312-50V13 · Question #160
Take a look at the following attack on a Web Server using obstructed URL: How would you protect from these attacks?
The correct answer is B. Create rules in IDS to alert on strange Unicode requests. Obstructed URLs, often involving encoding schemes like hex or Unicode, can bypass basic web server input validation, making it critical to detect such anomalies for security.
Question
Exhibit
Options
- AConfigure the Web Server to deny requests involving "hex encoded" characters
- BCreate rules in IDS to alert on strange Unicode requests
- CUse SSL authentication on Web Servers
- DEnable Active Scripts Detection at the firewall and routers
How the community answered
(24 responses)- A13% (3)
- B79% (19)
- C4% (1)
- D4% (1)
Why each option
Obstructed URLs, often involving encoding schemes like hex or Unicode, can bypass basic web server input validation, making it critical to detect such anomalies for security.
Configuring the web server to deny requests involving hex-encoded characters is a good practice for web server hardening, but an IDS provides a broader, more centralized detection mechanism for various encoding schemes and anomalous patterns that might not be caught by simple server-side rules.
An Intrusion Detection System (IDS) can be configured with specific rules or anomaly detection capabilities to identify unusual character encodings, such as "strange Unicode requests" or hex-encoded characters, in URL paths. This allows the system to alert security personnel to potential obfuscated attacks attempting to bypass standard web application firewalls or server-side input sanitization.
SSL authentication primarily provides encryption for data in transit and verifies server identity; it does not inherently inspect the content of encrypted requests for malicious encoding, nor does it prevent an attacker from sending an obfuscated URL if the connection is established.
Enabling Active Scripts Detection at the firewall and routers typically focuses on detecting malicious scripts embedded in the traffic payload or preventing script execution, not specifically on analyzing and blocking URL encoding obfuscation, which is more a function of a Web Application Firewall (WAF) or an IDS.
Concept tested: Web server URL encoding attack detection
Source: https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
Topics
Community Discussion
No community discussion yet for this question.
