Printable View
WWW, some people call it WEB, is the application of the current Internet's fastest growing network of information services, is also the most convenient and most popular types of information services. Its biggest feature is the integration, it can integrate a variety of applications such as FTP, E-Mail, database, this integration makes WEB service to become one of the most vulnerable servers. So I need to know the methods to detect and prevent threats on WEB application server.
First, we need to know why WEB application server will become the target of the attacker. The reason is very simple, because they can be publicly accessible, and with the back-end database servers are closely linked, back-end database server stores vast amounts of information so that criminals covet. Then, the attacker is how to use the front-end applications with WEB scored back-end database server barriers into the bargain.
SQL injection attacks on the Internet are now becoming popular to steal confidential information means. SQL injection attacks includes an approach attack in the form of a WEB search field, enter an SQL query, if the query is WEB application accepted, will be passed to the back-end database server to execute it Of course, this must be based on from WEB application to the database server, read / write access operations are permitted under the premise. This can lead to two situations occur, first, an attacker can view the contents of the database, and second, the attacker to delete the contents of the database.
Blind SQL injection attacks are another method of attack, but it is a slightly different approach. In the implementation of a standard SQL injection attack, the attacker would be a SQL query into a WEB application, expected to make the server returns an error message. This error message could allow an attacker to obtain a more precise attack for the implementation of the information needed. This will cause the database administrator believe that to eliminate this error message will address SQL injection attacks, cause potential problems. Administrators may not understand that although this would hide the error message, this vulnerability still exists. This will be difficult for an attacker to increase something, it cannot prevent an attacker to use error messages to gather information, and the attacker will continue to be forged SQL queries sent to the server in order to obtain access to the database.
Cross-site scripting attacks, which is also known, as XSS or CSS, is the damage hackers dynamic Web pages that provide a technique WEB applications. Many of today's WEB sites that provide dynamic pages. These pages for the user dynamically constructed by the multiple sources of information on the composition of the site. If the WEB site administrators pay attention to this issue, malicious content can be inserted into the Web page to gather confidential information, or simply a client to run.