Server-Based Security Vulnerabilities
As a security professional, your job is to assess and mitigate the vulnerabilities of security designs. Design vulnerabilities found on servers fall into the following categories:
- Sensitive data left behind in the file system. Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.
- Unprotected local data. Local data stores may have loose permissions and also lack encryption.
- Unprotected or weakly protected communications. Data transmitted between the server and other systems (including clients) may use weak encryption, or use no encryption at all.
- Weak or nonexistent authentication. Authentication methods on the server may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.
These defects are similar to those in the preceding Client-based section. This is because the terms client and server have only to do with perspective: in both cases, software is running on a system.