Web Application Penetration Testing

Web Application Penetration Testing
Webinar

Who am i
I’m C Vishwanath [Certified Ethical Hacker]
Senior Operational Professional in IBM
Cyber Security Researcher and Trainer
Founder of E-hacking4all
My Blog: www.e-hacking4all.blogspot.in
Contact: Google my Name 

Basics of Hacking
Introduction to Penetration Testing
Foot printing
Scanning
Live Practical's
Topics Cover in Session

The Process of attempting to gain successfully,
unauthorized access to computer resources for the
purpose of help or secure system is called Hacking.
What Is Hacking

Hacker:
• Access computer system or network without authorization
• Breaks the law
 Ethical Hacker:
• Performs most of the same activities but with owner’s
permission
• Employed by companies to perform Penetration Tests
Hacking v/s Ethical Hacking

Foot printing
Scanning
Enumeration
Attack and Gaining
Access
Escalating Privilege,
Covering Tracks and
Creating Backdoors
Hacking Life Cycle

The primary objective behind a web application penetration test (WAPT) is to
identify exploitable vulnerabilities, weaknesses and technical flaws in
applications before attackers are able to discover and exploit them. Web
application penetration testing reveals real-world opportunities attackers
could use to compromise applications in order to gain access to sensitive
data or even take-over systems for malicious and non-business purposes.
Penetration Testing

Penetration
Testing
Black Box
Testing
White Box
Testing
Grey Box
Testing
The Tester has no prior
knowledge of the system he
is to test
The Tester has complete
information that the tester
needs to perform the test is
provided to him
The Tester has partial
knowledge of the system is
provided to the tester. This is
taken as an attack by an
external hacker
Types of Penetration TestingTypes of Penetration TestingTypes of Penetration Testing

The security testing methodology that we follow to minimize the risk of security
breaches and improve the security stature of your applications is by utilizing a
series of signature tools and techniques, will attempt to breach your application
systems through test techniques that are manually executed
Steps in Penetration Testing

• Foot Printing is a process of collecting as much information as
possible about target, for identifying various ways to intrude in to
organization network system
• Attackers gather publicly available sensitive information
• Sources:
Whois.domain
Netcraft
Google hacking ( sensitive Information Gathering)
OSIntframework
Foot Printing

• Network Scanning refers to set of procedures for identfying hosts,
ports, and service in network
• Objectives of Scanning:
 To Discover live hosts, ipaddress, & openports
 Discover operating system and system Architecture
 Services running on host
Source :
 Nmap Tool
 Shodan.io
Scanning

Web Application Breach the Perimeter
Internet DMZ
Trusted
Inside
Corporate
Inside
HTTP(S)
Allows HTTP port 80
Allows HTTPS port 443
Firewall only
allows
applications
on the web
server to talk to
application
server.
Firewall only allows
application server to
talk to database
server.
IIS
SunOne
Apache
ASP
.NET
WebSphere
Java
SQL
Oracle
DB2
Browser

Bypass Authentication
Sql Injection
Cross Site Scripting
File Upload Vulnerability
Practical on Live Hacking

 Authentication bypass vulnerability could allow attackers to perform
various malicious operations by bypassing the device authentication
mechanism.
What's the issue - Authentication bypass exploit is mainly due to a
weak authentication mechanism.
Bypass Authentication

Countermeasures for Bypass Authentication:
1. In order to stay protected from authentication bypass attack, it is
best to keep all your systems, applications, software and OS up-to-
date.
2. It is suggested to not expose authentication protocol in the client-
side web browser script.
3. They suggest ensuring that user session IDs and cookies are
encrypted.
4. It is recommended to validate all user input on the server side.
Bypass Authentication

 SQL injection is a web security vulnerability that allows an attacker
to interfere with the queries that an application makes to its
database. It generally allows an attacker to view data that they are
not normally able to retrieve. This might include data belonging to
other users, or any other data that the application itself is able to
access. In many cases, an attacker can modify or delete this data,
causing persistent changes to the application's content or behavior.
Sql Injection

Countermeasures for Sql Injection:
1. Source Code Review
2. Sanitizing and validating the input field
3. Checking the privileges of a user’s connection to the database
4. Apply least privilege rule to run the application that access
database (Generally we run with admin privileges by default which
is not advisable)
5. Use IDS and IPS. I would suggest Snort (IDS- Intrusion prevention
system, IPS- Intrusion prevention system)
Sql Injection

Cross-site Scripting (XSS) is a client-side code injection attack. The
attacker aims to execute malicious scripts in a web browser of the
victim by including malicious code in a legitimate web page or web
application. The actual attack occurs when the victim visits the web
page or web application that executes the malicious code.
Cross Site Scripting Vulnerability

There are two stages to a typical XSS attack:
 To run malicious JavaScript code in a victim’s browser, an attacker
must first find a way to inject malicious code (payload) into a web
page that the victim visits.
 After that, the victim must visit the web page with the malicious
code. If the attack is directed at particular victims, the attacker can
use social engineering and/or phishing to send a malicious URL to
the victim.
How Cross-site Scripting Works

Countermeasures for Cross site Scripting:
1. Don’t trust any user input
2. Use escaping/encoding
3. Sanitize HTML
4. Set the HttpOnly flag
5. Use a Content Security Policy
Cross-site Scripting

 Uploaded files represent a significant risk to applications. The first
step in many attacks is to get some code to the system to be
attacked. Then the attack only needs to find a way to get the code
executed. Using a file upload helps the attacker accomplish the first
step.
File Upload Vulnerability

Counter measures for File upload Vulnerability:
1. Only allow specific file types– By limiting the list of allowed file
types
2. Verify file types – In addition to restricting the file types, it is
important to ensure that no files are ‘masking’ as allowed file
types.
3. Scan for malware – To minimize risk, all files should be scanned
for malware.
4. Use simple error messages – When displaying file upload errors,
do not include directory paths, server configuration settings
File Upload Vulnerability

Incorporating security into
lifecycle
Integrate security into application
requirements
Including information security
professionals in software
architecture/design review
Security APIs & libraries (e.g. ESAPI,
Validate, etc.) when possible
Threat modeling
Web application vulnerability
assessment tools
How to Secure Web Applications

Web Application Penetration Testing

Recommended

More Related Content

What's hot (20)

Similar to Web Application Penetration Testing (20)

More from Priyanka Aash (20)

Recently uploaded (20)

Web Application Penetration Testing