There are more Web application vulnerabilities than one can even count, and they have become so widespread that most hacking sites have tools that you can download to search, find, and exploit tools these vulnerabilities. This makes it very easy for even a rookie hacker to exploit these flaws. The three common web application vulnerabilities and attacks are as follows: Username enumeration, Security misconfiguration, and SQL Injection.
Three common Web application vulnerabilities and attacks
Username enumeration is my first common Web application vulnerability and/or attack. This type of attack is backend validation script that helps an attacker determine if a username is correct or not. This vulnerability opens the door for an attacker allowing them to test different usernames in order to locate valid ones. Attackers often use default usernames and passwords such as admin/admin, etc. Some mitigation strategies that can help minimize these type of attacks would be to limit the amount of failed attempt that can be performed, as well as making sure default usernames and passwords are changed and never used in production systems. (Cobb, 2011)
Security misconfiguration is my second common Web application vulnerability and/or attack. If a network infrastructure supports any type of Web applications running on such things as databases, firewalls, and servers, there is a definite need them to be more securely configured and maintained. Some mitigation strategies might include a configuration with the minimal amount of privileges set. Making sure that users are adequately trained. It may also be beneficial to perform some penetration tests to determine if the Web applications are able securely configured and able to withstand an attack. (Kennedy, 2005)
SQL injection is my third common Web application vulnerability and/or attack. This attack is the most popular that many hackers use. Critical information from a can be retrieved from a database when this technique is used on a Web application server. Some mitigation strategies might include preventing users from connecting to a database as a super-user. Making sure popular commands such as POST, GET, etc. are limited or disabled.
Describe an architectural design to protect Web servers from a commonly known Denial of Service (DOS) attack
DOS attacks are very common and hard to prevent. I would use a web application firewall in my architectural design to help protect my Web Servers from DOS attacks. The web application firewall would offer protection by its process of inspecting all of the HTTP traffic to help prevent web applications exploits. The firewall checks the transmitted and received packets, IP addresses, and ports against the allowed or denied rules. This would also help to protect against other web attack techniques such as SQL Injection attacks and cross-site scripting.
Based on research from the Justice Department Website
Based on the article, “How was the Justice Department...