International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395 -0056
Volume: 03 Issue: 08 | Aug-2016
p-ISSN: 2395-0072
www.irjet.net
Survey On Web Server Security and Web Application Security Vishnu Vardhana Rao 1 , S.V Anil 2 , Suraj Alamoni 3, Navya reddy4 Department of computer science engineering Vignan’s institute of technology and aeronautical engineering Vignans hills, deshmukhi(V), nalgonda (Dist),Telangana(State) ---------------------------------------------------------------------***--------------------------------------------------------------------Abstract - A web server is a computer host configured and attacker to slip by your defenses unnoticed. The fact that an attacker can strike remotely makes a Web server an connected to Internet, for serving the web pages on request. appealing target. Understanding threats to Web server and Information on the public web server is accessed by anyone being able to identify appropriate countermeasures permits and anywhere on the Internet. Since web servers are open to to anticipate many attacks and thwart the ever-growing public access they can be subjected to attempts by hackers to numbers of attackers [3]. A. Threats to Web Server and compromise the server‘s security. Hackers can deface Countermeasures The main threats to a Web server are [3]: websites and steal data valuable data from systems. This can 1] Profiling translate into significant loss of revenue if it is a financial 2] Denial of service institution or e-commerce site. In the case of corporate or 3] Unauthorized access government systems, loss of important data means launch of 4] Arbitrary code execution information espionages or information warfare on their 5] Elevation of privileges sites. Apart from data loss or theft, web defacement can also 6] Viruses, worms, and Trojan horses result in significant damage to the image of company [1]. The 1.1) Profiling Profiling, or host enumeration, is an exploratory process fact that an attacker can strike remotely makes a Web server used to gather information about your Web site. An attacker an appealing target. Understanding threats to Web server uses this information to attack known weak points. and being able to identify appropriate countermeasures Vulnerabilities : permits to anticipate many attacks and thwart the everCommon vulnerabilities that make your server susceptible growing numbers of attackers [3]. This work begins by to profiling include: reviewing the most common threats that affect Web servers. Unnecessary protocols It then uses this perspective to find certain countermeasures. Open ports A key concept of this work focuses on the survey of most Web servers providing configuration information in prevailing attacks that occurs due to certain vulnerabilities banners present in the web technology or programming which are exploited by attackers and also presents general countermeasures. In addition, various methods to detect and Attacks : prevent those attacks are discussed and highlighted the Common attacks used for profiling include: summary and comparative analysis of the approaches on the Port scans basis of different attacks that shows you how to improve Ping sweeps Web server's security. NetBIOS and server message block (SMB) enumeration Key Words : SQLIA (SQL Injection Attack), XSS (Cross Site Countermeasures : Scripting), CSRF (Cross Site Request Forgery), OWASP Countermeasures include blocking all unnecessary ports, (Open Web Application Security Project), vulnerabilities, blocking Internet Control Message Protocol (ICMP) traffic, Countermeasures and disabling unnecessary protocols such as NetBIOS and SMB 1 .INTRODUCTION 1.2) Denial of Service A secure Web server provides a protected foundation for Denial of service attacks occur when your server is hosting Web applications, and Web server configuration overwhelmed by service requests. The threat is that Web plays a critical role in Web application's security. Badly server will be too overwhelmed to respond to legitimate configured virtual directories, a common mistake, can lead to client requests. unauthorized access. A forgotten share can provide a convenient back door, while an overlooked port can be an attacker's front door. Neglected user accounts can permit an
© 2016, IRJET
|
Impact Factor value: 4.45
|
ISO 9001:2008 Certified Journal
|
Page 1382