Web Application Hacking & Security
Web Application Hacking & Security Why Web Application Security? Application Layer • Attacker sends attacks inside valid HTTP requests. • Your custom code is tricked into doing something it should not. • Security requires software development expertise, not signatures. Network Layer • Firewall, hardening, patching, IDS, and SSL cannot detect or stop attacks inside HTTP requests. • Security relies on signature databases Network Layer • Firewall, hardening, patching, IDS, and SSL cannot detect or stop attacks inside HTTP requests. • Security relies on signature databases Security Misconceptions“The Firewall protects my web server and database” • Access to the server through ports 80 and 443 makes the web server part of your xternal perimeter defense. • Vulnerabilities in the web server software or web applications may allow access to internal network resources “The IDS protects my web server and database” • The IDS is configured to detect signatures of various well-known attacks. • Attack signatures do not include those for attacks against custom applications. “SSL secures my site” • SSL secures the transport of data between the web server and the user‟s browser. • SSL does not protect against attacks against the server and applications . • SSL is the hackers best friend due to the false sense of security. |
No comments: