Chapter 4. Server Misconfiguration and Predictable Pages
Information in this Chapter
- Understanding the Attacks
- Employing Countermeasures
In July 2001, a computer worm named Code Red squirmed through Web servers running Microsoft IIS (www.cert.org/advisories/CA-2001-19.html). It was followed a few months later by another worm called Nimda (www.cert.org/advisories/CA-2001-26.html). The advent of two high-risk vulnerabilities so close to each other caused many sleepless nights for system administrators and ensured profitable consulting engagements for the security industry. Yet the spread of Nimda could have been prevented if system administrators had followed certain basic configuration principles for IIS, namely placing the Web document root ...
Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
