Chapter 17Attacking Application Architecture
Web application architecture is an important area of security that is frequently overlooked when the security of individual applications is appraised. In commonly used tiered architectures, a failure to segregate different tiers often means that a single defect in one tier can be exploited to fully compromise other tiers and therefore the entire application.
A different range of security threats arises in environments where multiple applications are hosted on the same infrastructure, or even share common components of a wider overarching application. In these situations, defects or malicious code within one application can sometimes be exploited to compromise the entire environment and other applications belonging to different customers. The recent rise of “cloud” computing has increased the exposure of many organizations to attacks of this kind.
This chapter examines a range of different architectural configurations and describes how you can exploit defects within application architectures to advance your attack.
Tiered Architectures
Most web applications use a multitiered architecture, in which the application's user interface, business logic, and data storage are divided between multiple layers, which may use different technologies and be implemented on different physical computers. A common three-tier architecture involves the following layers:
- Presentation layer, which implements the application's interface
- Application layer, ...
Get The Web Application Hacker's Handbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
