-- Search Engine Spider and User Agent Identification
---- HoneyNet White Paper : Know your Enemy: Web Application Threats
Brett_Tabke - 6:21 pm on Feb 27, 2007 (gmt 0)
This is is a must read for all programming web developers: [honeynet.org...]
Web applications present a very high risk, and an attractive target to attackers for the following reasons: Firstly, the quality of the code is often rather poor and many vulnerabilities of commonly used code are published. Second, attacks can often be performed using PHP and shell scripts, which are much easier to develop and use than buffer-overflow exploits. Thirdly, tools such as search engines provide a very easy way for attackers to locate vulnerable web applications. We believe that web servers present relatively high-value targets for attackers since they are more likely to have higher bandwidth connections than the average desktop computer. They will also typically need to access the organisation's databases and so may provide a stepping stone for an attacker who wishes to recover such data.
The paper is rather thick in spots, but stick with it, as there are some subtle gems in there worth finding.