Web Sever Application

Web Server Application Attacks

Brian Nance

CIS 502 Theories of Security Management

Strayer University

Prof. (Dr.) Gideon Nwatu

April 18, 2013

Examine three (3) common Web application vulnerabilities and attacks, and recommend mitigation strategies for each

Today, attackers have more opportunity and incentive than ever to gain access and exploit information through web applications. Most attacks happen at the Web application level because it provides easy access to the most valuable assets of an organization. These assets can include customer and employee information, trade secrets, and corporate intellectual property. Many sites are heavily secured at the network level with advanced firewalls and encryption. However, these tools will still allow hackers access to the enterprise through the manipulation of web applications.

The three most common Web application vulnerabilities are: Hidden Field Manipulation,

Application Buffer Overflow, and Cross-site Scripting.

Hidden Field Manipulation, “are embedded with HTML forms that store values that will be sent back to the server for data processing. However, these fields are not without merit, as they can provide an easy way for web applications to store and manipulate data client-side, in addition to passing information among different applications”. (korberos.com, 2011) The assumption is that these fields are invisible to users of the web application, however attacker can easily manipulate these fields using web browser DOM inspector tools before the data is sent back to the server for processing.

A strategy to mitigate Hidden Field Manipulation according to (korberos.com, 2011), requires a fix which only allows the use of hidden fields for client-side manipulation, storage, and processing. These fields should never be used for server-side data processing. Data should be stored on the server in a valid datasource and retrieved on request....