Web Server Application Attacks Assignment Example | Topics and Well Written Essays - 750 words

Web Server Application Attacks - Assignment ExampleThis keeps the web application impregnable from malicious substance abuser inputs. Session Security Vulnerabilities. When session IDs are sequential and persistent or when session tokens are not protected, one user may access another users data through assuming the other users identity. To mitigate this, session IDs essential be random and must expire when a user logs out of the session. Session tokens must be protected and invalidated when the user logs out. 3. Authentication Vulnerabilities When host does not authenticate a user before giving him access to a web application, he may gain access to sensitive culture and mishandle it. To counter this problem, the user must apply authentication rules like HTTPS. User must ask for authentication after specified intervals. Access concord must in any incident be utilise. Part 2 Protecting Web Servers from Denial of Service (DoS) Attacks Denial of Service (DoS) attacks prevent web servers from serving websites to sure-enough(prenominal) users. These attacks are, mostly, targeted toward professional websites run by political or other important organizations, in order to hinder their web presence to their clients and users (AppliCure Technologies, 2013). However, small businesses are also not free of such threats. The websites cease to operate partially or fully. A DoS intrusion detection architectural design is a must-use in order to prevent such attacks. Mell, Marks & McLarnon (2000) have discussed this architecture in their article, in which intrusion detection software (IDS) components are hidden from the attacker. In case the attack is successful, IDS components are shifted from the attacked host to functional host, where they counter with the attack successfully. This is done by by using mobile agent technology and network topology features. The communication between various IDS components is also restricted (Mell, Marks & McLarnon, 2000). Part 3 a. Bas ic motivation behind the attack on the Justice Department, as hackers themselves stated, was that they wanted to release government data (Zabarenko, 2013, para.1). They were also outraged over the death of the late computer prodigy Aaron Swartz, who had committed suicide on January 11 this year. He had been facing trial for stealing millions of online JSTOR articles. b. I would have used Ping of Death, as it is a dummy ICMP packet receiving fragments of ping, and resembles the real packet. It becomes too spacious for the buffer once reassembled, which starts overflowing, and thus, the system hangs (Canavan, 2001, p.39). I would use this because there are freely available source code examples on the internet for Unix to create jumbo ping packets. It is very leisurely to ditch the user through fake ping packet. c. Web server application attacks are not as easy as they may seem, because there are many different kinds of anti-virus softwares, intrusion detection softwares, and user i nput detection and encoding softwares that are being implemented nowadays. These special softwares make it very hard for the attackers to succeed in their attacks. Part 4 To maintain a secure web presence, Federal government organizations affect to maintain special mitigation strategies. Designing an information security indemnity is the first step towards the implementation of information security (Danchev 3). A security policy acts as a centralized crucial document that will help in eliminating the risk of security breaches by securing the confidential information stores from getting unwrap to unauthorized persons. It defines the importance of a