Understand the complexity of Web infrastructure and current trends of Web threat

Understand the mechanisms and defense of major Web attacks: XSS, SQL injection and shell attacks

Web Security Assessment Methodology

Why Web Security is a Real Business Problem

> 60% of total attack attempts observed on the Net are against Web applications

> 80% of vulnerabilities discovered are in web apps

Common thread for Web Applications


Big trend: software as a (Web-based) service

–Online banking, shopping, government, etc.

–Cloud computing

Applications hosted on Web servers

–Written in a mixture of PHP, Java, Perl, Python, C, ASP

Security is rarely the main concern

–Poorly written scripts with inadequate input validation

–Sensitive data stored in world-readable files


Web Server Hardening Services (IIS / Apache and other Linux variations)