Web Application Penetration Testing
0 likes2,959 views
The document outlines a webinar on web application penetration testing by C. Vishwanath, covering various aspects of hacking and ethical hacking. It details the penetration testing process, security vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and authentication bypass, along with countermeasures to mitigate these risks. The presentation emphasizes the importance of identifying exploitable vulnerabilities in applications to protect sensitive data from potential attackers.
![Who am i
I’m C Vishwanath [Certified Ethical Hacker]
Senior Operational Professional in IBM
Cyber Security Researcher and Trainer
Founder of E-hacking4all
My Blog: www.e-hacking4all.blogspot.in
Contact: Google my Name ](https://image.slidesharecdn.com/ciso-wapt-finalppt-201201112006/85/Web-Application-Penetration-Testing-2-320.jpg)
Web Application Penetration Testing
- 1. Web Application Penetration Testing Webinar
- 2. Who am i I’m C Vishwanath [Certified Ethical Hacker] Senior Operational Professional in IBM Cyber Security Researcher and Trainer Founder of E-hacking4all My Blog: www.e-hacking4all.blogspot.in Contact: Google my Name
- 3. Basics of Hacking Introduction to Penetration Testing Foot printing Scanning Live Practical's Topics Cover in Session
- 4. The Process of attempting to gain successfully, unauthorized access to computer resources for the purpose of help or secure system is called Hacking. What Is Hacking
- 5. Hacker: • Access computer system or network without authorization • Breaks the law Ethical Hacker: • Performs most of the same activities but with owner’s permission • Employed by companies to perform Penetration Tests Hacking v/s Ethical Hacking
- 6. Foot printing Scanning Enumeration Attack and Gaining Access Escalating Privilege, Covering Tracks and Creating Backdoors Hacking Life Cycle
- 7. Web Application Penetration Testing The primary objective behind a web application penetration test (WAPT) is to identify exploitable vulnerabilities, weaknesses and technical flaws in applications before attackers are able to discover and exploit them. Web application penetration testing reveals real-world opportunities attackers could use to compromise applications in order to gain access to sensitive data or even take-over systems for malicious and non-business purposes. Penetration Testing
- 8. Penetration Testing Black Box Testing White Box Testing Grey Box Testing The Tester has no prior knowledge of the system he is to test The Tester has complete information that the tester needs to perform the test is provided to him The Tester has partial knowledge of the system is provided to the tester. This is taken as an attack by an external hacker Types of Penetration TestingTypes of Penetration TestingTypes of Penetration Testing
- 9. The security testing methodology that we follow to minimize the risk of security breaches and improve the security stature of your applications is by utilizing a series of signature tools and techniques, will attempt to breach your application systems through test techniques that are manually executed Steps in Penetration Testing
- 10. • Foot Printing is a process of collecting as much information as possible about target, for identifying various ways to intrude in to organization network system • Attackers gather publicly available sensitive information • Sources: Whois.domain Netcraft Google hacking ( sensitive Information Gathering) OSIntframework Foot Printing
- 11. • Network Scanning refers to set of procedures for identfying hosts, ports, and service in network • Objectives of Scanning: To Discover live hosts, ipaddress, & openports Discover operating system and system Architecture Services running on host Source : Nmap Tool Shodan.io Scanning
- 13. Web Application Breach the Perimeter Internet DMZ Trusted Inside Corporate Inside HTTP(S) Allows HTTP port 80 Allows HTTPS port 443 Firewall only allows applications on the web server to talk to application server. Firewall only allows application server to talk to database server. IIS SunOne Apache ASP .NET WebSphere Java SQL Oracle DB2 Browser
- 14. Bypass Authentication Sql Injection Cross Site Scripting File Upload Vulnerability Practical on Live Hacking
- 15. Authentication bypass vulnerability could allow attackers to perform various malicious operations by bypassing the device authentication mechanism. What's the issue - Authentication bypass exploit is mainly due to a weak authentication mechanism. Bypass Authentication
- 16. Countermeasures for Bypass Authentication: 1. In order to stay protected from authentication bypass attack, it is best to keep all your systems, applications, software and OS up-to- date. 2. It is suggested to not expose authentication protocol in the client- side web browser script. 3. They suggest ensuring that user session IDs and cookies are encrypted. 4. It is recommended to validate all user input on the server side. Bypass Authentication
- 17. SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior. Sql Injection
- 18. Countermeasures for Sql Injection: 1. Source Code Review 2. Sanitizing and validating the input field 3. Checking the privileges of a user’s connection to the database 4. Apply least privilege rule to run the application that access database (Generally we run with admin privileges by default which is not advisable) 5. Use IDS and IPS. I would suggest Snort (IDS- Intrusion prevention system, IPS- Intrusion prevention system) Sql Injection
- 19. Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. The actual attack occurs when the victim visits the web page or web application that executes the malicious code. Cross Site Scripting Vulnerability
- 20. There are two stages to a typical XSS attack: To run malicious JavaScript code in a victim’s browser, an attacker must first find a way to inject malicious code (payload) into a web page that the victim visits. After that, the victim must visit the web page with the malicious code. If the attack is directed at particular victims, the attacker can use social engineering and/or phishing to send a malicious URL to the victim. How Cross-site Scripting Works
- 21. Countermeasures for Cross site Scripting: 1. Don’t trust any user input 2. Use escaping/encoding 3. Sanitize HTML 4. Set the HttpOnly flag 5. Use a Content Security Policy Cross-site Scripting
- 22. Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. File Upload Vulnerability
- 23. Counter measures for File upload Vulnerability: 1. Only allow specific file types– By limiting the list of allowed file types 2. Verify file types – In addition to restricting the file types, it is important to ensure that no files are ‘masking’ as allowed file types. 3. Scan for malware – To minimize risk, all files should be scanned for malware. 4. Use simple error messages – When displaying file upload errors, do not include directory paths, server configuration settings File Upload Vulnerability
- 24. Incorporating security into lifecycle Integrate security into application requirements Including information security professionals in software architecture/design review Security APIs & libraries (e.g. ESAPI, Validate, etc.) when possible Threat modeling Web application vulnerability assessment tools How to Secure Web Applications
- 25. Q&A