A server-side attack doesn't require any user interaction. We're going to have a computer, and we're going to see how we can gain access to that computer without the need for the user to do anything. This mostly applies to web servers, applications, and devices that don't get used much by people. People basically configure them and then they run automatically. All we have is an IP address, and we're going to see how we can test the security and gain access to that computer based on that IP. Our main way of getting in is going to be the operating system that that target runs, and the applications installed on that system. Various types of server-side attacks include SQL injection attacks, buffer overflow, and denial-of-service attacks.

In this chapter, we will be focusing on server-side attacks. We will look in detail at what a server-side attack is and how to implement one.