Chapter 12 -- Securing Against Attack

At last, you've built your Web application and it's time to go live on the Web. Now the fun really starts! The Web has often been referred to as the "Wild, Wild Web," and for good reason—many people on the Web want to attack or access your computer without your sanction.

IMPORTANT

---

This chapter describes some of the procedures hackers use to attack servers and includes source code for mounting such attacks. We thought it best to show you what real hackers do to real servers so that you can better understand how to protect yourself. We in no way condone hacking into computer systems. To paraphrase Sun Tzu in The Art of War, "Know your enemy."

Much of the inspiration for this chapter comes from Farmer and Venema's classic paper, "Improving the Security of Your Site by Breaking into It." While this is an old, UNIX-centric paper, it focuses on what hackers do to attempt to break into systems. With these ideas and concepts in mind, you can increase the security of your network.

It's also important to note that little of this material is new. If you were to surf the Web long enough, you'd find all of this material. We decided to gather the key information into one chapter to save you the time and effort.

This chapter covers the following topics:

• Why people attack Web servers
• How people attack Web servers
• Some common attacks
• How to detect whether you're under attack
• User input attacks
• What to do if you're under attack