Web Server Application Attacks
Assignment # 1
Common web application vulnerabilities and attacks, and recommend mitigation strategies
The World Wide Web has evolved into a critical delivery pipeline for institutions to interact with customers, partners and employees. Via browsers, people use web sites to send and receive information via Hypertext Markup Language (HTML) messages to web applications housed on web servers. This information, expected as legitimate messages, can be used illegitimately in unauthorized ways to compromise security vulnerabilities a.)Authentication - one of the biggest web application weaknesses is the failure to provide a means of strong authentication to verify the end user is whom he/she claims. Prior to accessing a web application, a server may require the end user to authenticate him/herself to identify the user or determine the user's access privileges. To mitigate these risks; employ strong authentication, such as HTTPS, with encrypted credentials, require authentication at specified time intervals or movement between web pages, regularly test authentication and implement authorization. b.)SQL injection - Many web applications do not properly strip user input of unnecessary special characters or validate information contained in a web request before using that input directly in SQL queries. SQL injection is an attack technique that takes advantage of the web application to extract or alter information from the database. Hackers enter SQL queries or characters into the web application to execute an unexpected action that can then act in a malicious way. Such queries can result in access to unauthorized data, bypassing of authentication or the shutting down of a database, regardless of whether the database resides on the web server or a separate server. To mitigate these risks; Ensure the application will not process SQL commands from the user, Design and program web applications that prevent client-supplied values from being treated as an SQL syntax, apply default error handling. c.)Denial of service - many web applications are vulnerable to denial-of-service (DoS) attacks that can consume increasing amounts of network bandwidth, causing loss of performance or a total shutdown of the affected network. DoS attacks may be as simple as repeated requests for a single URL from a single source or can be more complex with a coordinated effort from multiple machines barraging the URL. To mitigate these risks; Ensure that the application functions properly when presented with large volumes of transactions, requests or traffic, Block repeated request from a single URL, Prevent application overload by performing content filtering with the firewall. Architectural design to protect Web servers from Denial of Service (DOS) attack.
To provide protection from DoS or DDoS attacks, basic security measures are mandatory. If a running system is hacked into, no more network attacks are necessary, since local attacks (like processes consuming lots of memory or CPU time, or simply shutting down the system) are far more effective. A set of firewalls should be used to separate the interior net (and probably a demilitarized zone) from the Internet. Intrusion Detection Systems should be used to notify the system administrators of unusual activities. The firewall rules should include some sanity checks for source and destination addresses: Packets arriving from the Internet must not have a source address originating from the interior net, and vice versa. By rejecting packets from the interior net with a non-local source address, packet spoofing becomes impossible. This technique is known as ingress and egress filtering. Even if a host is invaded by a hacker, these rules make it impossible to use that host as a platform for further attacks requiring spoofed packets....