CISC 7050 Lecture Notes - Lecture 8: Web Server, Web Application, Database Server
Document Summary
Identifier: http delete method deletes specified resources, http options method returns http methods that server supports, http connect method converts request connection to transparent tcp/ip tunnel, user-agent string ids browser & provides certain system details to servers. Ids type of device connecting from & loads browser specific page for user: http errors are built-in troubleshooting mechanisms, helps hackers build sitemaps. Http and network: common ports used for http transactions are tcp ports 80 (http), 443 (https), Ids uses netflow data (simple ports 80/443 communication between ips) & lacks ability to inspect input being sent over the requests. Hackers perspective: attackers will gather info about web app @ number of different layers b/c attack method will be ided to potentially exploit in each layer. Buffer overflow; format string; directory traversal; default accounts; sample apps. Attack methodology: methodology: recon mapping discovery exploitation, recon: before touching app.