If an attacker specifically wants to target a web server, which port is typically scanned?

The typical port scanned by attackers targeting a web server is port 80. This port is the default for HTTP traffic, which is used to serve web pages to clients. When an attacker is looking to exploit vulnerabilities in a web server, they would likely focus on this port to discover any weaknesses related to the web service being offered.

Port 443 is also important because it is used for HTTPS, which is the secure version of HTTP, and attackers may scan this port as well. However, in the context of targeting a web server, port 80 remains the primary focus since it handles non-secured web traffic.

Port 22 is associated with SSH, commonly used for secure shell access to a server, while port 21 is used for FTP traffic. Attacking a web server would not typically involve these ports. Thus, focusing on port 80 aligns with the standard procedures for scanning web services.