Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
2. Who am i
I’m C Vishwanath [Certified Ethical Hacker]
Senior Operational Professional in IBM
Cyber Security Researcher and Trainer
Founder of E-hacking4all
My Blog: www.e-hacking4all.blogspot.in
Contact: Google my Name
4. The Process of attempting to gain successfully,
unauthorized access to computer resources for the
purpose of help or secure system is called Hacking.
What Is Hacking
5. Hacker:
• Access computer system or network without authorization
• Breaks the law
Ethical Hacker:
• Performs most of the same activities but with owner’s
permission
• Employed by companies to perform Penetration Tests
Hacking v/s Ethical Hacking
7. Web Application Penetration Testing
The primary objective behind a web application penetration test (WAPT) is to
identify exploitable vulnerabilities, weaknesses and technical flaws in
applications before attackers are able to discover and exploit them. Web
application penetration testing reveals real-world opportunities attackers
could use to compromise applications in order to gain access to sensitive
data or even take-over systems for malicious and non-business purposes.
Penetration Testing
9. The security testing methodology that we follow to minimize the risk of security
breaches and improve the security stature of your applications is by utilizing a
series of signature tools and techniques, will attempt to breach your application
systems through test techniques that are manually executed
Steps in Penetration Testing
10. • Foot Printing is a process of collecting as much information as
possible about target, for identifying various ways to intrude in to
organization network system
• Attackers gather publicly available sensitive information
• Sources:
Whois.domain
Netcraft
Google hacking ( sensitive Information Gathering)
OSIntframework
Foot Printing
11. • Network Scanning refers to set of procedures for identfying hosts,
ports, and service in network
• Objectives of Scanning:
To Discover live hosts, ipaddress, & openports
Discover operating system and system Architecture
Services running on host
Source :
Nmap Tool
Shodan.io
Scanning
12.
13. Web Application Breach the Perimeter
Internet DMZ
Trusted
Inside
Corporate
Inside
HTTP(S)
Allows HTTP port 80
Allows HTTPS port 443
Firewall only
allows
applications
on the web
server to talk to
application
server.
Firewall only allows
application server to
talk to database
server.
IIS
SunOne
Apache
ASP
.NET
WebSphere
Java
SQL
Oracle
DB2
Browser
15. Authentication bypass vulnerability could allow attackers to perform
various malicious operations by bypassing the device authentication
mechanism.
What's the issue - Authentication bypass exploit is mainly due to a
weak authentication mechanism.
Bypass Authentication
16. Countermeasures for Bypass Authentication:
1. In order to stay protected from authentication bypass attack, it is
best to keep all your systems, applications, software and OS up-to-
date.
2. It is suggested to not expose authentication protocol in the client-
side web browser script.
3. They suggest ensuring that user session IDs and cookies are
encrypted.
4. It is recommended to validate all user input on the server side.
Bypass Authentication
17. SQL injection is a web security vulnerability that allows an attacker
to interfere with the queries that an application makes to its
database. It generally allows an attacker to view data that they are
not normally able to retrieve. This might include data belonging to
other users, or any other data that the application itself is able to
access. In many cases, an attacker can modify or delete this data,
causing persistent changes to the application's content or behavior.
Sql Injection
18. Countermeasures for Sql Injection:
1. Source Code Review
2. Sanitizing and validating the input field
3. Checking the privileges of a user’s connection to the database
4. Apply least privilege rule to run the application that access
database (Generally we run with admin privileges by default which
is not advisable)
5. Use IDS and IPS. I would suggest Snort (IDS- Intrusion prevention
system, IPS- Intrusion prevention system)
Sql Injection
19. Cross-site Scripting (XSS) is a client-side code injection attack. The
attacker aims to execute malicious scripts in a web browser of the
victim by including malicious code in a legitimate web page or web
application. The actual attack occurs when the victim visits the web
page or web application that executes the malicious code.
Cross Site Scripting Vulnerability
20. There are two stages to a typical XSS attack:
To run malicious JavaScript code in a victim’s browser, an attacker
must first find a way to inject malicious code (payload) into a web
page that the victim visits.
After that, the victim must visit the web page with the malicious
code. If the attack is directed at particular victims, the attacker can
use social engineering and/or phishing to send a malicious URL to
the victim.
How Cross-site Scripting Works
21. Countermeasures for Cross site Scripting:
1. Don’t trust any user input
2. Use escaping/encoding
3. Sanitize HTML
4. Set the HttpOnly flag
5. Use a Content Security Policy
Cross-site Scripting
22. Uploaded files represent a significant risk to applications. The first
step in many attacks is to get some code to the system to be
attacked. Then the attack only needs to find a way to get the code
executed. Using a file upload helps the attacker accomplish the first
step.
File Upload Vulnerability
23. Counter measures for File upload Vulnerability:
1. Only allow specific file types– By limiting the list of allowed file
types
2. Verify file types – In addition to restricting the file types, it is
important to ensure that no files are ‘masking’ as allowed file
types.
3. Scan for malware – To minimize risk, all files should be scanned
for malware.
4. Use simple error messages – When displaying file upload errors,
do not include directory paths, server configuration settings
File Upload Vulnerability
24. Incorporating security into
lifecycle
Integrate security into application
requirements
Including information security
professionals in software
architecture/design review
Security APIs & libraries (e.g. ESAPI,
Validate, etc.) when possible
Threat modeling
Web application vulnerability
assessment tools
How to Secure Web Applications