Web traffic (Hypertext Transfer Protocol, HTTP) has overtaken P2P traffic and continues to grow. [Ellacoya, 2007] Web site hacks are on the rise and pose a greater threat than the broadbased network attacks as they threaten to steal critical customer, employee, and business partner information stored in applications and databases linked to the Web. [Greenemeier, 2006] The increasing shift towards web applications opens new attack vectors. Traditional protection mechanisms like firewalls were not designed to protect web applications and thus do not provide adequate defense. Current attacks cannot be thwarted by just blocking ports 80 (HTTP) and 443 (HTTPS).
Preventive measures (like Web Application Firewall rules) are not always possible. Reactive methods – to detect what happened previously – are usually easier but have the disadvantage of always being behind the actual event.
This paper explains how to detect the most critical web application security flaws. Web application log files allow a detailed analysis of a users actions. Log files have its limits, though. Web server log files contain only a fraction of the full HTTP request and response. Knowing those limits, the majority of attacks can be recognized and acted upon to prevent further exploitation.
Views: 0
