How to secure web applications on your server

amit08255 By amit08255, 6th Apr 2014 | Follow this author | RSS Feed
Posted in Wikinut>Reviews>Technology>Security

Recently I received a comment on one of my page about - How hackers use Google to find vulnerable web applications, visitor requested for more information about securing web applications.
This article will tell you how you can protect web applications on your server.

Web application Security

Once the target application has been analyzed, attackers typically turn to more in-depth probing of the main features of the application.
The ultimate goal of this activity is to thoroughly understand the architecture and design of the application, finding potential weak points, and logically break the application in any way possible.
To accomplish this goal, each major component of the application is examined from an unauthorized perspective if appropriate credentials are known
Web application hacking commonly focus on the following features:--

1. Authentication
2. Session management
3. Database interaction
4. Generic input validation
5. Application logic

Now we are going to discuss what tools are used by hackers to break web applications:--

1. Browser plug-ins -- Browser plug-ins allow you to see and modify the data you send to the
remote server in real time as you navigate the website.
These tools are useful during the discovery phase, when you are trying to
figure out the structure and functionality of the web application, and they
are invaluable when you are trying to confirm vulnerability in verification
phase.
One of the most popular browser plug-ins used by hackers
is TamperData plug-in. TamperData plug-in gives attacker full control
over what data is being sent by their browser.

2. Tool Suites---- Tool Suites are more powerful than browser plug-ins.. Invisible to the
client web browser, proxies can also be used in situations where the
client is not a browser, but instead some other kind of application.
The integration of testing tools with proxy provides an effective tool
for ad hoc attack over web applications or web servers.
Fiddler is a proxy server that acts as a man in middle during an HTTP
session. Hackers can use this proxy server for man in middle attack.
Hackers can also use WebScarab which includes number of tools for
analyzing web applications. This tool ptovides hacker an easy way to
identify weak point in web applications.
Burp Suite is a complete suite of tools for attacking web applications.

Now we will discuss about tools you can use to scan security of your web applications:--

1. Hawlett-Packard WebInspect and Security Toolkit- Acquired by HP, SPI Dynamic security
tools go beyond their web security scanning tool,
WebInspect, to include a suite of products that can
improve security across the web application development
cycle, including DevInspect, which allows you to check
for vulnerabilities while building web applications;
QAInspect, is a toolkit for advanced web application
penetration testing.

2. Rational AppScan-- AppScan features a similar feature set, providing enterprise scalability,
a robust set of comprehensive tests, and a toolbox of utilities for
investigating and validating findings.

For more security tips and books you can visit here
SHARE US YOUR REVIEWS AND COMMENTS

Tags

Hacking, Hacking Ethics, Hacking Network Hacking, Hacking Safe, Hacking Software, Hacking Tips, Hacking Trial, Hacking Tutorials, Hacking Unit

Meet the author

author avatar amit08255
I love to write articles.
I am admin of blog- http://techntips.net

Share this page

moderator johnnydod moderated this page.
If you have any complaints about this content, please let us know

Comments

Add a comment
Username
Can't login?
Password