Attack structure

Web site: the client (or attacker), a firewall, the Web server, and perhaps a separate SQL server and fi  le server to store uploaded documents. In the early days of Web security, most hacks made use of vulnerabilities in the Web server software, the operating system hosting it, or the ancillary services running on it (such as FTP or email).Often, an exploit in the operating system or Web server would allow access to the underlying file system, or allow an attacker to run code on the hosting machine. During the late 1990s, Microsoft’s reputation for security was poor because exploits came out against Windows and IIS on a regular basis. Administrators would find themselves installing a patch against one problem, only to find another unpatched problem was now being exploited. The poor reputation for security undoubtedly resulted in lost sales, but it also resulted in a push at Microsoft to develop more secure systems by changing the company’s development process.