Free Secure Web System Essay Sample
DDoS or the Denial of Service attack is an attempt that is made by malicious computer users to make the resources of the system unavailable to other users. These ill intentioned users accomplish their mission through sending a large number of packages to the server leading to overload. The usual attack methods occurs when these people externally attack the server so that the regular traffic is left in a state whereby it is unable to respond hence making it unavailable. This results into communication failure between the server and the user (Slezak, D. 2009).
Protection against DDoS attack
To protect the server from against the DDoS attacks, mod-evasive module can be used. This is an evasive maneuvers module for the web server to provide an evasive action during the event of DDoS attack. The module is designed to be a network management and detection tool that can be easily configured to communicate to routers, firewalls, ipchains and etcetera. Presently, the mod-evasive is capable of giving reports of abuses through syslog facilities and emails. The module protects the server by creating a dynamic hash table of IP addresses that denies the IP addresses from the attackers. The evasive module works better in both single server script attacks and the distributed attacks and it should be integrate it with the routers and firewalls in order to ensure maximum protection (Kew, N. 2007).
Steps that PHP web developers can take in their code to reduce the possibility of a CSRF attack
The PHP web developer should first consider the illegal use of the applications. When the code is being generated, it is more important to consider the illegitimate uses of the system application and focus on making the application that works as expected. Secondly, the developers should educate themselves on the various resources that are available on the web especially the ones that are listed in the PHP security consortium library. Lastly, the PHP web developers should filter all the external data. The filtering of data is very significant in the web application security on all platforms. Through the initialization of the variables and filtering the data that comes from external sources, the majority of the security vulnerabilities will be addressed easily. In this step, all data that comes in should be considered invalid until proven right (Scribd).
Some of the HTTP methods include GET, PUT, DELETE, POST and HEAD. GET means to retrieve any data that is identified by the URL. PUT specifies that the data in a body section is to be stored under the entered URL. HEAD is similar to GET and it returns the HTTP headers only and not a document body. DELETE requests the server to delete the information that corresponds to the supplies. Lastly POST creates a new object that is linked to the specific object (W3C).
Mechanism of a cross-site history manipulation attack
The cross-site history manipulation is a Same Origin Policy which is the most important security concept of the current browser. Same Origin Policy implies that the web pages from dissimilar origins by design are not able to communicate to each other. The Cross Site History Manipulation mechanism is based on a fact that the history object of the user side browser is not well partitioned on the basis of per site. The manipulation of the browser history allows the bi-directional CSRF, violation of user privacy, sensitive information functioning and mapping of resources (OSWASP).
What Firefox has done to reduce the vulnerabilities of web-sites
In efforts to reduce web vulnerabilities and threats, Mozilla Firefox has provided us with the add-ons for the private browsing mode which makes us to be secure when working online.
Mechanism of a clickjack attack