开发者

basic server security

I am playing with a simple webserver in autohotkey: sparrow. It is immune to path traversal attacks. As long as I don't run any unsanitized code fr开发者_如何学运维om the client side, is there any other basic attack to watch out for, like the path traversal attack ?


Your question is a bit awkward. Not sanitizing user input is what causes vulnerabilities like Directory Traversal. The whole point is that your server is accepting the most malformed tainted data that a user could produce and the application is expected to make it safe.

There is something called a web application firewall which can block many different types of attacks before they reach the web application. A more secure setup than Sparrow would be Apache with Mod_Security. Mod_secuirty prevents hundreds of different types of attacks against web applications including Directory Traversal and the majority of the OWASP Top 10 . The OWASP top 10 is a great resource I highly recommend it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