawback is they are very difficult to configure.Client firewallTypically must be configured by ordinary users. If the firewall is not configured correctly, there can be threads such as hacker attacks and congestions of the network.Application Firewalls A proxy firewall is the endpoint of the incoming and outgoing

Web And Database Attacks Essay

1969 words - 8 pages two concepts, web server and databases are related in purpose and these functions best suit them. Their areas of application are multidisciplinary and cut across various sectors of economic, social and political arenas upon which the three main functions are exercised. These areas of application may include but not limited to; Government to records information such as statistics, election information and tax records among others; Police for
8x04 Fairy Tail | Leerbewerking | Communication Climate - 824 Words