Web Server Guidance

Category Definition

Web Servers are software that accepts HTTP/S requests to facilitate communication between a user-agent and other resources. Web Servers can serve static resources, such as files on disk, or dynamic resources, such as programmatically generated content or results from additional programs or applications.

Why a defender should care about Web Servers

Most modern services are web applications, putting web servers on the front lines of almost every company. Web servers often facilitate access to sensitive information and host business-critical applications. Web servers can be critical infrastructure when they are part of business-critical applications. They require timely patching, robust application logging, and additional hardening and monitoring to ensure their availability and integrity.

Why an attacker is interested in Web Servers

While web servers themselves are rarely of primary interest to an attacker, they are often used to host applications, transit communications, or otherwise access resources that are of interest. Interaction with web servers is a common step in an overall attack, including vulnerabilities or misconfigurations at a web server layer as part of significant activity.Sometimes, web servers hold sensitive information or credentials, such as .htaccess or .htpasswd files. They commonly host applications with sensitive information or credentials, for instance, content management systems (CRM), employee directories (PII), etc.

Often, web servers and the infrastructure hosting them are just a stopping point for attackers to pivot to other systems.

Compromising a web server can place the attacker somewhere that might have useful information or access, but it’s not intrinsic to the web server itself. In addition, web servers are often easy targets as they commonly lack consistent patching, application logging, and service hardening.