Web servers are the backbone of the internet and provide the core services and functionalities of the billions of websites around the world and, as a result, act as a repository for the personal data of everyone who visits them. Ensuring that servers are secure from outside attack is a prime concern for any organization who rely on them.
In the last few years attacks against web servers have increased substantially and it is immaterial where in the world you base a web server: malicious code respects no boundaries. The threat is not only transnational, but now comes from organized criminal gangs looking to harvest passwords, financial details and other information, rather than teenage hackers looking to cause mischief. In most cases an attack occurs unobtrusively, with servers and websites corrupted with malware designed to infect as many users as possible.
This paper discusses common ways web servers are attacked and the various ways they can be protected.
Download Securing Websites
This paper discusses some of the common ways that web servers are attacked and details various techniques in which they – and by extension the websites they host – can be protected. Download now
Updated by Fraser Howard, Threat Researcher, SophosLabs UK, 2011