Applications

&
Web Security
Table of Content
• What Is A Web Server?

• Web Server Architecture

• How Web Servers Work?

• What Is Web Security?

• Web Server Attacks

• Countermeasures & Patch Management

• Difference Between Websites & Web Applications

• Web Application Architecture

• Web Application Attacks

What is a Web Server?
• A web server is a combination of hardware and software that uses HTTP
(Hypertext Transfer Protocol) and other protocols to respond to client
requests made over the World Wide Web.
• The main job of a web server is to display website content by storing,
processing, and delivering webpages to users.
Web Server Architecture
Single-Tier (Single Server) Architecture:
In a single-tier architecture, a single
server is responsible for both processing
requests and serving web content. This is
suitable for small websites or
applications with low traffic. However, it
has limitations in terms of scalability and
fault tolerance. If the server goes down,
the entire service becomes unavailable.

Conti…
 Web Server Architecture
• Multi-Tier (Load-Balanced) Architecture: In a
multi-tier architecture, multiple servers are
used to distribute the workload and ensure
high availability.
• This approach often involves load balancers
that evenly distribute incoming requests
across a cluster of web servers.
• Each server can serve web content
independently, and if one server fails, the load
balancer redirects traffic to healthy servers,
ensuring uninterrupted service.
How web servers work?

Conti…
How web servers work?
• Receive Request: The user's browser sends a request to the web server when they
visit a website or click a link.

• Process Request: The web server reads the request and determines what resource
(like a web page or image) is being requested.

• Generate Response: The server fetches the requested resource. For static content
(like HTML or images), it retrieves the file. For dynamic content (like scripts), it
executes the script to generate the response.

• Send Response: The server sends the requested resource back to the user's browser,
which then displays the content.
 What is Web Security?
• Web security refers to safeguarding websites and
web applications from diverse threats and
vulnerabilities that could compromise their
availability, integrity, and confidentiality.
• Define Web Security: It involves deploying
protective measures like authentication, encryption,
and authorization to secure user data and
interactions.
• Primary concerns in web security include countering
cyberattacks, preventing data breaches, and
upholding user privacy and trust online.
• Proficient web security practices are essential for
upholding the safety and dependability of Internet
services.
 What is Web Security?
• Web security refers to safeguarding websites and
web applications from diverse threats and
vulnerabilities that could compromise their
availability, integrity, and confidentiality.
• Define Web Security: It involves deploying
protective measures like authentication, encryption,
and authorization to secure user data and
interactions.
• Primary concerns in web security include countering
cyberattacks, preventing data breaches, and
upholding user privacy and trust online.
• Proficient web security practices are essential for
upholding the safety and dependability of Internet
services.
Web server attacks

• Any attempt by a malicious actor to

undermine the security of a Web-based
application is referred to as a Web
Application Attack or Web Server Attack.

• Web application attacks can either target the

application itself to get access to sensitive
data, or they can use the application as a
staging area for attacks against the
program’s users.
DID YOU KNOW?
The largest DDoS attack on record occurred in
February 2020, targeting Amazon Web
Services (AWS) with a peak traffic rate of 2.3
terabits per second (Tbps). This attack was
mitigated successfully by AWS.
 Distributed Denial-of-
service (DDoS)
• A distributed denial-of-service (DDoS) attack is a malicious
attempt to disrupt the normal traffic of a targeted server,
service or network by overwhelming the target or its
surrounding infrastructure with a flood of Internet traffic.

• DDoS attacks achieve effectiveness by utilizing multiple

compromised computer systems as sources of attack traffic.
Exploited machines can include computers and other
networked resources such as IoT devices.

• From a high level, a DDoS attack is like an unexpected traffic jam

clogging up the highway, preventing regular traffic from arriving
at its destination.
 BRUTE FORCE
ATTACK
• By brute-forcing SSH login credentials, an SSH
Brute Force Attack is performed to attain
access.
• This exploit can be used to send malicious
files without being noticed.
• Unlike a lot of other tactics used by hackers,
brute force attacks aren’t reliant on existing
vulnerabilities
 CROSS SITE SCRIPTING
(XSS)
• Cross-Site Scripting (XSS) attacks are a
type of injection, in which malicious
scripts are injected into otherwise
benign and trusted websites.

