birt barcode plugin WEB S IT E S ECU RIT Y in Font

Paint QR in Font WEB S IT E S ECU RIT Y

CHAPTER 11 WEB S IT E S ECU RIT Y
Making Quick Response Code In None
Using Barcode drawer for Font Control to generate, create QR Code image in Font applications.
www.OnBarcode.com
Drawing PDF-417 2d Barcode In None
Using Barcode creation for Font Control to generate, create PDF-417 2d barcode image in Font applications.
www.OnBarcode.com
Figure 11-4. Network Utility Whois tab
GS1 - 13 Creation In None
Using Barcode encoder for Font Control to generate, create GS1 - 13 image in Font applications.
www.OnBarcode.com
Create Quick Response Code In None
Using Barcode generation for Font Control to generate, create QR Code image in Font applications.
www.OnBarcode.com
Protecting from Google
Data Matrix ECC200 Generation In None
Using Barcode encoder for Font Control to generate, create DataMatrix image in Font applications.
www.OnBarcode.com
GTIN - 12 Creation In None
Using Barcode generation for Font Control to generate, create UPC-A Supplement 2 image in Font applications.
www.OnBarcode.com
Google is one of the greatest hacking tools ever created, so it is important to understand what an attacker might use Google to do. Searching for servers with specific vulnerabilities has never been easier than it is with Google. An attacker might find a tool that can be run against a certain version of your web server, such as Apache 2.1. A search for web sites using Apache 2.1 is performed, and then the attacker isolates messages on error pages or default web sites that contain identifiers specific to that version of the software. Figure 11-5 shows an example of this. Google also offers hackers the ability to find out information about a web site without leaving any traces. When you run a search, there are multiple ways for viewing a web site. One is to use the cached option on the site (see Figure 11-6). The Cached button loads the destination page by using a cached copy of your web site located on the Google web servers. This means you are not writing to the target web server s log files from your own computer. This gives savvy wouldbe attackers the ability to have Google show them information about a server without leaving a trace. An attacker would then gather as much information about a site as possible before launching the attack. To help prevent this, know what information Google has cached for your site, and if you want, disable the Googlebot from scanning your site at https://google.com/ webmasters/tools/siteoverview.
UCC - 12 Generator In None
Using Barcode creation for Font Control to generate, create EAN 128 image in Font applications.
www.OnBarcode.com
MSI Plessey Creator In None
Using Barcode printer for Font Control to generate, create MSI Plessey image in Font applications.
www.OnBarcode.com
C HAPT ER 11 WEB S ITE S ECURITY
Printing QR Code In Visual C#.NET
Using Barcode drawer for .NET Control to generate, create QR-Code image in VS .NET applications.
www.OnBarcode.com
Generate QR-Code In .NET Framework
Using Barcode creator for ASP.NET Control to generate, create QR Code JIS X 0510 image in ASP.NET applications.
www.OnBarcode.com
Figure 11-5. Version-specific web codes
Creating Barcode In Java
Using Barcode maker for Android Control to generate, create Barcode image in Android applications.
www.OnBarcode.com
GTIN - 128 Generation In None
Using Barcode generation for Office Word Control to generate, create EAN / UCC - 13 image in Microsoft Word applications.
www.OnBarcode.com
Figure 11-6. Google cache
Generating GTIN - 13 In Objective-C
Using Barcode encoder for iPhone Control to generate, create EAN 13 image in iPhone applications.
www.OnBarcode.com
Matrix Encoder In Visual Studio .NET
Using Barcode generator for ASP.NET Control to generate, create Matrix Barcode image in ASP.NET applications.
www.OnBarcode.com
Enumerating a Web Server
Code 3/9 Scanner In VS .NET
Using Barcode decoder for Visual Studio .NET Control to read, scan read, scan image in Visual Studio .NET applications.
www.OnBarcode.com
Draw 1D Barcode In VB.NET
Using Barcode printer for .NET framework Control to generate, create 1D image in Visual Studio .NET applications.
www.OnBarcode.com
What other information is available about your web site Apache communications occur by transferring text data over port 80. As is true with many ports, it is possible to use the text-based communications application Telnet to tap into port 80 and talk to the server without using a web browser. This is what the Terminal-based lynx web browser uses. For example, the command telnet <IP Address> <port 80> would result in a prompt that would enable you to send data to a web server and request a response. For example, the following command:
Paint Data Matrix 2d Barcode In .NET Framework
Using Barcode generation for Reporting Service Control to generate, create DataMatrix image in Reporting Service applications.
www.OnBarcode.com
Printing Matrix Barcode In VS .NET
Using Barcode encoder for .NET Control to generate, create 2D Barcode image in VS .NET applications.
www.OnBarcode.com
CHAPTER 11 WEB S IT E S ECU RIT Y
Make PDF417 In None
Using Barcode creation for Word Control to generate, create PDF 417 image in Office Word applications.
www.OnBarcode.com
Encode GS1-128 In C#.NET
Using Barcode maker for .NET framework Control to generate, create UCC.EAN - 128 image in .NET framework applications.
www.OnBarcode.com
telnet www.318.com 80 <RET> HEAD /HTTP/1.0 <RET> responds with the following lines: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>400 Bad Request</TITLE> </HEAD><BODY> <H1>Bad Request</H1> Your browser sent a request that this server could not understand.<P> client sent invalid HTTP/0.9 request: HEAD /HTTP/1.0<P> <HR> <ADDRESS>Apache/1.3.37 Server at 10.49.38.139 Port 80</ADDRESS> </BODY></HTML> As shown in the previous example, when using the Telnet command to get information about Apache, you are looking at the Apache banner to get information on the version number, local server IP address, and any information about the server that might not otherwise be available. Banners can be edited to reflect a different version number by changing the actual httpd banner, but this is risky and should probably not be done.
Securing Files on Your Web Server
File security plays an integral part in web security. If your server allows too much permission to files such as scripts, then you are opening yourself up to a wide range of attacks. This includes HTML files and CGI scripts. Files located in standard web directories are typically assigned permissions of 751 (for more information on permissions, see 10), which gives the everyone user (unauthenticated web visitors are assigned to the everyone group) the read-only setting for HTML files. One exception to this includes .html pages that have to be rewritten and updated by a script. In that case, apply the 766 permission level to both the directory and the file. Permissions for files that are added to the server are controlled by the mask of the application that uploads the files. In some cases, these are the default permissions of FTP, Apache, a CMS package such as PostNuke, or maybe just the umask variable of your system. CGI applications for different web sites that run on the same server all run with the same permissions, and in Mac OS X they all run as the same user account by default. CGI applications can be dangerous, especially when they have the wrong permissions applied to them, because they can possibly be edited and then run with arbitrary code. The proper permission for executable scripts is typically 755. However, it is common for certain developers to use 606, or other specific variants, according to what they are attempting to accomplish. If you do not have a specific reason to use something other than 755, it s a good idea to stick to the proper permission levels. File permissions and how to change them are discussed in more depth in 3.
Copyright © OnBarcode.com . All rights reserved.