Running Head: Web Server Application Attacks
Web Server Application Attacks
Assignment # 1
Common web application vulnerabilities and attacks, and recommend mitigation strategies
The World Wide Web has evolved into a critical delivery pipeline for institutions to interact with customers, partners and employees. Via browsers, people use web sites to send and receive information via Hypertext Markup Language (HTML) messages to web applications housed on web servers. This information, expected as legitimate messages, can be used illegitimately in unauthorized ways to compromise security ...view middle of the document...
To mitigate these risks; Ensure the application will not process SQL commands from the user, Design and program web applications that prevent client-supplied values from being treated as an SQL syntax, apply default error handling.
c.) Denial of service - many web applications are vulnerable to denial-of-service (DoS) attacks that can consume increasing amounts of network bandwidth, causing loss of performance or a total shutdown of the affected network. DoS attacks may be as simple as repeated requests for a single URL from a single source or can be more complex with a coordinated effort from multiple machines barraging the URL. To mitigate these risks; Ensure that the application functions properly when presented with large volumes of transactions, requests or traffic, Block repeated request from a single URL, Prevent application overload by performing content filtering with the firewall.
Architectural design to protect Web servers from Denial of Service (DOS) attack.
To provide protection from DoS or DDoS attacks, basic security measures are mandatory. If a running system is hacked into, no more network attacks are necessary, since local attacks (like processes consuming lots of memory or CPU time, or simply shutting down the system) are far more effective. A set of firewalls should be used to separate the interior net (and probably a demilitarized zone) from the Internet. Intrusion Detection Systems should be used to notify the system administrators of unusual activities. The firewall rules should include some sanity checks for source and destination addresses: Packets arriving from the Internet must not have a source address originating from the interior net, and vice versa. By rejecting packets from the interior net with a non-local source address, packet spoofing becomes impossible. This technique is known as ingress and egress filtering. Even if a host is invaded by a hacker, these rules make it impossible to use that host as a platform for further attacks requiring spoofed packets. In contrast to attacks focusing on implementation or protocol errors, it is rather difficult to defend against DoS or DDoS attacks which overload the systems network connection or local resources. These attacks usually put a heavy load on the target by making regular requests very rapidly. It is hard to distinguish if a web server is stormed by thousands of clients, or if there is a DoS attack in progress. A simple way to force the problem of heavy load is to use a server farm together with a load balancer. This will help against small attacks, but not against a DDoS started from several hundred hosts. Furthermore, increasing the number of servers is rather expensive.
Attack on the Justice Department’s Web site
An apparent denial of service attack, which overloads a site’s servers with requests for access, crippled portions of www.Justice.gov[->0]. Its site was experiencing “a significant increase in activity, resulting in degradation in service,” and...