• XSS attacks occur when an attacker

uses a web application to send
malicious code, generally in the form
of a browser side script, to a different
end user.
 Phishing
Attack
Phishing is a type of web security
threat where scammers use
deceptive emails or websites to
fool individuals into revealing their
personal data, such as passwords
or credit card numbers. It’s akin to
an imposter acting as your bank to
snatch your private information.
 Web server attacks
Cont…
• WEB DEFACEMENT ATTACK: In a Web Defacement Attack, the hacker gains access
to the site and defaces it for a variety of reasons, including humiliation and
discrediting the victim.
• DNS SERVER HIJACKING: DNS Hijacking refers to any attack that tricks the end-
user into thinking he or she is communicating with a legitimate domain name
when in reality they are communicating with a domain name or IP address that
the attacker has set up. DNS Redirection is another name for this.
• SERVER MISCONFIGURATIONS: Exploiting improperly configured server settings.
• Web Server Software Exploits: Exploiting vulnerabilities in the web server
software itself (e.g., Apache, Nginx, Microsoft IIS).
Countermeasures & Patch Management
Countermeasures
• Input Validation and Sanitization
• Least Privilege Principle
• Web Application Firewall
• Secure Coding Practices
• SSL/TLS Encryption

Patch Management
• Regular Updates
• Automated Patching
• Vulnerability Scanning
• Backup and Rollback Procedures
What is a Web application ?
Difference Between Websites & Web Applications
The web application is a program that runs on a browser and it has mainly three
formal characteristics.
• Addresses a particular problem.
• As interactive as a desktop application.
• Works with Content Management System.

The website is just a combination of static pages. A website becomes a web

application when it consists of both static and dynamic pages (yes!! it’s true that all
modern websites are the example of web applications.)
Web application architecture
Web application architecture refers to the structure or framework of a web application,
including the technologies and components used to build it.

Client-Side (Frontend):
• User Interface (UI)
• User Experience (UX)
• Client-Side Scripting
Server-Side (Backend):
• Web Server
• Application Server
• Database Server
Databases:
• Relational Databases
• NoSQL Databases
Backend Programming Languages:
• Server-Side Scripting
Web application attacks
SQL Injection (SQLi)

Description: Attackers inject malicious SQL queries into input fields, exploiting the application's database.
Impact: Unauthorized data access, data manipulation, and deletion.

Cross-Site Scripting (XSS)

Description: Attackers inject malicious scripts into web pages viewed by other users.
Impact: Theft of cookies, session tokens, and sensitive information.

Cross-Site Request Forgery (CSRF)

Description: Tricks authenticated users into performing actions they did not intend to.
Impact: Unauthorized actions, such as changing account settings or performing transactions.
Web application attacks
• Security Misconfigurations:
Description: Improperly configured security settings in the application.
Impact: Unauthorized access, data exposure.

• File Upload Vulnerabilities:

Description: Allowing users to upload files without proper validation and
restrictions.
Impact: Execution of malicious files, potential server compromise.
Local File Inclusion (LFI) on
bWAPP
• Local File Inclusion (LFI) is a vulnerability
that allows attackers to include files on a
server through the web browser. This can
lead to sensitive information disclosure,
code execution, and other security issues.

• bWAPP (Buggy Web Application) is an

intentionally insecure web application used
for security training.
Local File Inclusion (LFI) on
bWAPP
Step 1: Check the IP address of your target machine
Login target machine with the help of root/owaspbwa
Enter the "ifconfig"
Under the eth0, we can see the ip address of our target machine
Step 2: Login Kali machine
Open browser – firefox
Step 3: Enter the Ip address of target machine in the address bar of the browser
http://10.0.0.169
Step 4: Click on the bWAPP application in the web page
Login bWAPP with the credentials bee/bug
Step 5: Under the Box, go to the A7 - section
Select "Directory Traversal - Files“
Step 6: Click on the "Hack" button
Step 7: We get the URL in the address bar
http://10.0.0.169/bWAPP/directory_traversal_1.php?page=message.txt
Step 8: We delete message.txt in the URL and ../../../../etc/passwd
http://10.0.0.169/bWAPP/directory_traversal_1.php?page=../../../../etc/passwd
Step 9: We can able to see the content of the passwd file on the web page