Web server threats and application attacks

In this resource guide get news and tips on Web server attacks, threats, and countermeasures. Learn how to secure your Web servers to prevent malicious hacker access and avoid DNS vulnerabilities.

New & Notable

Download this free guide

Your Guide to Info Sec Certifications

We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.

Corporate E-mail Address:
You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login.
You have exceeded the maximum character limit.
Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Web server threats and application attacks News

August 10, 2018 10 Aug'18
Web cache poisoning attacks demonstrated on major websites, platforms

PortSwigger's James Kettle doesn't believe web cache poisoning is theoretical and to prove it, he demonstrated several attacks on major websites and platforms at Black Hat 2018.
August 06, 2018 06 Aug'18
BGP hijacking attacks target payment systems

Researchers discovered a wave of BGP hijacking attacks aimed at DNS servers related to payment-processing systems in an apparent effort to steal money from unsuspecting users.
July 13, 2018 13 Jul'18
Ticketmaster breach part of worldwide card-skimming campaign

News roundup: The Ticketmaster breach was part of a massive digital credit card-skimming campaign. Plus, the U.K. fined Facebook over the Cambridge Analytica scandal, and more.
April 30, 2018 30 Apr'18
Attackers seek Oracle WebLogic vulnerability after faulty patch

The combination of a broken Oracle WebLogic vulnerability and available proof-of-concept exploit code has led threat actors to search for any servers that are at risk.

View All News

Web server threats and application attacks Get Started

Bring yourself up to speed with our introductory content

cross-site scripting (XSS)

Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, into content from otherwise trusted websites. Continue Reading
CISSP Domain 6: The importance of security assessments and testing

Security assessment and testing should be baked into your regular IT workflows so that you’re able to spot software vulnerabilities before they turn into full-blown attacks. Continue Reading
How to manage HTTP response headers for IIS, Nginx and Apache

HTTP response header configuration files on servers need to be set up properly to secure sensitive data. Expert Judith Myerson outlines how to do this on different types of servers. Continue Reading

View All Get Started

Evaluate Web server threats and application attacks Vendors & Products

Weigh the pros and cons of technologies, products and projects you are considering.

Advanced Protection Program: How has Google improved security?

Google added a layer to its account security system with Advanced Protection Program. Matt Pascucci explains how individuals can better defend themselves from malicious actors. Continue Reading
DNS Security: Defending the Domain Name System

In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important. Continue Reading
How can web shells be used to exploit security tools and servers?

A web shell from the JexBoss security tool was used to exploit servers through an unpatched JBoss vulnerability. Expert Michael Cobb explains how to prevent similar attacks. Continue Reading

View All Evaluate

Manage Web server threats and application attacks

Learn to apply best practices and optimize your operations.

How did a Navarino Infinity flaw expose unauthenticated scripts?

Navarino Infinity, a satellite communication system, found and fixed a flaw that exposed an unauthenticated script. Discover what threats this flaw enabled with Judith Myerson. Continue Reading
How can a text editor plug-in enable privilege escalation?

Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these vulnerabilities with Judith Myerson. Continue Reading
How a Blizzard DNS rebinding flaw put millions of gamers at risk

A Blizzard DNS rebinding flaw could have put users of its online PC games at risk of attack. Expert Michael Cobb explains how a DNS rebinding attack works and what to do about it. Continue Reading

View All Manage

Problem Solve Web server threats and application attacks Issues

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Why the Bleichenbacher attack is still around

The Bleichenbacher attack got a new name after 20 years. Expert Michael Cobb reviews the ROBOT attack and discusses why it's still active this long after it emerged. Continue Reading
How did OurMine hackers use DNS poisoning to attack WikiLeaks?

The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis. Continue Reading
Katyusha Scanner: How does it work via a Telegram account?

The Katyusha Scanner is based on the open source penetration test scanner Arachni. However, it has been modified to work through Telegram accounts. Nick Lewis explains how it works. Continue Reading

View All Problem Solve