Godkända
Det Spelar Faktiskt Roll Att Ha Full Kontroll- En studie i sårbarheter hos webbservrar genom konfigurationsanalys
Ingrid Hyltander (2013)
Start
2019-01-21
Presentation
2019-09-13 09:15
Plats:
E:2311
Avslutat:
2019-09-23
Examensrapport:
Sammanfattning
The web server is an essential component in a wide range of systems, covering everything from from simple file sharing to business-critical applications. Web servers have the possibility to give clients access to files that can contain sensitive information such as financial or private data and are the backbone that enable a vast amount of network connected systems today. Thus, it is of high importance to ensure that files are only accessible and altered by the intended users and that the web server is always up and running. A critical activity to achieve this is ensuring that the configuration of the web server is correct and not creating any vulnerabilities that malicious attackers can exploit. However, this is not a straight forward task as a web server usually have hundreds of configuration parameters and there are many different types of vulnerabilities that one needs to take into account. It seems as this is indeed a problem within the industry as security misconfiguration is ranked as number six of the ten most critical web application security risks in the OWASP Top Ten. The goal of this thesis is to investigate this problem further and analyze what configuration is required to counteract vulnerabilities of web servers and if or how validation to ensure presence of this correct configuration is performed today.
Handledare: Martin Hell (EIT)
Examinator: Thomas Johansson (EIT)