Top Ten Web Attacks - Black Hat
[Pages:46]Top Ten Web Attacks
Saumil Shah Net-Square
BlackHat Asia 2002, Singapore
Today?s battleground ? the Web
? Web sites and web applications rapidly growing.
? Complex business applications are now delivered over the web (HTTP).
? Increased ?web hacking? activity. ? Worms on the web. ? How much damage can be done? ? Firewalls?
Typical Web Application set-up
Web Client
HTTP request (cleartext or SSL)
HTTP reply (HTML,
Javascript, VBscript,
etc)
Firewall
Web Server
Web app Web app Web app Web app
SQL Database
DB DB
?Apache ?IIS ?Netscape etc?
Plugins: ?Perl ?C/C++ ?JSP, etc
Database connection: ?ADO, ?ODBC, etc.
Traditional Hacking?Limitations
? Modern network architectures are getting more robust and secure.
? Firewalls being used in almost all network roll-outs.
? OS vendors learning from past mistakes (?) and coming out with patches rapidly.
? Increased maturity in coding practices.
Utility of Firewalls
? Hacks on OS network services prevented by firewalls.
wu-ftpd
X
Sun RPC
X
NT ipc$
X
Web app
DB
Web
Web app
Server Web app
DB
Web app
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- top ten retirement planning companies
- top ten argumentative essay topics
- top ten blood pressure medications
- top ten stocks
- top ten personal loan lenders
- top ten worst cars to buy
- top ten undergraduate business schools
- top ten stocks to buy
- zacks top ten stocks
- top ten erectile dysfunction pills
- top ten crm software
- top ten shares to buy