• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

WEb Site aTTack

 
Ranch Hand
Posts: 110
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't found any Material on web-site attack
tell me if someone have or someone have any idea
Thankx
 
Sheriff
Posts: 5782
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Denial of Service is one well known kind of attack where a malicious client sends a large number of GET/POST requests to overwhelm the remote service. If you remember, this is how Yahoo! and a few other online brockerage services were attacked a few months ago.
Use of appropriate architectural patterns could actually safeguard your website from denial of service attacks. For instance, you can provide a "Front Controller" that receives the requests, and dispatches it( RequestDispatcher, include/forward ) to the actual processing engine after doing some preliminary processing. This way, the work horse(s) of your website are not directly exposed to the attack and the Front Controller can be written to detect and handle multiple requests from the same client. This will also enable load balancing and distribution so that applications can scale under varying traffic conditions.
Front Controller also happens to be the darling of popular web architects. It is one inevitable architectural strategy employed by many production websites today.
Other kind of web attacks include
  • client intrusions - requesting protected resources through a GET. This can be avoided by making everything a secured resource( web-security-constraint ) and providing proper URL mappings to ones that can be exposed. Again, Front Controller can be very useful in detecting such intrusive requests and handling it appropriately.
  • Upload attacks - clients intentionally posting an extremley large amount of data using a GET/POST to overwhelm the service(s). Since multi-part request can support data uploads of unlimited length, nothing stops a client(exept the bandwidth restrictions ) to send gigabytes of useless data to engage the often poorly written servlet to start spinning endlessly. Again, Front Controller combined with some kind of data validation facades( such as one that inspects the size of uploaded data ) can prevent this from happening.


  • Hope that helps!
    reply
      Bookmark Topic Watch Topic
    • New Topic