Respond to the two student discussion below with 150 words minimum. Questions they are responding to are below in bold.
For this week’s post please utilize the items described in the lesson/resources or research conducted on the web to ensure your post contains the following;

Describe at least three web server vulnerabilities and how they are typically exploited.

Student one:
Web server vulnerabilities

Cross-site scripting vulnerability is a flaw in the applications that includes untrusted data in a new web page without proper validation or escaping.It can also occur when web pages with user supplied data create by an API HTML or java scripts.This vulnerability can be exploited by attackers to execute scripts in the victim’s browser thus hijacking user session, or redirect user to malicious sites.
Injection which is an attack on a web server that host SQL database, this type of attack allows for the attacker to login into your application as an admin, without even knowing the password.There are other forms of injections to include LDAP, XPath, command, and SMTP all these rely on the untrusted data to be passed to the interpreter which is trick into executing unintended commands.
Insufficient logging and monitoring, this is one of the most common vulnerabilities that exist in all company’s network environment.Without proper logging and monitoring attacks will go unnoticed allowing the attack free range throughout the network undetected.

Reference: https://www.owasp.org/index.php/Top_10-2017_Top_10
Reference: https://www.veracode.com/directory/owasp-top-10
Reference: https://www.vpnmentor.com/blog/top-10-common-web-attacks/
-Marion

Student two:
A web server is a combination of hardware and/or software specifically designed to be called upon to resolve and present web traffic within client browsers. As this environment is inherently of an accessible nature – whether internally as an intranet, or publicly as the internet – vulnerabilities exist which can put at risk the server, underlying data, or users utilizing it. And because of the interactivity of input methods such as forms and fields, this creates explicit threat vectors that can be exploited.
SQL Injection. Most commonly seen perpetrated against websites – but putting any type of SQL database at risk as well – a vulnerability in software allows SQL statements to be placed in input fields resulting in the execution of unintentional commands, the bypassing of application security, and the unauthorized access of underlying data.
Cross Site Scripting (XSS). Another variation of an injection attack, malicious scripting placed in websites or online applications execute code in a visitor’s browser without their knowledge. Typically due to vulnerabilities in input vectors similar to SQL injections, common elements of sites such as JavaScript can be conduits for the attack.
Security Configuration Error. One of the simplest vulnerabilities – and perhaps most common – is the failure to secure a web server or perform maintenance and upgrades sufficiently enough to protect it. Akin to experiencing a burglary after leaving the front door of your home wide open, something as basic as weak or static passwords, faulty permissions, absent patches, and stray admin pages can provide a vector for an attacker to gain entry to a system.
-Sasa