Upload File

Download - Web Application Security 101 - 10 Server Tier

Transcript
Page 1: Web Application Security 101 - 10 Server Tier

Server TierSecurity of the server, the frameworks and web content.

Page 2: Web Application Security 101 - 10 Server Tier

Types Of ConcernsServer Patching

Default Features

Extra Applications

Old Code And Backups

Page 3: Web Application Security 101 - 10 Server Tier

Server PatchingFront-end and back-end servers must be fully patched.

Page 4: Web Application Security 101 - 10 Server Tier

Default FeaturesSome web servers may come with default functionalities, which may

need to be removed or restricted to authorized personal only.

Tomcat - /manager, etc.

JBoss - /jmx-console, etc.

Apache - /server-status, etc.

Page 5: Web Application Security 101 - 10 Server Tier

Extra ApplicationsDefault server installations may come with built-in applications.

PhpMyAdmin, Django Admin, etc.

Page 6: Web Application Security 101 - 10 Server Tier

Old Code And BackupsThere could be old code and backups inside the application root folder.

File prefixes: ~, ., etc.

File suffixes: ~, .bck, .bac, .back, .tar.gz, tar.bz2, etc.

Page 7: Web Application Security 101 - 10 Server Tier

LabLet's see if we can find some of these problems.


Top Related

Software Interoperability - pdfs.semanticscholar.org · Figure 6-1 : Modem client-server architectures are moving from a 2-tier (client-database server) model to a 3-tier approach
Software Interoperability - pdfs.semanticscholar.org · Figure 6-1 : Modem client-server architectures are moving from a 2-tier (client-database server) model to a 3-tier approach
Integrated Curriculum of Multi-tier Client/Server Web-Based … · 2019. 5. 5. · access to their DBMS only through dedicated applications In the 3-tier client/server architecture
Integrated Curriculum of Multi-tier Client/Server Web-Based … · 2019. 5. 5. · access to their DBMS only through dedicated applications In the 3-tier client/server architecture
06_Creating the Web Tier Using Java Server Pages
06_Creating the Web Tier Using Java Server Pages
PBIS 101: An Introduction to the Tier 1 PBIS Framework
PBIS 101: An Introduction to the Tier 1 PBIS Framework
Web Application Layer (UI) What is StockTrader? N-tier application Web tier: ASP.NET Middle tier(s):.NET WCF Services Data tier: SQL Server/SQL
Web Application Layer (UI) What is StockTrader? N-tier application Web tier: ASP.NET Middle tier(s):.NET WCF Services Data tier: SQL Server/SQL
N Tier Client/Server Concepts
N Tier Client/Server Concepts
Autodesk Infrastructure Map Server - AEC DevBlog · Autodesk Infrastructure Map Server ... Web Server MapGuide Server Database Server Client - Tier Web Tier Server Tier Components
Autodesk Infrastructure Map Server - AEC DevBlog · Autodesk Infrastructure Map Server ... Web Server MapGuide Server Database Server Client - Tier Web Tier Server Tier Components
PHP and SQL Server: Queries IST2101. Three-Tier Architecture Three-tier architecture means that the Web server and the DBMS are on separate servers IST2102
PHP and SQL Server: Queries IST2101. Three-Tier Architecture Three-tier architecture means that the Web server and the DBMS are on separate servers IST2102