Q

What can encoded syntax attacks do to Web applications?

In this Q&A, expert Michael Cobb explains how to test Web servers so that they are not vulnerable to encoded syntax attacks

What are encoded syntax attacks, and what can they do to Web applications?
Most Web servers and browsers have the ability to process requests in a variety of different formats, and the goal of encoded syntax attacks is to bypass detection. For example, a simple cross-site scripting (XSS) attack can be fixed with a variety of different character-encoding sets, including Unicode, UTF-8 and Hex. The problem is that many IDS/IPS products are signature-based and look for a specific attack string. Therefore, intrusion detection and prevention tools may not be able to catch an attacker that encodes a malicious request.

Organizations should test their Web servers to ensure that they are not vulnerable to encoded syntax attacks. To do so, I recommend tools like Nikto. The server-assessment tool utilizes a variety of different encoding techniques, and can even use multiple types of evasion tactics together. Nikto will request pages in a various ways that your server will understand but may be difficult for us to read. Many servers, for example, can process...

requests in Unicode and Base64, which are languages not easily deciphered by many people.

Also, look at ModSecurity, an open source Web application firewall and UrlScan, a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. These tools have the ability to detect and/or stop some of the most common encoded attacks like SQL injection, cross-site scripting and requests for pages on your site that may have vulnerabilities like buffer overflows. There are also a number of commercial products that can help defend against encoded syntax attacks, including those from F5 Networks Inc., Breach Security Inc., and Barracuda Networks Inc.

For more information:

  • Learn how to protect and harden a database server.
  • See how ModSecurity is getting an 'attitude adjustment.'
  • This was first published in January 2009
    This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close