The document discusses web server security issues, defining web servers and their types, including Apache and IIS. It outlines various security threats such as brute force attacks, botnets, malware, SQL injection, and denial-of-service attacks, emphasizing the importance of keeping software updated and maintaining strong security practices. Careless user behavior is highlighted as a significant risk factor for server security.

1. A SLIDE ON WE B
SE RVE R SE CURITY
ISSUES
B Y
O N U O H A C H I B U I K E M A R T I N S
D E P A R T M E N T O F I N F O R M A T I O N
M A N A G E M E N T T E C H N O L O G Y
F E D E R A L U N I V E R S I T Y O F T E C H N O L O G Y ,
O W E R R I

2. Web ServerSecurity Challenges
 What are web servers?
 Web server is an information technology that processes
requests via HTTP, the basic network protocol used to
distribute information on the world wide web.
 Types of Web Servers
 Apache web server
 Internet Information Services
 Lighttpd Web servers
 Jigsaw Web server
 Sun Java System Web servers

3. BROWSERINTERACTWITHSERVERS

4. WEBSERVERSECURITYISSUES
 Brute Force
 Botnet
 Malware
 SQL injection
 DoS
 Unpatched application
 Careless Users

5. MALWARE

6. Adware advertises a commercial offering actively and without the user's
permission or awareness, for example by replacing banner ads on web
pages with those of another advertiser.
Spyware is software which sends information to its creators about a
user's activities – typically passwords, credit card numbers and other
information that can be sold on the black market.
virus is used for a program that embeds itself in some other executable
software (including the operating system itself) on the target system
without the user's consent and when that is run causes the virus to spread
to other executable.
Worm is a stand-alone malware program that actively transmits itself
over a network to infect other computers, etc.

7. BOTNET a.k.a Zombie

8. Botnets can be exploited for various other purposes,
including denial-of-service attacks, creation or misuse
of SMTP mail relays for spam,
mining bitcoins, spamdexing, and the theft of
application serial numbers, login IDs, and financial
information such as credit card numbers.

9. DenialofServiceattack

10. At this point in time legitimate users request will not be handled
or will be timed out. A very good example is when for a day your
phone receives 12,000 calls from people you don’t know. Your
phone will be busy, very hot and these calls would prevent you
from calling and answering calls from people in your contact
list.
Symptoms of web server under DoS attack
1. Slow network performance in opening files or accessing
websites
2. Unavailability of a particular web site
3. Inability to access any web site
4. Increase in the number of spam emails received—(this type
of DoS attack is considered an e-mail bomb)
5. Disconnection of a wireless or wired internet connection

11. SQLINJECTION
SQL injection attacks allow attackers to spoof identity,
tamper with existing data, cause repudiation issues
such as voiding transactions or changing balances,
allow the complete disclosure of all data on the system,
destroy the data or make it otherwise unavailable, and
become administrators of the database server.

15. Sql injection is a very tedious process that requires
consistency and patience from the side of an attacker.

16. UNPATCHED SOFTWARE
Applying security updates also addresses technical
glitches to improve the software’s performance. Until
systems are updated, computers remain open to
threats that abuse vulnerabilities. All server operating
system vendors and distributions publish security
updates.

17. CARELESSUSERS
 The most prevalent threat to a server’s security is
user carelessness. If you or your users have
passwords that are easy to guess, poorly written
code, unpatched software, or a lack of security
measures like anti-virus software, you are just asking
for trouble.