web application security & testing
DESCRIPTION
TRANSCRIPT
![Page 1: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/1.jpg)
Web Application Security Sreenath Sasikumar
QBurst
![Page 2: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/2.jpg)
Who am I ?
www.MakeMeResume.com/@sreenath
![Page 3: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/3.jpg)
Take Away
• Understanding web application security
• How to security test web applications
• Mitigating web application security risks
• Open source tools
![Page 4: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/4.jpg)
How web applications work
![Page 5: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/5.jpg)
Understanding web security
![Page 6: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/6.jpg)
Security testing web applications
• Information Gathering • Configuration Management Testing • Authentication Testing • Session Management Testing • Authorization Testing • Business Logic Testing • Data Validation Testing • Denial of Service Testing
![Page 7: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/7.jpg)
Information Gathering
![Page 8: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/8.jpg)
www.google.com/robots.txt
Spiders Robots and Crawlers
![Page 9: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/9.jpg)
Search Engine Discovery
Google Hacking
• site • cache • inurl • filetype
How to: Manual HackSearch
![Page 10: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/10.jpg)
Identify Application Entry points
• GET • POST • Cookies • Server Parameters • Files
How to: Tamper Data, WebScarab, ZAP
![Page 11: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/11.jpg)
Web Application Fingerprinting
How to: Nikto Vulnerability Scanners
![Page 12: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/12.jpg)
Application Discovery
Different Base URL • www.example.com/abc
Different port • www.example.com:8000
Different sub domain ( Virtual host ) • abc.example.com
How to: Zap, WebSlayer
![Page 13: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/13.jpg)
Analysis of Error Code
![Page 14: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/14.jpg)
Configuration Management
![Page 15: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/15.jpg)
SSL Testing
Identify ssl ports and services How strong is you cipher?
How to: Nmap -sV, Nessus, OpenSSL
![Page 16: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/16.jpg)
Configuration Management Testing
• Infrastructure Configuration Management
• Application Configuration Management
![Page 17: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/17.jpg)
Old, Backup & Unreferenced Files
User-agent: * Disallow: /Admin Disallow: /uploads Disallow: /backup Disallow: /~jbloggs
How to: HackSearch, Webslayer
![Page 18: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/18.jpg)
Testing for HTTP Methods
• HEAD • GET • POST • PUT • DELETE • TRACE • OPTIONS • CONNECT
How to: Netcat Nikto
![Page 19: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/19.jpg)
Authentication Testing
![Page 20: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/20.jpg)
Credentials transport over an encrypted channel
Prevent man in the middle attack
![Page 21: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/21.jpg)
Testing for user enumeration
Error Messages/Notifications
"Sorry, please enter a valid password" "Sorry, please enter a valid username" "Sorry, this user does not exist" "Sorry, this user is no longer active"
![Page 22: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/22.jpg)
Testing for Guessable Users & BruteForce Attacks
How to: John the Ripper Hydra
![Page 23: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/23.jpg)
Testing for CAPTCHA
![Page 24: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/24.jpg)
Testing Session & Cookies
![Page 25: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/25.jpg)
Authorization Testing
![Page 26: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/26.jpg)
Testing for privilege escalation
• vertical escalation • horizontal escalation
www.example.com/?user=1&groupID=2
![Page 27: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/27.jpg)
Business Logic Testing
![Page 28: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/28.jpg)
Data Validation Testing
![Page 29: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/29.jpg)
Injections
SQL
XSS
![Page 30: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/30.jpg)
• SQL Injection • XSS Injection • LDAP Injection • XML Injection • HTML Injection • SSI Injection • ORM Injection • XPath Injection • IMAP/SMTP Injection • Buffer Overflow
![Page 31: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/31.jpg)
Testing for Denial of Service
![Page 32: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/32.jpg)
Testing for SQL Wildcard Attacks
SELECT * FROM Article WHERE Content LIKE '%foo%'
SELECT TOP 10 * FROM Article WHERE Content LIKE '%_[^!_%/%a?F%_D)_(F%)_%([)({}%){()}£$&N%_)$*£()
$*R"_)][%](%[x])%a][$*"£$-9]_%'
![Page 33: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/33.jpg)
Testing for DoS Locking Customer Accounts
![Page 34: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/34.jpg)
Open Source Tools
Nikto Nessus W3AF ZAP WebSlayer Netcat Nmap Skipfish Hydra Mozilla Firefox addons Lots & lots more...
![Page 35: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/35.jpg)
PenQ - Security testing browser
![Page 36: Web application security & Testing](https://reader033.vdocument.in/reader033/viewer/2022051209/547b21adb4af9fce158b4da2/html5/thumbnails/36.jpg)
Questions ?