all papers written from scratch

24/7/365 support

no plagiarism - GUARANTEED

Free Secure Web System Essay Sample

← Electronic Health Records Conclusion →

Buy Cheap Secure Web System Essay

DDoS attack

DDoS or the Denial of Service attack is an attempt that is made by malicious computer users to make the resources of the system unavailable to other users. These ill intentioned users accomplish their mission through sending a large number of packages to the server leading to overload. The usual attack methods occurs when these people externally attack the server so that the regular traffic is left in a state whereby it is unable to respond hence making it unavailable. This results into communication failure between the server and the user (Slezak, D. 2009).

Protection against DDoS attack

To protect the server from against the DDoS attacks, mod-evasive module can be used. This is an evasive maneuvers module for the web server to provide an evasive action during the event of DDoS attack. The module is designed to be a network management and detection tool that can be easily configured to communicate to routers, firewalls, ipchains and etcetera. Presently, the mod-evasive is capable of giving reports of abuses through syslog facilities and emails. The module protects the server by creating a dynamic hash table of IP addresses that denies the IP addresses from the attackers. The evasive module works better in both single server script attacks and the distributed attacks and it should be integrate it with the routers and firewalls in order to ensure maximum protection (Kew, N. 2007).

Steps that PHP web developers can take in their code to reduce the possibility of a CSRF attack

The PHP web developer should first consider the illegal use of the applications. When the code is being generated, it is more important to consider the illegitimate uses of the system application and focus on making the application that works as expected. Secondly, the developers should educate themselves on the various resources that are available on the web especially the ones that are listed in the PHP security consortium library. Lastly, the PHP web developers should filter all the external data. The filtering of data is very significant in the web application security on all platforms. Through the initialization of the variables and filtering the data that comes from external sources, the majority of the security vulnerabilities will be addressed easily. In this step, all data that comes in should be considered invalid until proven right (Scribd).

HTTP methods

Some of the HTTP methods include GET, PUT, DELETE, POST and HEAD. GET means to retrieve any data that is identified by the URL. PUT specifies that the data in a body section is to be stored under the entered URL. HEAD is similar to GET and it returns the HTTP headers only and not a document body. DELETE requests the server to delete the information that corresponds to the supplies. Lastly POST creates a new object that is linked to the specific object (W3C).

Mechanism of a cross-site history manipulation attack

The cross-site history manipulation is a Same Origin Policy which is the most important security concept of the current browser. Same Origin Policy implies that the web pages from dissimilar origins by design are not able to communicate to each other. The Cross Site History Manipulation mechanism is based on a fact that the history object of the user side browser is not well partitioned on the basis of per site. The manipulation of the browser history allows the bi-directional CSRF, violation of user privacy, sensitive information functioning and mapping of resources (OSWASP).

What Firefox has done to reduce the vulnerabilities of web-sites

In efforts to reduce web vulnerabilities and threats, Mozilla Firefox has provided us with the add-ons for the private browsing mode which makes us to be secure when working online.

Mechanism of a clickjack attack

The user navigates to your page and as he/she moves mouse, a JavaScript keeps the button beneath the cursor. He/she clicks on what he/she believe to be a link on the page and "Likes" the content of the attacker instead. In turn, the user does not see any notification of liking the content, which then gives rise to the News Feed story which mentions the content of the attacker which leads to its damage (Kerr, E).

Related essays

  1. Conclusion
  2. Change Management and Technology
  3. Electronic Health Records
  4. Guidance on Protecting Against Anonymous Attack
15% first order  Order now  close
Close