1
00:00:00,870 --> 00:00:07,950
Since web applications are commonly open to anyone on the Internet there are always a major target by

2
00:00:07,950 --> 00:00:10,470
attackers in this lecture.

3
00:00:10,470 --> 00:00:16,140
We're going to take a quick look at some of the most well-known Web attacks.

4
00:00:16,440 --> 00:00:23,210
Ask you all is a method for talking to databases that can be used as an attack vector.

5
00:00:23,380 --> 00:00:30,840
Ask injection is an attack that executes malicious Eskew all statements and can potentially read or

6
00:00:30,840 --> 00:00:40,530
modify sensitive data cross-site scripting enables attackers to inject the client side scripts into

7
00:00:40,620 --> 00:00:46,850
webpages that can be used to attack users accessing the same web site

8
00:00:50,520 --> 00:00:57,300
similar to ask who own injection come in injection attacks are when an attacker sounds malicious commands

9
00:00:57,510 --> 00:01:00,330
to vulnerable applications.

10
00:01:00,370 --> 00:01:10,530
If successful this attack method can allow attackers to gain unauthorized access to system data.

11
00:01:10,550 --> 00:01:15,330
Here are a few ways to help secure web applications.

12
00:01:15,620 --> 00:01:22,460
So of course good code strong passwords want to make sure to run vulnerability scans constantly to see

13
00:01:22,460 --> 00:01:28,580
what vulnerabilities are open on your web applications and prioritize those vulnerabilities.

14
00:01:29,890 --> 00:01:30,910
Firewall hardening.

15
00:01:30,910 --> 00:01:39,220
And last but not least IPX Let's hop into the lab and I'll show you some of the web application specific

16
00:01:39,520 --> 00:01:46,710
IP signatures that can be configured on Cisco fire power devices.

17
00:01:46,730 --> 00:01:48,730
So here are my I guess policy.

18
00:01:49,010 --> 00:01:59,930
I went to rules and nine classifications and then I filtered the rules for web application attacks right

19
00:01:59,930 --> 00:02:05,980
on the first page you can see some cross-site scripting signatures definitely want to have those and

20
00:02:05,980 --> 00:02:06,940
able.

21
00:02:07,670 --> 00:02:14,470
And then if I go to the last page you'll see that there's also some ask you all injection signatures.