TABLE OF CONTENTS The application layer sits at the top of the Open Systems Interconnect (OSI) seven-layer model, providing network access to applications and users. Because users typically interact with this layer the most, application layer protocols and the software that implements them often focus on functionality instead of security. Many of these protocols were created long before network security was considered a major issue, and as a result, the application layer protocols and software are susceptible to a variety of attacks.
In this chapter, we begin by looking at some common application layer protocols and examining their insecurities. Next, we look at common attacks that are used against application layer protocols and software. Lastly, we explore some defensive measures that can be used to protect against application layer attacks.The chapter ends with a security project during which we will use the Nessus scanner to conduct a vulnerability scan against a host in order to identify security issues.
