SlideShare a Scribd company logo

Top 10 Web Server Flaws Exposed

Download as PPTX, PDF
T
tobybear30
Technology
1 of 12
Top 10 Web ServerSecurity flaws Abertay ID 1007639 Adam Smith ID 1001775
SQL Injection Types of SQL Injection First Order Attack(FOA) Second Order Attack(SOA) Lateral Injection(LI) Threats ? Vulnerabilities ? Countermeasures ?
XSS Types of XSS attacks Stored Reflected Dom based Threats ? Vulnerabilities ? Countermeasures ? .
Broken Authentication andSession Management Threats ? Vulnerabilities ? Countermeasures ?
Insecure Direct Object References Threats ? Vulnerabilities ? Countermeasures ?
CSRF attacks are also known by a number of other names XSRF Sea Surf Session Riding Hostile Linking. Cross-Site Request Forgery Threats ? Vulnerabilities ? Countermeasures ? CSRF
Security Misconfiguration Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure defaults. This includes keeping all software up to date, including all code libraries used by the application.
Insecure Cryptographic storage Many web applications do not properly protect sensitive data, such as credit cards, SSNs, and authentication credentials, with appropriate encryption or hashing. Attackers may steal or modify such weakly protected data to conduct identity theft, credit card fraud, or other crimes.
Failure to Restrict URL access Many web applications check URL access rights before rendering protected links and buttons. However, applications need to perform similar access control checks each time these pages are accessed, or attackers will be able to forge URLs to access these hidden pages anyway.
Insufficient Transport Layer Protection Applications frequently fail to authenticate, encrypt, and protect the confidentiality and integrity of sensitive network traffic. When they do, they sometimes support weak algorithms, use expired or invalid certificates, or do not use them correctly.
Redirects and Forwards Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
Conclusions

Recommended

Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site SecuritySteven Cahill
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challengesMartins Chibuike Onuoha
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 
Introduction to Web Server Security
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server SecurityJITENDRA KUMAR PATEL
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overviewMohamed Sayed
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Deltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingDeltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingdivyeshkharade
 

Recommended

Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site SecuritySteven Cahill
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challengesMartins Chibuike Onuoha
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 
Introduction to Web Server Security
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server SecurityJITENDRA KUMAR PATEL
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overviewMohamed Sayed
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Deltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingDeltecs Services for Vulnerability Assessment and penetration testing
Deltecs Services for Vulnerability Assessment and penetration testingdivyeshkharade
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Web security
Web securityWeb security
Web securityrakesh bandaru
 
Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with dataColonel_Black
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayKevin Lim
 
Web Application Security Tips
Web Application Security TipsWeb Application Security Tips
Web Application Security Tipstcellsn
 
Security communication
Security communicationSecurity communication
Security communicationSay Shyong
 
Information security
Information securityInformation security
Information securitySathyanarayana Panduranga
 
OWASP
OWASPOWASP
OWASPgehad hamdy
 
OWASP Top 10 Overview
OWASP Top 10 OverviewOWASP Top 10 Overview
OWASP Top 10 OverviewPiTechnologies
 
Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with dataColonel_Black
 
Attack chaining for web exploitation
Attack chaining for web exploitationAttack chaining for web exploitation
Attack chaining for web exploitationn|u - The Open Security Community
 
OWASP Evening #10
OWASP Evening #10OWASP Evening #10
OWASP Evening #10Predrag Cujanović
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPTSweta Leena Panda
 
Attack lecture #2 ppt
Attack lecture #2 pptAttack lecture #2 ppt
Attack lecture #2 pptvasanthimuniasamy
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Web security
Web securityWeb security
Web securityPadam Banthia
 
Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Abhijeth D
 
Webhawk as-software
Webhawk as-softwareWebhawk as-software
Webhawk as-softwareDivyanisetia
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
Web application security I
Web application security IWeb application security I
Web application security IMd Syed Ahamad
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 

More Related Content

What's hot

Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with dataColonel_Black
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayKevin Lim
 
Web Application Security Tips
Web Application Security TipsWeb Application Security Tips
Web Application Security Tipstcellsn
 
Security communication
Security communicationSecurity communication
Security communicationSay Shyong
 
Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with dataColonel_Black
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Abhijeth D
 
Webhawk as-software
Webhawk as-softwareWebhawk as-software
Webhawk as-softwareDivyanisetia
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 

What's hot (20)

Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
 
Web security
Web securityWeb security
Web security
 
Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with data
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information Highway
 
Web Application Security Tips
Web Application Security TipsWeb Application Security Tips
Web Application Security Tips
 
Security communication
Security communicationSecurity communication
Security communication
 
Information security
Information securityInformation security
Information security
 
OWASP
OWASPOWASP
OWASP
 
OWASP Top 10 Overview
OWASP Top 10 OverviewOWASP Top 10 Overview
OWASP Top 10 Overview
 
