security testing for web applications
DESCRIPTION
Causes of vulnerabilities Security testing concepts Security Testing Types Main methods of manual security testing URL manipulation SQL injection XSS (Cross Site Scripting) Automated security testing tools ------------------------------------------------ Created by: Kristina Filipyan Reviewed by: Vladimir Soghoyan Ogma ApplicationsTRANSCRIPT
Security Testing For Web Applications
Created by: Kristina FilipyanReviewed by: Vladimir SoghoyanOgma Applications
Design and development errors
Poor system configuration
Human errors
Causes of vulnerabilities
AuthenticationDetermining the act of confirming the truth of an attribute of a datum or entity.
AuthorizationDetermining that a requester is allowed to receive a service or perform an
operation.
ConfidentialityA security measure which protects the disclosure of data or information to parties
other than the intended.
IntegrityWhether the intended receiver receives the information or data which is not altered
in transmission.
Non-repudiation(session time limitations) Interchange of authentication information with some form
of provable time stamp e.g. with session id .
Security testing concepts
Vulnerability Scanning Method to assess computers, computer systems, networks or applications for weaknesses.
Security ScanningSecurity Scanning is a Vulnerability Scan
Penetration TestingMethod of evaluating the security of a computer system or network by simulating an attack
Risk AssessmentRisk Assessment involves a security analysis of interviews compiled with research of business, legal, and industry justifications.
Security AuditingSecurity Auditing involves hands on internal inspection of Operating Systems
andApplications, often via line-by-line inspection of the code.
Ethical HackingThis is basically a number of Penetration Tests on a number of
systems on a network segment.
Security Testing Types
To secure financial data while transferring between different system
To secure user data To find security vulnerabilities in an
application
Why Security testing is needed?
URL manipulation
SQL injection
XSS (Cross Site Scripting)
Main methods of manual security testing
Search for directories making it possible to administer the site: http://target/admin/http://target/admin.cgi
Search for a script to reveal information about the remote system: http://target/phpinfo.php3
Search for backup copies. The .bak extension is generally used and is not interpreted by servers by default, which can cause a script to be displayed: http://target/.bak
URL manipulation through HTTP GET methods examples
SELECT fieldlist
FROM table WHERE field = ‘[email protected]'';
SELECT fieldlist
FROM table WHERE field = 'x' AND email IS NULL; --';
SELECT email, passwd, login_id, full_name FROM table
WHERE email = 'x' AND 1=(SELECT COUNT(*) FROM tabname); --';
SQL Injection examples
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
Cross Site Scripting (XSS)
XSS Attack example on RockSquare:
XSS Input XSS Attack Results
NMAP (free source)Security scanner used to discover hosts and services on a computer network.
GFI LANguard (licensed)Network Security Scanner and Vulnerability Management Tool.
Automated security testing tools:
Zenmap is the official Nmap Security Scanner GUI
Zenmap action shots:Nmap Output
Hosts and PostsTopologyHost Details
What is Zenmap ?
Nmap Output:
The “Nmap Output” shows scanning results.
Hosts and Ports
“Ports / Hosts” tab shows all the hosts which have that port open filtered, or closed.
Topology
The “Topology” tab is an interactive view of the connections between hosts in a network.
Host Details
The “Host Details” tab breaks all the information about a single host into a hierarchical display.
Nmap sends specially crafted packets to the target host and then analyzes the responses.
Nmap can determine the operating system of the target, names and versions of the listening services, estimated uptime, type of device, and presence of a firewall.
The goal of the Nmap
Thank You