What vulnerabilities does the web server have?

S

Sandwich212020-05-24 14:35:23

Information Security

Sandwich21, 2020-05-24 14:35:23

There are a number of web application vulnerabilities.
OWASP Top 10:
1. Code injection
2. Incorrect authentication and session management
3. Cross-site scripting
4. Access control violation
5. Insecure configuration
6. Sensitive data leakage
7. Insufficient attack protection
8. Cross-site request forgery
9. Use of components with Known Vulnerabilities
10. Unprotected API
As I understand it, not all of these threats specifically threaten the web server, such as SQL injection. This is a dangerous vulnerability that allows an attacker to read, modify or delete information in the database (that is, the subject of the attack is the database).
Those each vulnerability "attacks" its own component (for example, the database server in the case of SQL injection).
And I assume that the web server also has its own vulnerabilities, those attackers work specifically with the web server, for example, DDoS attacks are aimed precisely at bringing the web server down.
Am I correct in my reasoning?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ivan Shumov, 2020-05-24
@Sandwich21

Very superficial. The fact is that the web server itself does not carry any value. The value comes from the application and the data it serves. Yes, DoS and DDoS attacks are aimed at denial of service, but the web server itself is not affected. These attacks target the virtual machine and its resources in the first place, including the maximum number of connections.