There are many threats that we can suffer when surfing the Internet. There are many types of attacks, varieties of malware, techniques that hackers use … All of this can affect us as home users, put a company or organization at risk, as well as affect web pages and applications. Website servers can suffer many types of attacks. We are going to explain which are the main ones that can jeopardize proper operation and safety.
Attacks that can affect web servers
Cyber attacks, as we have mentioned, can affect all types of users, computers and systems. Also web servers can be compromised. They can steal information, collect user data, break passwords, launch a denial of services attack … Many varieties of threats that in one way or another can affect us.
Cross-Site Request
We can translate it into Spanish as cross-site request forgery, also known as one-click or session attack and abbreviated as CSRF (“sea-surf”) or XSRF. It is a type of malicious website exploit through which unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust that a user has of a particular site, CSRF exploits the trust that a site has in a user’s browser.
In this way, the attacker is able to perform an action on behalf of the victim. It is basically as if it were being executed by that user. It is one of the most dangerous attacks due to the consequences it could have for the victim.
SQL injection
This attack is one of the most popular in web applications. Hackers are going to base themselves on a vulnerability, as could happen in the database layer of the web application. That code could compromise that tool and leak confidential data, information, etc.
Logically this will cause the program to work incorrectly. At the end of the day, what the attacker does with SQL injection is modify the code that has already been previously programmed. You are going to modify the main function it has.
Cookie poisoning attack
Cookie poisoning attacks involve modifying the contents of a cookie (personal information stored on the victim’s computer) to bypass security mechanisms. By using cookie poisoning attacks, attackers can obtain unauthorized information about another user and steal their identity.
With cookie poisoning, therefore, the attacker could obtain confidential information, such as financial data. This can put the privacy of the user at risk.
Theft of cookies
Cookie theft is a type of attack that is performed using client-side scripts such as JavaScript . When the user clicks on a link, the script will search the cookie stored in the computer’s memory for all active cookies and send them to the hacker who is carrying out that attack.
Phishing attacks
Without a doubt we are facing a classic of cyber attacks. Phishing is the process in which an attacker tries to steal sensitive data, passwords, credentials … It seeks that users enter information such as user names, passwords and credit card details by posing as a reliable entity in an electronic communication. However, everything that the victim puts up ends up on a server controlled by the attackers.
Web Defacement
Another attack that can seriously compromise a page is what is known as Web Defacement . In Spanish we can translate it as defacement of a website. It is changing the appearance of a page so that it looks like what it is not. They can access a server and modify or replace all the content there is.
This could seriously affect the reputation of a website. An attacker could totally modify the appearance, the published articles, the content … Obviously this is a very important problem that must be faced.
Buffer overflow
One more type of attack is what is known as a buffer overflow. This is a problem in which a process stores data in an out-of-memory buffer that the programmer reserved for it. It is another variety of very common threat. The additional data overwrites memory that may contain other data, including program variables and program flow control data.
This could lead to memory access errors, incorrect results, program termination, or a system security breach. It must be taken into account that this type of vulnerability can be present in all types of systems, applications and servers.
Forced navigation
In this case we are facing an attack whose objective is to enumerate and access the resources that the application does not refer to, but that are still accessible. We could name as examples the directories such as config, backup, logs that can be accessed can reveal a lot of information about the application itself, password, activities, etc.
HTTP response split
Also known as HTTP response separation . This time an attacker passes malicious data to a vulnerable application , and the application includes the data in an HTTP response header. This attack itself does not cause any damage, but it would lead to other sensitive attacks such as XSS.
How to prevent attacks on web applications
As we have seen, there are many attacks that we can suffer. It doesn’t matter if we are home users or a large organization. Furthermore, any device, system or server can be attacked by a cybercriminal. This means that we must take precautions and not make mistakes of any kind that compromise us.
There are different methods and tools that web application and web server developers use to protect a page. In addition, there are also specific attack solutions and best practices that can be applied on an ongoing basis to protect applications and users. Code reviews, bug bounty programs, and code scanners should be implemented throughout the life cycle of the application.
Code reviews can help detect vulnerable code early in the development phase, dynamic and static code scanners can do automatic vulnerability checks, and bug bonus programs allow ethical testers or hackers to find bugs in the website.
Use stored procedures with parameters that can be carried out automatically. An example would be implementing CAPTCHA or having users answer questions. This ensures that a form and request are submitted by a human and not a bot.
Another very important aspect is to use a web application firewall (WAF) to monitor the network and block possible attacks. It is a security measure that should be applied on our servers. This way we will avoid the entry of attackers who could break our privacy and security.
However, keep in mind that neither of these methods can replace the other. This means that each adds its own value to the table and adds protection against certain attack scenarios. Not all vulnerabilities can be found through code reviews or bug bonus programs, or just through a web application firewall as no tool is 100% secure. All this means that we must consider a combination of all these methods to protect applications and users in the most efficient way possible.
