Question

• Provide at least three methods or tools used to attack web servers as well as provide how each of these three methods can be protected against.

Assignment Objectives:

1. Identify web application vulnerabilities and tools used to protect web servers.
2. Discuss securing web applications.
3. Review the tools used to attack Web servers.

500 words or more, please.

Answer 1

Method1:

Weakness of webserver at the OS level: If webserver is not configured in secured manner Such that If OS is not hardened or uses of well known service port number for web servicing or path for web resource is at default location than it is very dangerous. So an attacker can gues the web resoucerce path or service port number and hacked web servers. And due to unhardened OS an attacker can also take advantage of in order to gain access of web server. Thats why to secure web servers OS should be hardened on which web server is running and also customize the port number or web resource location.

Method2:

Default Credentials: You can place the default user ID's and Passwords assigned to web server running on firewall, wireless access point or even at Physical access also. And Network Administrator not change these credentials lead to web server hacked by attackers. So Network Administrator must should change thases credentials periodically in order to secure the web server.

Method3:

Remote Access: If remote login is not secure means full privilege or remote root user access or weak password lead to web server vulnerabilities. So ensure that you use the strong encryption algorithm, strong password or limited privilege to secure your web server.

Method4:

Unneccessary service can also lead to unauthorized access. So stop the unneccessary service to protect your web server.

MPack: Redirecting all of the website traffic to malicious download websites.

Neosplit: replicate itself

Zeus: Using this an attacker can take controle over computer.