Active Page Server
Active Page Server
التقرير النهائي
) الثاني/ الفصل الدراسي (األول2019-2020 للعام الدراسي
أعداد الطالب
أحمد زهير هادي محمد الياسين
بأشراف األستاذ
نوفل الجميلي.د
Reference
1. Introduction ....................................................................................................................................................................... 4
2- Web and Application Server Security.................................................................................................................................... 5
2.1 Web Server Security ........................................................................................................................................................ 5
2.2 Secure Coding practices............................................................................................................................................. 7
3- Common security issues to be considered ......................................................................................................................... 7
3.1 Cross site scripting..................................................................................................................................................... 8
3.2 Information Leakage .................................................................................................................................................. 8
3.3 Database Security ...................................................................................................................................................... 8
4- Security Policy ...................................................................................................................................................................... 9
4.1 Incident Handling and Recovery.................................................................................................................................... 9
4.2 Incident reporting .......................................................................................................................................................... 10
5- Third party hosting .......................................................................................................................................................... 11
6- Web server security Thumb rules .................................................................................................................................... 12
7- Reference ........................................................................................................................................................................ 12
1. Introduction
Denial of Service
Physical Threats
-Hackers take advantage of different security flaws in a web hosting
Weak password
Social engineering
Web Server is a program that serves Web pages to Web browsers using the
Hyper Text Transfer Protocol (HTTP). Some of the Web Server software
contain middle-tier software that act as an application server. This enables
users to perform high-level tasks, such as querying a database and delivering
the output through the Web Server to the client browser as an HTML file.
SQL Injection
Many web pages accept parameters from web user, and generate SQL
queries to the database. SQL Injection is a trick to inject SQL script/command
as an input through the web front-end
To avoid SQL Injection, filter out characters like single quote, double quote,
slash, back-slash, semi colon, extended characters like NULL, carry return,
new line, etc, and reserved SQL keywords like ‘Select’, ‘Delete’, ‘Union’ etc
in all strings from:
2.2.6.1 Input from users
2.2.6.2 Parameters from URL
2.2.6.3 Values from cookie
3.1 Cross site scripting
A security policy defines the rules that regulate how an organization manages
and protects computing resources to achieve security objectives.
An organization may not have the required infrastructure and expertise and
therefore can use a third party organization to host the Web site. The
organization can use co-locate their own servers in the service provider’s
network or directly host on the servers of the service provider itself.
7- Reference