You are on page 1of 4

Web Security Programming Problem Set

1) Here is the source code for SimpleWebServer. Compile and run this program using the following command:
C:\SimpleWebServer> javac C:\SimpleWebServer> java com.learnsecurity.SimpleWebServer

Make sure you have an“index.html” file in your SimpleWebServer directory. To access the server, start up a web browser and enter the following url:
/*********************************************************************** This toy web server is used to illustrate security vulnerabilities. This web server only supports extremely simple HTTP GET requests. This file is also available at ***********************************************************************/ package com.learnsecurity; import*; import*; import java.util.*; public class SimpleWebServer { /* Run the HTTP server on this TCP port. */ private static final int PORT = 8080; /* The socket used to process incoming connections from web clients */ private static ServerSocket dServerSocket; public SimpleWebServer () throws Exception { dServerSocket = new ServerSocket (PORT); } public void run() throws Exception { while (true) { /* wait for a connection from a client */ Socket s = dServerSocket.accept(); /* then process the client's request */ processRequest(s); }

Except where otherwise noted all portions of this work are Copyright (c) 2007 Google and are licensed under the Creative Commons Attribution 3.0 License --

nextToken(). String pathname = null.http://creativecommons. } else { /* if the request is a NOT a GET. StringBuffer sb = new StringBuffer().getInputStream())).nextToken(). int c=-1. return an error saying this server does not implement the requested command */ osw. /* remove the initial slash at the beginning of the pathname in the request */ if (pathname. if (command.0 License -.getOutputStream()). */ public void processRequest(Socket s) throws Exception { /* used to read data from the client */ BufferedReader br = new BufferedReader ( new InputStreamReader (s.close(). } /* close the connection to the client */ osw. and responds with the file the user requested or a HTTP error code.} /* Reads the HTTP request from the client.charAt(0)=='/') pathname=pathname. String pathname) throws Exception { FileReader fr=null. String command = null. /* used to write data to the client */ OutputStreamWriter osw = new OutputStreamWriter (s. } public void serveFile (OutputStreamWriter osw.equals("GET")) { /* if the request is a GET try to respond with the file the user is requesting */ serveFile (osw.pathname).org/licenses/by/3. /* if there was no filename specified by the Except where otherwise noted all portions of this work are Copyright (c) 2007 Google and are licensed under the Creative Commons Attribution 3. /* read the HTTP request from the client */ String request = br.substring(1). command = st.0/ . " ").write ("HTTP/1.readLine(). pathname = st.0 501 Not Implemented\n\n"). /* parse the HTTP request */ StringTokenizer st = new StringTokenizer (request.

read().0/ .0 404 Not Found\n\n").http://creativecommons.toString()). then return an OK response code and send the contents of the file */ osw.write (sb.return the appropriate HTTP response code */ osw. but never sends any data and never disconnects? Test this out with your running ("HTTP/1. c) Implement logging in SimpleWebServer.0 200 OK\n\n"). c = fr.write ("HTTP/1. For each client that connects to the server. } } a) What happens if a client connects to serve the "index. d) HTTP supports a mechanism that allows users to upload files in addition to retrieving them through a PUT command. */ public static void main (String argv[]) throws Exception { /* Create a SimpleWebServer object. obtain information about that client and write the information in a log file. } osw. /* try to open file specified by pathname */ try { fr = new FileReader (pathname). c = fr. return. while (c != -1) { sb. } /* if the requested file can be successfully opened and read.html".equals("")) pathname="index. What type of an attack is this? b) Try the DoS attack described in class: See if you can download /dev/random (assuming you are running on a Linux system). and run it */ SimpleWebServer sws = new SimpleWebServer(). Rewrite serveFile() as discussed in class to guard against this type of • What threats would you need to consider if SimpleWebServer also provided functionality for uploading files? Except where otherwise noted all portions of this work are Copyright (c) 2007 Google and are licensed under the Creative Commons Attribution 3. } catch (Exception e) { /* if the file is not found.0 License -. sws.append((char)c).html" file */ if (pathname. } /* This method is called when the program is run from the command line.

org/licenses/by/3.cert. You also need to write a storeFile() function. Implement as much security as you feel is needed to guard against the threats you specified • • What are some of the vulnerabilities of web browsers discussed in the Securing your Web Browser section? What are some modes of attack used to implement a Denial of Server? What preventive measures can be implemented? Some of the problems website: http://www.• • • For each of the specific threats you listed. and Anita Kesavan. Except where otherwise noted all portions of this work are Copyright (c) 2007 Google and are licensed under the Creative Commons Attribution 3.0/ . Once you have logging and storeFile() implemented. what security mechanisms must be added to mitigate these threats? Implement uploading capability in SimpleWebServer. (This is a common attack against www.html. replace it with another index.whitehouse.0 License -. and the SimpleWebServer source code are from: • "Foundations of Security: What Every Programmer Needs To Know" (ISBN 1590597842) by Neil Daswani. launch an attack to deface index. that You will need to research how to send an HTTP PUT command to the server.http://creativecommons. Christoph Kern.html that you have created.) 2) What are the most important steps you would recommend for securing a new web server? A new web application? 3) What is "Cross-Site Scripting"? What is the potential security impact to servers and clients? 4) What are phishing and pharming? What are the some ways to protect against such attacks? 5) Explore the cert.