O'Reilly logo

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Marcus Pinto, Dafydd Stuttard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 17. Attacking the Web Server

As with any kind of application, a web application is dependent on the other layers of the technology stack that support it, including the web server, operating system, and networking infrastructure. Any of these components may be targeted by an attacker, and compromising the technology on which an application depends will very often enable an attacker to fully compromise the application itself.

Most attacks in this category are outside the scope of a book about attacking web applications. One exception to this is attacks that target the web server layer. The web server is intimately tied up with the application that runs on it, and defects within a web server can often be used to attack the application directly, rather than indirectly, by first compromising the underlying host.

This chapter focuses on ways of leveraging defects at the web server layer to attack the web application running on it. The vulnerabilities that you can exploit to attack web servers fall into two broad categories: shortcomings in the server's configuration and security flaws within the web server software.

Vulnerable Web Server Configuration

Even the simplest of web servers comes with a wealth of configuration options that control its behavior. Historically, many servers have shipped with insecure default options, which present opportunities for attack unless they are explicitly hardened.

Default Credentials

Many web servers contain administrative interfaces that may be publicly ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required