web application vulnerability upload
TRANSCRIPT
Web Application Vulnerability
OutlineIntroductionDefinitionObjectivesEntitiesThreatsPreventionConclusion
Introduction
Web AppVulnerabilities
Definition
•Web application : web-based software that provide services to users• Vulnerability: weakness which
allows attackers to reduce a system’s information assurance
Objectives
To breach a system's protection mechanisms
To take advantage or gain access to private information or system resources
To compromise the integrity or availability of application
To compromise the trust relationship between an application user and the web application
Entities
Attacker
•Unauthorized user
•Exploit the system
Victim
•Authorized user
•Weak system
Threat on Web Application
Buffer Overfl
ow
Cross-Site
Scripting (XSS)
Command injection
SQL Injecti
on
Cookie Snooping
Preventions
Avoid generation of informational
error messages
Remove HTML
comments
Use two-level
validation
Use encryption
Conclusion
A combination of application of both technologies and user awareness are
the only effective ways of truly defending against web attacks.