Web Server Security Attacks Checklist


Can you imagine a world without Internet, without the different Websites? The answer is NO, right? Ever wondered how it works? For hosting any website or proper functioning of the internet a Client-Server Model is implemented. Users requests for web pages by their computers? HTTP (Hypertext Transfer Protocol) client. Whereas a Web server is a program using HTTP, to serve the files that form Web pages to the users, in response to their requests, which are forwarded by their computers' HTTP clients.

In other words, web server is a system that delivers content or services to the end users over the internet. A web server consists of a physical server, server operating system (OS) and software used to facilitate HTTP communication. A web server is also known as an internet server.


Web Server Types & Security

There are mainly four types of web servers ? Apache, IIS, Nginx and LiteSpeed.

Apache Web Server:

Apache web server is one of the most popular web servers developed by the Apache Software Foundation. It is free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache supports almost all operating systems such as Linux, Windows, Unix FreeBSD, Mac OS X and more. Approximately, 60% of the machines run on Apache Web Server.

You can easily customize an apache web server due to its modular structure. Since it?s an open source, your own modules can be added to the server when you want to make modifications to suit your requirements. It is highly stable as compared to other web servers and the administrative issues on it can be resolved easily. The Apache?s latest versions offer you the flexibility to handle more requests when compared to its earlier versions.




IIS Web Server

Internet Information Services is an extensible web server created by Microsoft for use with the Windows NT family. It supports all the platforms that run Windows operating system. Most commonly, IIS is used to host ASP.NET web applications and static websites. It can also be used as an FTP server, host WCF services, and be extended to host web applications built on other platforms such as PHP.

IIS is rich with features. It has built in authentication options, application pool and loads more. Since it is not open source, adding personal modules as well as modifying becomes a bit difficult (unlike Apache). But, you get good customer support, if there is any issue.

Nginx Web Server

Nginx is the next open source web server after Apache. It comprises of IMAP/POP3 proxy server. The significant features offered by Nginx are high performance, stability, simple configuration and low resource usage. No threads are used to handle the requests by Nginx, instead a highly scalable event-driven architecture that uses small and predictable amount of memory under load is utilized. It has become popular recently and hosts about 7.5% of all the domains globally. Many web hosting companies have started using this server.


LiteSpeed Web Server

A high-performance Apache drop-in replacement, LiteSpeed (LSWS) is the 4th popular web server on the internet and is a commercial web server. When you upgrade your web server to LiteSpeed, you will experience improved performance that too with low operating cost.

This server is compatible with the most common Apache features such as .htaccess, mod_rewrite and mod_security. It has the ability to load Apache configuration files directly and work as a drop in replacement Apache with almost all the hosting control panels. It can replace the Apache within 15 minutes without any downtime. LSWS replaces all the Apache functions which other front-end proxy solutions can?t do to simplify the use and make the transition from Apache smooth and easy.

Web Servers based attacks

Web Server is the backbone of websites and applications, web servers need to be constantly available to make sure your business is up and running. Given their importance to businesses, web servers are often targeted by hackers, which can lead to downtime or even exposure of confidential data.

Denial of Service attack

DOS attacks are performed by overwhelming the web server in numerous ways including sending invalid data as input that causes application termination, flooding the web server with automated request causing a crash, blocking the traffic resulting in loss of access to the legitimate users.

Man-in-the-Middle

A MitM attack occurs when a hacker inserts himself between the communications of a client and a server. This poses a risk as the hacker can directly interact with a web server by impersonating himself as a legitimate client.

Input Invalidation attack

In this the server executes a code injected by a hacker to the web server or the database server. By executing this code in places where inputs are not validated, information can be retrieved or modified by the attacker and further damages. Tampering of the hidden file is also possible with this attack.

SQLi

When this attack is conducted, there are chances of backend database server to be compromised and it can be catastrophic for a company. This can be done by Injecting malicious scripts into a database to modify or extract information from it. The stored procedures in the database can also be executed through SQL injection and database can be made to do things, it is intended to do only when desired by the authorized personnel.

Password Based Attack

The authentication system of a web server is often based on the password that identifies a valid user and grants access to the web server. If the hacker can, by any means, get your username and password, he or she can access the information that only you are supposed to access.

Poor Error Handling

This can lead to disclosing of Server information by the error pages and then malicious attacks can be crafted, by a hacker, in particular for that server to further damage it.

Buffer Overflow Attack

Once the buffer memory is overflown, the hacker can feed an executable command in the stack. After the stack recovers from the crash, it goes to the return address and if it has been changed and replaced with one that falls within the desired range, the malicious command may execute and grant entry to certain sections of the web server.

Directory Traversal

This is vulnerability where an attacker is able to access beyond the web root directory from the application. If he is able to access beyond web root directory, he might execute OS commands and get sensitive information or access restricted directories

Secure your Web Server against Cyber Attacks

  • Update and patch web servers regularly.

  • Use a proxy server with content filtering.

  • Don?t install scripting languages on Web servers.

  • Inspect all scripts before deploying them

  • Audit and log the activities

  • Do not use the default configuration.

  • Scan the applications running on the web server for all vulnerabilities and fix them.

  • Use IDS and firewall with updated signatures.

  • Block all unnecessary protocols and services.

  • Use secure protocols.

  • Disable default accounts, follow strict access control policy.

  • Disable SSL Versions 2 and 3

  • Disable HTTP Methods like PATCH, OPTIONS, DELETE

  • Remove Server Version Banner

  • Disable Directory browser listing

  • Protect binary and configuration directory permissions

Why Valency Networks is in Top 10 Pentesting Companies?

With a great track record, tons of happy customers, proven testimonials and a great techie team, Valency Networks had been successful in maintaining their expertise in the subject matter. A large repeating customer base a proof of our credibility in the market. This makes us one of the

top pentesting company in the industry.

We are also an award winning company being recognized as a

best cyber security consultant company.


Our Culture

Valency Networks is a very agile, friendly and fun loving atmosphere and yet we maintain a cutting edge technical vibrant work environment.