Protecting Web Sites

Dawn Alexander, University of Maryland

April Giles, Johns Hopkins University

Introduction

Current State of the Internet

Threat Agents

Chapter Scope and Goals

Background

Internet Overview

Web Defacement Attacks

Vulnerabilities, Threats/Attacks, and Countermeasures

Buffer Overflow

Remote Admin Implementation

Cross-Site Scripting

Error-Handling Problems

Improperly Implemented Cryptography

Web Site Security Assessment

Conclusion

Glossary

Cross References

References

INTRODUCTION

Current State of the Internet

Protecting Web sites from Web defacements is an important topic these days with the rapid rise in Internet usage and its increasing contribution to world trade through e-commerce and information exchange. As of September 2002, Nua Internet surveys indicated that the number of people using the Internet is estimated to be 605.60 million worldwide (Nua Internet, 2004). According to the Online Computer Library Center, the number of Web sites has also shown tremendous growth over the past several years, with estimates that there were 8.4 million Web sites in 2001 (On the size of the World Wide Web, n.d.).

With total Internet usage growing significantly, there are correspondingly growing risks when someone “hacks” or breaks into a Web site. In 2001, a study of businesses by University of California economist Frank Bernhard estimated that approximately 6% of revenue is lost to problems caused by hackers (DeLong, 2001). It is hard to estimate how many hackers are on ...