Web server Concepts
Web Server Security Issue
Open Source Web server Architecture
- Apache HTTP Server
- NGINX
- Apache Tomcat
- Lighttpd
- Node.js
IIS Web Server Architecture
Components of IIS
Components of IIS include:
- Protocol Listener
- HTTP.sys
- World Wide Web Publishing Service (WWW Service)
- Windows Process Activation Service (WAS)
Web server Attacks
- DoS/DDoS Attacks
- DNS Server Hijacking
- DNS Amplification Attack
- Directory Traversal Attacks
- Man-in-the-Middle/Sniffing Attack
- Phishing Attacks
- Website Defacement
- Web server Misconfiguration
- HTTP Response Splitting Attack
- Web Cache Poisoning Attack
- SSH Brute-force Attack
- Web Application Attacks
Attack Methodology
- Information Gathering
- Web server Footprinting
- Mirroring a Website
- Vulnerability Scanning
- Session Hijacking
- Hacking Web Passwords
Countermeasures
Detecting Web Server Hacking Attempts
Defending Against Web Server Attacks
- Auditing Ports.
- Disabling insecure and unnecessary ports.
- Using Port 443 HTTPS over port 80 HTTP.
- Encrypted traffic.
- Server Certificate
- Code Access Security Policy
- Disable tracing
- Disable Debug compiles
Patch Management
Patches and Hotfixes
