Web Server Application Attacks

|

Web Server Application Attacks

|

|

1/19/2014

|

In the last fifteen years, the World Wide Web has exploded into mainstream culture across the world as a source of information, communication and commerce. It is and will continue to be imperative for companies and organizations to make themselves accessible by means of web access. While the internet has opened up new worlds for communication and commerce, it has also opened up new ways for theft, fraud, and general attacks against corporations and governments by exploiting vulnerabilities in their web content. Headlines of attacks have become all too common in the past few years with the effects ranging anywhere from disabling a website for several hours to the theft of personal information such as credit card data. Target is a recent example, having last month had their POS system hacked and thousands of customers’ credit card data stolen. In 2012, the United States Justice Department was the victim of a distributed denial of service attack on its website that shut down the public website for several hours. In the following pages, I will discuss current threats and vulnerabilities of web server application attacks and will also focus on the DDoS attack that occurred on the Justice Department website in 2012.

The Open Web Application Security Project or OWASP is a non-profit organization that provides an open source available for organizations to “conceive, develop, acquire, operate and maintain applications that can be trusted,” (About OWASP, 2013). Each year, OWASP publishes a list of the top ten application flaws and vulnerabilities that it views as the most common and also provides information such as the prevalence, detectability, and impact these weaknesses can cause as well as suggestions for prevention. In 2013, the top three weaknesses OWASP named were injection, such as SQL and LDAP, broken authentication and session management regarding the authentication of users to protect...