The main components of the invaders will first try to exploit Web applications have vulnerabilities within the web platform
Web platform consists of common not necessarily commercial! on the shelf (COTS) software that sits on top of the host operating system, but under the custom application logic. Web-platform typically contains
• web server (for example, IIS or Apache) software.
• The Web server extensions, ISAPI filters and extensions that Apache module.
• Execution environments dynamically as ASP.NET, PHP and J2EE
(also called application servers).
• Services and daemons, such as forums of users or packages of web comments
book.
Historically, web server software vulnerabilities are one of the easiest ways to operate a Web site, but more recently,most web server software development teams have become more security conscious, primarily because their product shave taken a huge hit against pirates in as many years.Microsoft IIS is the poster child for this phenomenon.Although serious vulnerabilities used to find surprising regularity in the line of products from IIS to version 4 and 5,the latest versions have been relatively intact, thanks to a large extent vigilant reinvigorated security in IIS development process.
None of this may mean that you can ignore the problems with the platform. We noticed conditions where 6 vulnerable Web servers on a farm in over 10 000 resulted the total compromise of a network of the entire company in a few days.
Hacking of the company continues to expand their tool set to allow identification and exploitation of these vulnerabilities never easier. .
0 comments:
Post a Comment