A Technical Overview of Hacking
Cross-site scripting (XSS)
Structured Query Language
Today the public face of just about every organization is its Web site, along with its
Web application and the features they offer. Companies tend to host a wide variety of
content on the servers that their customers or potential customers will be interacting
with. A Web site being the fi rst point of contact for customers is also something that
is an attractive target for an attacker. With a well-placed attack, an individual with an
ax to grind can embarrass a company by defacing its Web site or stealing information.
As a security professional, one of the tasks you are charged with is safeguarding this
asset and the infrastructure that is attached to it. Defending a Web server requires
special care and knowledge to make the information and content available, but at the
same time protect it from unnecessary exposure to threats. This task is trickier than
it sounds because a balance has to be struck between making the content accessible to
the appropriate audience while at the same time ensuring that it is secure. In addition,
the Web server cannot be considered a standalone entity, because it will usually be
attached to the organization’s own network, meaning that threats against the server
can fl ow over into the company network as well.
Making the situation more complex is the fact that Web servers may not only
host regular Web pages but also Web applications and databases. More and more
organizations are looking to Web services such as streaming video and Web
applications such as SharePoint to make a more dynamic experience for their clients.
More organizations are hosting content such as databases online for a wide range
of reasons. Each of these situations represents another detail that the security
professional must address properly to make sure that the server and the organization
are safe and secure.

Get Hacker Techniques, Tools, and Incident Handling now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.