Don t Leak Information in Banner Strings

Previous page
Table of content
Next page

Don't Leak Information in Banner Strings

I have to admit, this is hard advice to follow many applications, especially Internet protocol applications, announce version details through banner strings because it's a part of the communications protocol. For example, Web servers can include a Server: header. This can be used by attackers to determine how to attack your application if they know a certain version is vulnerable to a specific attack. Provide an option for changing or removing this header. That said, many attackers would simply launch an attack regardless of the header information.

NOTE
You can change the version header of an Internet Information Services (IIS) 5 Web server by using URLScan from http://www.microsoft.com/windows2000/downloads/recommended/urlscan/default.asp.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
Image Processing with LabVIEW and IMAQ Vision
Oracle Developer Forms Techniques
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Junos Cookbook (Cookbooks (OReilly))
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy