Project: WASC Threat Classification
Threat Type: Attack
Reference ID: WASC-45
The most common methodology for attackers is to first footprint the target’s web presence and enumerate as much information as possible. With this information, the attacker may develop an accurate attack scenario, which will effectively exploit a vulnerability in the software type/version being utilized by the target host.
Multi-tier fingerprinting is similar to its predecessor, TCP/IP Fingerprinting (with a scanner such as Nmap) except that it is focused on the Application Layer of the OSI model instead of the Transport Layer. The theory behind this fingerprinting is to create an accurate profile of the target’s platform, web application software technology, backend database version, configurations and possibly even their network architecture/topology.
Accurately identifying this type of information for possible attack vectors is vitally important since many security vulnerabilities (SQL injections and buffer overflows, et al) are extremely dependent on a specific software vendor and version number. Additionally, correctly identifying the software versions and choosing an appropriate exploit reduces the overall “noise” of the attack while increasing its effectiveness. It is for this reason that a web server/application, which obviously identifies itself, is inviting trouble.