-
Quiz: Locking down IIS
Take our quiz to see how well you know the Web server. Security Quiz
-
Quiz: Locking down IIS Answers
Security Quiz Answer
-
Entrance exam: Web attack prevention and defense
Test your knowledge of Web security to see if you'd benefit from our Intrusion Defense School lesson, "Web attack prevention and defense." Security School
-
Web Security School Entrance Exam Answers
Web Security School Entrance Exam Answers Security School
-
Know your enemy: Why your Web site is at risk
In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them. Security School
-
Quiz: Secure Web directories and development
Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management. Security School
-
Web Security School Lesson 3
In Lesson 3 of Web Security School, Michael Cobb teaches you how to plan and implement Web directory structures and permissions, and manage secure Web development. Also, a primer on secure coding and data management, and procedures for combating Web ... Security School
-
Web Security School Lesson 1
Learn how to plan and perform a secure installation of your Web server's operating system and services. Security School
-
Web Security School Lesson 2
In Lesson 2 of Web Security School, guest instructor Michael Cobb explains what to expect and look for when analyzing an attack on your Web server. Security School
-
Quiz: Identify and analyze Web server attacks
Test your knowledge of the material covered in the "Identify and analyze Web server attacks" section of Intrusion Defense School. Security School
- See More: Essential Knowledge on Web Server Threats and Countermeasures
-
Podcast: Inside the DNS Changer botnet takedown
Security Wire Weekly podcast: Trend Micro Advanced Threats Researcher Paul Ferguson discusses how the DNS Changer botnet takedown happened and why an even more dangerous botnet era may be beginning. News | 15 Nov 2011
-
Oracle issues out-of-band Apache update
Oracle Corp. has issued an out-of-band security alert for its Fusion Middleware and Application Server products that addresses an Apache Web server flaw. News | 19 Sep 2011
-
Apache DDoS vulnerability requires immediate update to avoid threat
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild. News | 31 Aug 2011
-
Microsoft plans emergency update for ASP.NET encryption flaw
Attackers are targeting a weakness in the ASP.NET Web application framework. A fix is expected today at 1 p.m. ET. Article | 28 Sep 2010
-
Black Hat: Researchers poke holes in HTTPS, SSL Web browser security
Attackers capable of carrying out man-in-the-middle attacks to hijack Web browsing sessions can go further and render Web security protocols HTTPS and SSL/TLS useless against attack. Article | 29 Jul 2010
-
SQL Injection attack used in breach of 168,000 Netherlands travelers
Attacker gains access to Netherlands-based smartcard website revealing customer information. News | 18 May 2010
-
Microsoft doesn't rule out rushed patch for IIS zero-day vulnerability
Software giant dismisses the critical nature of the Internet Information Services zero-day flaw, but doesn't rule out an out-of-band patch. Article | 28 Dec 2009
-
Increase in Gumblar backdoors poses FTP credential problems
Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem. News | 20 Nov 2009
-
VeriSign extends DDoS attack protection service
Vendor latches on to the recent high profile DDoS attacks with Web-based monitoring service. News | 15 Sep 2009
-
Microsoft issues IIS FTP advisory, exploit code circulates
Exploit code is circulating for the FTP zero-day flaw in Microsoft IIS Web server. Article | 03 Sep 2009
- See More: News on Web Server Threats and Countermeasures
-
Enabling secure Web development means treating vulnerabilities as bugs
Gil Danieli explains why secure Web development depends on treating vulnerabilities like any other software bugs, and how to get Web developers to buy in. Tip
-
How to find and stop automated SQL injection attacks
Automated SQL injection worms use search engines to filter through vulnerable Web servers. In this tip, Patrick Szeto explains how to keep your website off of the malware's radar. Tip
-
How to spot attacks through Apache Web server log analysis
Log analysis requires refined search skills that will help you ferret out security issues. Brad Causey explains how to sift through log data and find the relevant security information. Tip
-
How to clear out anonymous Web proxy servers in the workplace
Enterprises may use Web filtering software to limit Internet use, but some employees may respond right back with easily available anonymizing proxies. John Strand explains how to keep your users from bypassing content filters. Tip
-
How to stop malware in a 'Flash'
Always innovating, attackers have found ways to mask their malware by placing the code into PDFs and Flash files. The malware often appears to be legitimate ads for products, and it can be particularly hard to analyze. John Strand explains why and de... Tip
-
Screencast: How to use Wikto for Web server assessment
Peter Giannoulis demonstrates what kinds of website and Web server information can be found using the free Wikto tool. Tip
-
IT discussion: Is malware the cause of a DNS server error?
