An organization can adopt the following policy to protect itself against web server attacks.
🌀SQL
Injection– sanitizing and validating user parameters before submitting
them to the database for processing can help reduce the chances of been
attacked via SQL Injection. Database engines such as MS SQL Server,
MySQL, etc. support parameters, and prepared statements. They are much
safer than traditional SQL statements
🌀Denial of Service Attack -
firewalls can be used to drop traffic from suspicious IP address if the
attack is a simple DoS. Proper configuration of networks and Intrusion
Detection System can also help reduce the chances of a DoS attack been
successful.
🌀Cross Site Scripting - validating and sanitizing
headers, parameters passed via the URL, form parameters and hidden
values can help reduce XSS attacks.
🌀Cookie/Session Poisoning–
this can be prevented by encrypting the contents of the cookies, timing
out the cookies after some time, associating the cookies with the client
IP address that was used to create them.
🌀Form tempering – this can be prevented by validating and verifying the user input before processing it.
🌀Code
Injection - this can be prevented by treating all parameters as data
rather than executable code. Sanitization and Validation can be used to
implement this.
🌀Defacement – a good web application development
security policy should ensure that it seals the commonly used
vulnerabilities to access the web server. This can be a proper
configuration of the operating system, web server software, and best
security practices when developing web applications.
Share and Support
Post a Comment
Post a Comment