Exam Essentials 323
Summary
This chapter focused on web applications and web servers. You learned that web servers
are the platform that web applications run on, so their vulnerabilities need to be considered
as well. A web application can be presented through a standard web browser or a client
application such as webmail, streaming video, or other similar software.
Web applications have become incredibly popular on several fronts over the last few
years and as such they have become huge targets for attackers. Attackers can easily perform
actions such as banner grabs, upload bombs, and fingerprinting of web applications to
either gain information about an organization or penetrate deeper into the organization.
Defending these applications is incredibly tough as these apps are frequently customized to
a specific environment or need.
Exam Essentials
Understand the basic concept of web applications. Web applications are designed to run
on the server and the results transmitted to the client.
Understand directory traversals. Know that directory traversals allow for the accessing of
the content of a web server or application outside of the root directory.
Understand client-side applications. Know that client-side applications such as JavaScript
and similar languages are designed to be processed on the client side and are not processed
by the server.
Know preventive measures. Know the preventive measures available as well as the actions
each one takes to prevent attacks.