Web Application Penetration Testing

Webinar
 Who am i

I’m C Vishwanath [Certified Ethical Hacker]

Senior Operational Professional in IBM
Cyber Security Researcher and Trainer
Founder of E-hacking4all

My Blog: www.e-hacking4all.blogspot.in
Contact: Google my Name 
 Topics Cover in Session

Basics of Hacking

Introduction to Penetration Testing

Foot printing

Scanning
Live Practical's
 What Is Hacking

The Process of attempting to gain successfully,

unauthorized access to computer resources for the
purpose of help or secure system is called Hacking.
 Hacking v/s Ethical Hacking

Hacker:
• Access computer system or network without authorization
• Breaks the law

 Ethical Hacker:
• Performs most of the same activities but with owner’s
permission
• Employed by companies to perform Penetration Tests
 Hacking Life Cycle

Foot printing

Escalating Privilege,
Covering Tracks and Scanning
Creating Backdoors

Attack and Gaining

Enumeration
Access
 Web Application
PenetrationPenetration Testing
Testing

The primary objective behind a web application penetration test (WAPT) is to

identify exploitable vulnerabilities, weaknesses and technical flaws in
applications before attackers are able to discover and exploit them. Web
application penetration testing reveals real-world opportunities attackers
could use to compromise applications in order to gain access to sensitive
data or even take-over systems for malicious and non-business purposes.
 Types ofofPenetration
Types PenetrationTestingTesting

Penetration
Testing

Black Box White Box Grey Box

Testing Testing Testing
The Tester has no prior The Tester has complete The Tester has partial
knowledge of the system he information that the tester knowledge of the system is
is to test needs to perform the test is provided to the tester. This is
provided to him taken as an attack by an
external hacker
 Steps in Penetration Testing

The security testing methodology that we follow to minimize the risk of security
breaches and improve the security stature of your applications is by utilizing a
series of signature tools and techniques, will attempt to breach your application
systems through test techniques that are manually executed
 Foot Printing
• Foot Printing is a process of collecting as much information as
possible about target, for identifying various ways to intrude in to
organization network system
• Attackers gather publicly available sensitive information

• Sources:
 Whois.domain
 Netcraft
 Google hacking ( sensitive Information Gathering)
 OSIntframework
 Scanning
• Network Scanning refers to set of procedures for identfying hosts,
ports, and service in network

• Objectives of Scanning:
 To Discover live hosts, ipaddress, & openports
 Discover operating system and system Architecture
 Services running on host
Source :
 Nmap Tool
 Shodan.io
 Web Application Breach the Perimeter

Trusted
Internet DMZ
Inside
IIS ASP
SunOne .NET
SQL
WebSphere
Apache Oracle
Java
DB2

HTTP(S) Corporate
Browser Firewall only Inside
allows Firewall only allows
Allows HTTP port 80 application server to
applications
on the web talk to database
Allows HTTPS port 443 server.
server to talk to
application
server.
 Practical on Live Hacking

Bypass Authentication
Sql Injection
Cross Site Scripting
File Upload Vulnerability
 Bypass Authentication
 Authentication bypass vulnerability could allow attackers to perform
various malicious operations by bypassing the device authentication
mechanism.
What's the issue - Authentication bypass exploit is mainly due to a
weak authentication mechanism.
 Bypass Authentication
Countermeasures for Bypass Authentication:
1. In order to stay protected from authentication bypass attack, it is
best to keep all your systems, applications, software and OS up-to-
date.
2. It is suggested to not expose authentication protocol in the client-
side web browser script.
3. They suggest ensuring that user session IDs and cookies are
encrypted.
4. It is recommended to validate all user input on the server side.
 Sql Injection
 SQL injection is a web security vulnerability that allows an attacker
to interfere with the queries that an application makes to its
database. It generally allows an attacker to view data that they are
not normally able to retrieve. This might include data belonging to
other users, or any other data that the application itself is able to
access. In many cases, an attacker can modify or delete this data,
causing persistent changes to the application's content or behavior.
 Sql Injection
Countermeasures for Sql Injection:
1. Source Code Review
2. Sanitizing and validating the input field
3. Checking the privileges of a user’s connection to the database
4. Apply least privilege rule to run the application that access
database (Generally we run with admin privileges by default which
is not advisable)
5. Use IDS and IPS. I would suggest Snort (IDS- Intrusion prevention
system, IPS- Intrusion prevention system)
 Cross Site Scripting Vulnerability
Cross-site Scripting (XSS) is a client-side code injection attack. The
attacker aims to execute malicious scripts in a web browser of the
victim by including malicious code in a legitimate web page or web
application. The actual attack occurs when the victim visits the web
page or web application that executes the malicious code.
 How Cross-site Scripting Works
There are two stages to a typical XSS attack:
 To run malicious JavaScript code in a victim’s browser, an attacker
must first find a way to inject malicious code (payload) into a web
page that the victim visits.

 After that, the victim must visit the web page with the malicious
code. If the attack is directed at particular victims, the attacker can
use social engineering and/or phishing to send a malicious URL to
the victim.
 Cross-site Scripting
Countermeasures for Cross site Scripting:

1. Don’t trust any user input

2. Use escaping/encoding
3. Sanitize HTML
4. Set the HttpOnly flag
5. Use a Content Security Policy
 File Upload Vulnerability
 Uploaded files represent a significant risk to applications. The first
step in many attacks is to get some code to the system to be
attacked. Then the attack only needs to find a way to get the code
executed. Using a file upload helps the attacker accomplish the first
step.
 File Upload Vulnerability
Counter measures for File upload Vulnerability:
1. Only allow specific file types– By limiting the list of allowed file
types
2. Verify file types – In addition to restricting the file types, it is
important to ensure that no files are ‘masking’ as allowed file
types.
3. Scan for malware – To minimize risk, all files should be scanned
for malware.
4. Use simple error messages – When displaying file upload errors,
do not include directory paths, server configuration settings
 How to Secure Web Applications
Incorporating security into
lifecycle

Integrate security into application

requirements
Including information security
professionals in software
architecture/design review
Security APIs & libraries (e.g. ESAPI,
Validate, etc.) when possible
Threat modeling
Web application vulnerability
assessment tools
Q&A