DNS connectivity problems are quite common, but an increasing number of DNS issues are being caused by surreptitious attacks. In this Q&A thread from SearchSecurity.com's redesigned IT Knowledge Exchange, learn how an innocent query about a finicky D... Tip
-
Finding and blocking Web application server attack vectors
Web application server attacks are nothing new, but attackers are coming up with creative new ways to penetrate them. Information security expert Peter Giannoulis examines how data-hungry attackers are using Web application servers to crack into back... Tip
-
Avoiding the scourge of DNS amplification attacks
DNS amplification attacks can generate enough bogus traffic to blow almost anyone off the Internet. Learn how these packet flood attacks work and how to defend your organization. Tip
-
Blocking Web anonymizers in the enterprise
As Internet privacy concerns continue to proliferate, so does the use of Web anonymizers. While these tools can help you block employee access to certain Web sites, they are also beneficial in helping employees evade your efforts. In this tip, access... Tip
- See More: Tips on Web Server Threats and Countermeasures
-
Explaining how trusted SSL certificates and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections. Answer
-
Do WebKit exploits escalate risk of Web browser attacks?
The WebKit framework suffers from several vulnerabilities that can be exploited to conduct Web browser attacks. Expert Michael Cobb discusses the risk. Answer
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices. Answer
-
Learning from the MySQL.com hack: How to stop website redirects
Learn how to stop website redirects put in place by malicious hackers, and how to prevent attacks like the MySQL.com hack. Answer
-
Stop hackers from finding data during Web application fingerprinting
Hackers use Web application fingerprinting to learn about their target. You can reduce the amount of information they uncover with these tips. Answer
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Answer
-
How an IIS Web application pool can help secure your enterprise
Did you know an IIS Web application pool not only helps manage your applications, but also makes them more secure? Expert Michael Cobb explains the benefits of Web application pools. Answer
-
Secure DMZ Web server setup advice
Network security expert Anand Sastry describes how to ensure a secure DMZ Web server setup involving network attached storage (NAS). Ask the Expert
-
How do passwordless SSH keys represent an enterprise attack vector?
Passwordless SSH keys represent an attack vector because their safety is determined by the security of the host. Learn how to protect communication between two networked devices. Ask the Expert
-
How to harden Linux operating systems
Specific advice on hardening a server depends to some extent on its intended role, says expert Michael Cobb in this SearchSecurity.com Q&A. Ask the Expert
- See More: Expert Advice on Web Server Threats and Countermeasures
-
Web filter
Word
-
cache cramming
Word
-
content filtering (information filtering)
Word
-
Read-only domain controllers – What are they and why should I care?
Beth Quinlan (MCT, MCSE-Security, CISSP) is the technical lead for HynesITe, where she is a trainer/consultant. She has specialized in Microsoft infrastructure technologies and security design for over 12 years. She has authored the ISA Server 2006 R... Podcast
-
Dan Kaminsky on DNS, Web attacks
Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, shares his research on DNS and Web-based attack techniques. Video
-
Explaining how trusted SSL certificates and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections. Answer
-
Enabling secure Web development means treating vulnerabilities as bugs
Gil Danieli explains why secure Web development depends on treating vulnerabilities like any other software bugs, and how to get Web developers to buy in. Tip
-
Do WebKit exploits escalate risk of Web browser attacks?
The WebKit framework suffers from several vulnerabilities that can be exploited to conduct Web browser attacks. Expert Michael Cobb discusses the risk. Answer
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices. Answer
-
Learning from the MySQL.com hack: How to stop website redirects
Learn how to stop website redirects put in place by malicious hackers, and how to prevent attacks like the MySQL.com hack. Answer
-
Podcast: Inside the DNS Changer botnet takedown
Security Wire Weekly podcast: Trend Micro Advanced Threats Researcher Paul Ferguson discusses how the DNS Changer botnet takedown happened and why an even more dangerous botnet era may be beginning. News
-
Stop hackers from finding data during Web application fingerprinting
Hackers use Web application fingerprinting to learn about their target. You can reduce the amount of information they uncover with these tips. Answer
-
Oracle issues out-of-band Apache update
Oracle Corp. has issued an out-of-band security alert for its Fusion Middleware and Application Server products that addresses an Apache Web server flaw. News
-
Apache DDoS vulnerability requires immediate update to avoid threat
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild. News
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Answer
- See More: All on Web Server Threats and Countermeasures
About Web Server Threats and Countermeasures
In this resource guide get news and tips on Web server threats, attacks and countermeasures. Learn how to secure your Web servers to prevent malicious hacker access and avoid DNS vulnerabilities.