Top Technology Stories

Monday, March 31st, 2008 | Posted by

Top 10 Web Security Threats - Part 2


WebSecurity-ThreatsIn the first part of this article we looked at first five web security threats. In this part of the article, we are looking at the rest of five security threats that includes programming and server configuration and management.

Sixth - SQL Injection. All of the web applications have a back end connected to a database. All of these databases use SQL or it’s variants for data definition and manipulation. If the input fields of the web application are not validated properly, an attacker can insert some of the SQL commands that will be passed to the database and get executed in the SQL form. This way, instead of the execution of the business logic, an SQL code is executed giving the attacker the control of the web application.

Seventh - Improper Error Handling. Error conditions that are expected when operating in normal conditions are not handled properly. If an attacker can figure out the unhandled error conditions, then they can attack and gain detailed system information, service interruption or eventually crash the server.

Eighth - Insecure Storage. Usually web applications use cryptographic functions and tools to protect information when it is transported and stored. Some of these encryption mechanisms and functions may not effect properly resulting a breach of security. This maybe due to two reasons; a) Encryption mechanism being not strong so the attackers can easily break them b) Strong encryption mechanism has not been applied correctly.

Ninth - Denial of Service (DoS) Attacks. This is one form of attacked which is in use from the inception of Internet and World Wide Web. In this method, attacker will use the system resources of the web server until other legitimate users cannot use the system. This can eventually cause a web application crash.

Tenth - Insecure Configuration Management. Even though this is the last web security threat of the list, this is one of the most common and ignored security vulnerability. Each and every server that hosts web applications should be configured to be secured, as they are not fully configured for security out of the box. There can be many inbuilt and third party tools that should be installed and configured before exposing the web application to public.


Related Posts Plugin for WordPress, Blogger...
Tags:, , , , , , , , , , , ,
sheri Posted by on Mar 31 2008. Filed under Security. We publish most of comments and replies with names unless requested otherwise. RSS 2.0.

Leave a Reply

Share This Page

Archives

Translator

English flagItalian flagPortuguese flagGerman flagFrench flagSpanish flagRussian flagPersian flag
DecalGirl
StopZilla

Related News

Recently Commented

  • fashion magazines: Interesting article about GNU, I wasn’t familiar with the program but glad to get this info!
  • Danielle: What do you want to say when you say modern? IVR is used for a few years now. And i think that we can not...
  • Lawrence Anderson: Thank you for this! I’m studying the basics of the telemarketing industry and I’m...
  • Janel Crisp: Hey we created a cool illustration detailing burglary statistics in the United States and here is the...
  • Ron: I’ve been using Linux for donkeys years and think it’s really exciting how what’s going on in...

Recently Added