CH 15
CH 15
CH 15
Chapter 15
Web Application Vulnerabilities
Objectives
• Recognize Web server vulnerabilities
• Discuss ways to protect Web servers against
vulnerabilities
• Pinpoint Web browser vulnerabilities
• Understand session ID exploits
• List several protective measures for Web browsers
• Cookie
– Small text file stored on a computer by Web servers
– Contains information about the last session when you
visited the site
• Cookies store followed link information and may
store username and password information
• Cookies are stored on well known directories
• Precautions include
– Disable the cache, or set its size to zero
– Set browser to clear cache every time you close the
browser
• Look into the file system to see if it is actually doing that
– Set the History preference to save for 0 days or, even
better, delete the file at the end of the session
– Do not set vulnerable pages in your bookmarks
– Do not save passwords or set the master password