Please enable JavaScript.
Coggle requires JavaScript to display documents.
Web and Database Attacks - Coggle Diagram
Web and Database Attacks
Server Administrator
Concerned with security of server
Network Administrator
Concerned with the fallout from the problems the server administrator may introduce or overlook
End User
Will work with the server the most, concerned mostly with access content and services
Categories of Risk
Server defects and misconfiguration risk
Ability to steal information
run scripts or executables remotely
enumerate servers
DoS attacks
Browser- and network- based risk
capturing netwrok traffic between client and server
Browser or client-side risk
risk that affects users systems directly
crashing the browser
stealing information
infecting clients system
having some effect on client systems
Vulnerabilities of Web Servers
Improper or Poor Web Design
Attacker is able to see commented out code in the Web server to get additional information
Buffer Overflow
anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations
Dos Attacks
resources on server are rapidly consumed
DDoS Attacks
same goal as DoS, consumes resources, the difference is the scale of DDoS attacks are much bigger. Multiple sources sending traffic so you can not stop it by blocking all traffic from the attack source like DoS attacks can.
Banner Information
A
banner
can reveal wealth of information about a web server.
Tell you code it validates to (HTTP, CCS ect.)
content-location
accept-Ranges
Last Modified
Unnecessary Features
Database Vulnerabilities
Unused stored procedures
Services account privilege issues
Weak or poor authentication methods enabled
No or limited audit log setting