A server by definition is a dedicated computing system running services to users and other computers on a network. Examples of service range from public services such as online gaming to sharing sensitive files inside a large organization. In the context of client-server architecture, a servers is a computer program running to serve the requests of other programs, known as the "clients". Thus, the server performs some computational task on behalf of "clients". The clients either run on the same computer, or connect through the network. For example, a server would host a game to the world while clients would access the game remotely. There are various forms of providing services to clients such as an Apache Web Server limited to HTTP or a BEA WebLogic Application Server that does HTTP plus more.

Network servers are typically configured to handle the load of servicing large volumes of clients. This means adding additional processing, memory and storage making these assets valuable targets for hackers. Organizations typically manage servers remotely and don't actively monitor activity, meaning small hits in performance or other indicators of being compromised may go unnoticed. It's common to find malicious users have accessed compromised servers for long periods of time prior to the owners identifying the vulnerability used to access the system.

This chapter will focus on identifying and exploiting vulnerabilities in web application servers. We will start out with showcasing tools available in Kali used to identify vulnerabilities. Next, we will focus on exploiting vulnerabilities to gain access to web application servers. We will conclude with other methods to access web application services.