Difference between revisions of "Security of Web Applications"
(Created page with " == Motivation == As we have seen in the previous chapter: Creating dynamic web pages from your server is easy. You can use CGI, PHP, Python, Perl, etc.. Also there are a lot...") |
(→Buffer Overflow) |
||
| Line 11: | Line 11: | ||
When you use compiled software (e.g. written in C) and the programmer is not careful, then it can happen that a buffer that is used to hold a string and is filled with data that comes from the outside user overflows and overwrites neighboring data. Often this is can be exploited to run arbitrary code on the machine. |
When you use compiled software (e.g. written in C) and the programmer is not careful, then it can happen that a buffer that is used to hold a string and is filled with data that comes from the outside user overflows and overwrites neighboring data. Often this is can be exploited to run arbitrary code on the machine. |
||
| + | |||
| + | Usually people do not write their web applications directly in C but e.g. you use some tool to convert images and that uses some library code and there might be bugs. The best way to avoid problems here: '''Regular updates''' of your operating system software. |
||
| + | |||
| + | === Bugs in off-the-shelf applications === |
||
| + | |||
| + | When you use many of the available packages of free software: Also keep them up to date. Once in a while bugs are found there but usually quickly fixed. The best solution here is to have an automatic update. In most Linux distribution a lot of popular web applications are bundle with it and you get your updates together with the normal OS updates. |
||
| + | |||
| + | === SQL Injections, Shell Injections === |
||
Revision as of 18:46, 1 April 2020
Contents
Motivation
As we have seen in the previous chapter: Creating dynamic web pages from your server is easy. You can use CGI, PHP, Python, Perl, etc.. Also there are a lot of free and open source packages that you can deploy on your own server for a lot of different applications. Wordpress and other popular content management systems, etc..
The problem is to keep them secure. Here you learn the basic rules to follow and how to avoid the most common security issues.
Common Security Problems
Buffer Overflow
When you use compiled software (e.g. written in C) and the programmer is not careful, then it can happen that a buffer that is used to hold a string and is filled with data that comes from the outside user overflows and overwrites neighboring data. Often this is can be exploited to run arbitrary code on the machine.
Usually people do not write their web applications directly in C but e.g. you use some tool to convert images and that uses some library code and there might be bugs. The best way to avoid problems here: Regular updates of your operating system software.
Bugs in off-the-shelf applications
When you use many of the available packages of free software: Also keep them up to date. Once in a while bugs are found there but usually quickly fixed. The best solution here is to have an automatic update. In most Linux distribution a lot of popular web applications are bundle with it and you get your updates together with the normal OS updates.
