O'Reilly logo

Seven Deadliest Web Application Attacks by Mike Shema

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Server Misconfiguration and Predictable Pages

Information in this Chapter

  • Understanding the Attacks
  • Employing Countermeasures

In July 2001, a computer worm named Code Red squirmed through Web servers running Microsoft IIS (www.cert.org/advisories/CA-2001-19.html). It was followed a few months later by another worm called Nimda (www.cert.org/advisories/CA-2001-26.html). The advent of two high-risk vulnerabilities so close to each other caused many sleepless nights for system administrators and ensured profitable consulting engagements for the security industry. Yet the spread of Nimda could have been prevented if system administrators had followed certain basic configuration principles for IIS, namely placing the Web document root ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required