Menu
 Home
 Local News    
 Global News
 Technical & Product News
 Opinions
 Contact Us
 Subscribe/Unsubscribe
 
 Publications
 ICT World
 Cable Talk
 Computing S.A.
 Network World
 The Channel
 IT users handbook
 
 Sponsors
 ICT World Company Directory
 
 Partners
 CareerJunction
 Johnnic Mag Division
 
 Privacy Policy
 Privacy Policy
 
   
   

Why your Web apps are sitting ducks

Date: 02 March 2007
Issue: Two hundred and twenty-four (26/2/07 - 2/3/07)
(ICT World)
Category: Global News
Bob Brown, Network World (US)
Despite improvements in code quality, Web servers remain at a high risk of being hacked, according to a paper from researchers who use honeypot technologies to examine how hackers tick.

The Honeynet Project, which provides real systems with which unwitting attackers can interact, says Web applications remain vulnerable for a host of reasons. These include poor-quality code, the fact that attacks can be performed using PHP and shell scripts (which is generally easier than using buffer-overflow exploits), and the emergence of search engines as hacking tools.

What's more, Web servers can be a gold mine for hackers, in that they have higher bandwidth connections than most desktops and often link to an organisation's databases.

The group's findings are outlined in a paper titled: "Know Your Enemy: Web Application Threats". Researchers involved in honeynet projects in Chicago, Germany and New Zealand collaborated on the paper.

The report reads at one point: "Web applications commonly face a unique set of vulnerabilities due to their access by browsers, their integration with databases, and the high exposure of related Web servers. The modern Web server setup commonly presents multiple applications running on one host and available via a single port, creating a large surface area for attack."

Code injection, remote code-inclusion, SQL injection and cross-site scripting are cited as common attack modes. Search, spider and IP-based scanning are cited as typical of the discovery techniques used by hackers seeking vulnerable applications.

Hackers attempt to disguise their identities using proxy servers, the Google Translate service, onion routers and other systems, the researchers write.

Defacement, phishing attacks, e-mail spam, blog spam, botnet recruitment and hosting of files were found to be among the hackers' goals.

"By becoming a tool for an attacker to inflict harm on other systems, a site may be opening itself up to liability issues if they have not been paying sufficient attention to security," the report states. "For example, if a machine is joined to a botnet, it may be a participant in a denial-of-service attack against an external site, or may be used to recruit other machines into the botnet."

While the researchers say more of the same is in store for organisations using Web servers and applications, they did offer security recommendations. These include keeping an inventory of applications on Web servers and maintaining patch levels for them, as well as correctly configuring Web servers. Network and host-based intrusion-detection systems also can help, the researchers add.