The Network Security. Org

HTTP attacks: Strategies for prevention

To run a Web site, your Web server must at least have port 80 open to process HTTP requests for Web pages. Unfortunately, attackers can modify or manipulate these requests to cause the server problems or to trick it into revealing valuable information. By using an HTTP request, an attacker has a legitimate path to your Web server and therefore can easily bypass firewalls and other security measures to initiate an attack.

There are two common HTTP attacks. One involves sending a long URL to a Web server with the goal of triggering a buffer overflow. The other attack is the SQL injection, which is the process of sending appended SQL commands to a URL to gain access to the backend database. Attackers often use forms to perform these attacks, as they both look to exploit poorly-written applications using unexpected, user-submitted data to initiate the attack. This means all user input data needs to be checked before being sent to another process. For example, if input data is used to build a Web page or is retrieved from a database, it must be checked before being published to ensure that any erroneous data is removed and the code runs correctly.

To prevent these types of attack, your organization's application security strategy should include the following: HTTP attacks: Strategies for prevention

More News

• NetWitness releases free version of security software
  



• Three Reasons Why Users Won’t Buy Into Security
  



• Automated security testing & its limitations
  



• How to Use Network Behavior Analysis Tools
  



• The insider security threat in IT and financial services
  



• Top 10 Network Security Threats
  



• Big leap in malicious Web sites
  



• Network security makes a quantum leap
  



• Microsoft Preps 11 Security Bulletins for Patch Tuesday
  



• Practical Defense in Depth
  



• Apple releases another mega-patch for Mac OS X
  



• Security flaw in smart cards poses risk for transit, building access
  



• Free TrojanProof Password Tool Released for Windows
  



• Security scans with OpenVAS
  



• Do ISPs pose a bigger online privacy threat than Google
  



• HTTPS Cookie-Hijacking Tool CookieMonster Gobbles Personal Data
  



• Anatomy of a botnet
  



• Microsoft patches 8 critical bugs in Windows, Office
  



• Virtualization users should expect more attacks
  



• Threat From DNS Bug Is not Over, Experts Say