Web Security Assignment

Server Side and Web Application Security Assignment

Server Side and Web Application Security Assignment

Gruyere is a test environment by Google, where each can expand their knowledge in finding vulnerabilities in Web applications. For each user is provided a sandbox, in which one may test undisturbed by others. To get your own environment you can go to “http://google-gruyere.appspot.com /start” and click the Start button, the whole can also be reset to the initial state in which they enter their ID here: http://google-gruyere.appspot.com/resetbutton/123, where 123 is your ID. On http://google-gruyere.appspot.com/, Google also provides some functions that implement a variety in the types of vulnerabilities (Barile, 2006). This involves, among other things:

Cross-site scripting (XSS)

Cross-site script inclusion (XSSI)

Cross-Site Request Forgery (XSRF)

AJAX vulnerabilities

Denial of Service

Path Traversal

Configuration Vulnerabilities

Code Execution

 If you look at the solution, you also get an indication of how this attack can be prevented. It is impossible to think that Google could miss the appointment you have with all programmers worldwide in terms of issuing some form of document to educate themselves in the process of generation of secure code. But Google was not content to do some other document, but created a whole series of specialized courses in web security in what is known as Google Code University, developing a whole section of courses on web security that can be accessed at http :// code.google.com / edu / security / index.html. Among these courses appears a very interesting application called Gruyere made ??especially for programmers to learn how attacks are carried out applications and take appropriate action within its own code. Some may say that they have used the project WebGoat from OWASP (Open Web Application Security Project), to which we referred in other articles but this case is somewhat different (Brodkin, 2007).

Server-side computer security

Problems

Web security is also called cyber security and it includes the protection of information from detection by the hackers and avoiding hackings from the hackers. The first step that should be done by the web users is to recognize the main threats and should become familiar with the terminologies associated with the threats. Viruses, worms, Trojan horses and ransomware are the most common threats for web security. Using these sources exploitations have been a major part of the developing history of web in the last and the preceding decades. An attacker ensures the unavailability of a web server for the user (Cheswick, & Bellovin, 1994). The hackers make several attempts by using their codes for hacking into the systems and hack accounts of different social websites and other web applications. The issue has been tried to resolve at its best but the fact that technology is equal for both; the good and the bad makes this more complicated for the concerned authorities (McGraw, & Felton, 1997, pp.44-49).

Once an attacker gets success in hacking on a system, the further tasks are easier for the hacker since the systems are trusted on most networks. End users and the internet browsers is internal network and the victim is connected to the attacker unlike the traditional internet attacks. Hybrid attacks, downloads, phishing, web exploits are the ...