Which Exploits Will You Meet: Known or Unknown?
Your site is likely to be attacked by known, old exploits, unless you’re a spy site. Don’t be relieved. You still have to protect your site against all those old threats, and the probabilities are way too great that something evil’s going to work.
Fortunately, truly rigorous auditing can keep you certain that your site is protected against the known threats.
Assignment: Look up your web application’s exploits at the Exploit Database
https://www.exploit-db.com/
Search against:
- Your web server’s OS and version (Linux, Unix, Windows, Mac, e.g. Ubuntu Linux 14.04, Windows Server 2012, etc.)
- Your web daemon software and version (Apache, IIS, Nginx, by version)
- Your web language, framework, platform and version (PHP, Python, Java; CodeIgniter or J2EE; WordPress, Joomla! or Moodle, again by version)