Possible security issues with data
Possible security issues with dataPossible security issues with data
Possible security issues with data
 
Attack chaining for web exploitation
Attack chaining for web exploitationAttack chaining for web exploitation
Attack chaining for web exploitation
 
OWASP Evening #10
OWASP Evening #10OWASP Evening #10
OWASP Evening #10
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weapons
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPT
 
Attack lecture #2 ppt
Attack lecture #2 pptAttack lecture #2 ppt
Attack lecture #2 ppt
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Web security
Web securityWeb security
Web security
 
Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015Attack chaining for web exploitation #c0c0n2015
Attack chaining for web exploitation #c0c0n2015
 
Webhawk as-software
Webhawk as-softwareWebhawk as-software
Webhawk as-software
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
 

Similar to Top 10 Web Server Flaws Exposed

Web application security I
Web application security IWeb application security I
Web application security IMd Syed Ahamad
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3vhimsikal
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersBenjamin Floyd
 
Top 10 Web App Security Risks
Top 10 Web App Security RisksTop 10 Web App Security Risks
Top 10 Web App Security RisksSperasoft
 
Securing the Web @RivieraDev2016
Securing the Web @RivieraDev2016Securing the Web @RivieraDev2016
Securing the Web @RivieraDev2016Sumanth Damarla
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
Application-security-Javascript.pptx
Application-security-Javascript.pptxApplication-security-Javascript.pptx
Application-security-Javascript.pptxDBALLIANCE Ltd UK
 
CROSS SITE SCRIPTING.ppt
CROSS SITE SCRIPTING.pptCROSS SITE SCRIPTING.ppt
CROSS SITE SCRIPTING.pptyashvirsingh48
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 

Similar to Top 10 Web Server Flaws Exposed (20)

Web application security I
Web application security IWeb application security I
Web application security I
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web Developers
 
Top 10 Web App Security Risks
Top 10 Web App Security RisksTop 10 Web App Security Risks
Top 10 Web App Security Risks
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
Securing the Web @RivieraDev2016
Securing the Web @RivieraDev2016Securing the Web @RivieraDev2016
Securing the Web @RivieraDev2016
 
OWASP Evening #10 Serbia
OWASP Evening #10 SerbiaOWASP Evening #10 Serbia
OWASP Evening #10 Serbia
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Security 101
Security 101Security 101
Security 101
 
C01461422
C01461422C01461422
C01461422
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 
Vulnerability manager v1.0
Vulnerability manager v1.0Vulnerability manager v1.0
Vulnerability manager v1.0
 
gpt.AI.docx
gpt.AI.docxgpt.AI.docx
gpt.AI.docx
 
Application-security-Javascript.pptx
Application-security-Javascript.pptxApplication-security-Javascript.pptx
Application-security-Javascript.pptx
 
Website Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your WebsiteWebsite Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your Website
 
CROSS SITE SCRIPTING.ppt
CROSS SITE SCRIPTING.pptCROSS SITE SCRIPTING.ppt
CROSS SITE SCRIPTING.ppt
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007
 
T04505103106
T04505103106T04505103106
T04505103106
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Top 10 Web Server Flaws Exposed

  • 1. Top 10 Web ServerSecurity flaws Abertay ID 1007639 Adam Smith ID 1001775
  • 2. SQL Injection Types of SQL Injection First Order Attack(FOA) Second Order Attack(SOA) Lateral Injection(LI) Threats ? Vulnerabilities ? Countermeasures ?
  • 3. XSS Types of XSS attacks Stored Reflected Dom based Threats ? Vulnerabilities ? Countermeasures ? .
  • 4. Broken Authentication andSession Management Threats ? Vulnerabilities ? Countermeasures ?
  • 5. Insecure Direct Object References Threats ? Vulnerabilities ? Countermeasures ?
  • 6. CSRF attacks are also known by a number of other names XSRF Sea Surf Session Riding Hostile Linking. Cross-Site Request Forgery Threats ? Vulnerabilities ? Countermeasures ? CSRF
  • 7. Security Misconfiguration Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure defaults. This includes keeping all software up to date, including all code libraries used by the application.
  • 8. Insecure Cryptographic storage Many web applications do not properly protect sensitive data, such as credit cards, SSNs, and authentication credentials, with appropriate encryption or hashing. Attackers may steal or modify such weakly protected data to conduct identity theft, credit card fraud, or other crimes.
  • 9. Failure to Restrict URL access Many web applications check URL access rights before rendering protected links and buttons. However, applications need to perform similar access control checks each time these pages are accessed, or attackers will be able to forge URLs to access these hidden pages anyway.
  • 10. Insufficient Transport Layer Protection Applications frequently fail to authenticate, encrypt, and protect the confidentiality and integrity of sensitive network traffic. When they do, they sometimes support weak algorithms, use expired or invalid certificates, or do not use them correctly.
  • 11. Redirects and Forwards Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.