How to Prevent Common Web Server Vulnerabilities

How to Prevent Common Web Server Vulnerabilities | Chicago IT | Equilibrium IT | EQInc.comWhen we think of a web servers we most commonly think of them being published to the Internet. It is also common for organizations to have internal web servers presenting internal web apps.

 

 

 

 

Wide Exposure

Web servers most commonly fall victim to attacks from malicious users when published on the Internet due to the wider exposure to threats. This is typically due to poor web application development or poor web server configuration.

Many web servers become compromised due to lack of patch management and poor input validation.

Buffer Overflow

For example, consider a buffer overflow attack. This type of attack relies on the backend server code to not properly sanitize or validate the input the user enters. The desired end result for this type of attack is to execute arbitrary lines of code. This can allow the attacker to potentially gain access to otherwise restricted data.

SQL Injection

Like buffer overflows, SQL injection relies heavily on poor input validation. Many applications will rely on a database to store and retrieve data. If an attacker is able to craft a specially formed string, they can get the web application to return data stored within the database.

This depends on the rights allowed for the service account used within the application. This is why it is necessary to ensure that your application service accounts only have
the necessary security rights to perform the jobs intended. An example would be a service account that only reads information from a database. It would not be necessary for this account to have access to write or drop data for the
database. This is a great example of using the Principle of Least Privilege.

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is a web site vulnerability that allows a hacker to inject client-side scripts into a web page. When a normal user visits a site that displays susceptible content such as dynamic web pages, an attacker may inject malicious code to infect the user.

This type of attack threatens the users of your web page and has high visibility to customers. This can gives your organization a bad reputation.

Would you like to perform a Web Application Penetration Test on your web servers? Let's Talk.

Author: Chad Akileh

Equilibrium IT Solutions, Inc.
Chicago, IL
Security Practice

Follow EQ:

EQ Linked-In | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Facebook | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Google+ | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Twitter | Security | Chicago IT | Equilibrium IT | EQInc.com

 

Questions?  Call us today in Chicago at 773-205-0200 | Email us at  | Request a FREE Consultation

 

Contact Us

Call today! 773.205.0200 or use the form below.