Web Application SecuritySreenath SasikumarQBurst
Who am I ?www.MakeMeResume.com/@sreenath
Take Away•  Understanding web application security•  How to security test web applications•  Mitigating web application se...
How web applications work
Understanding web security
Security testing web applications•  Information Gathering•  Configuration Management Testing•  Authentication Testing•  Se...
Information Gathering
www.google.com/robots.txtSpiders Robots and Crawlers
Search Engine DiscoveryGoogle Hacking•  site•  cache•  inurl•  filetypeHow to:ManualHackSearch
Identify Application Entry points•  GET•  POST•  Cookies•  Server Parameters•  FilesHow to:Tamper Data, WebScarab, ZAP
Web Application FingerprintingHow to:NiktoVulnerability Scanners
Application DiscoveryDifferent Base URL•  www.example.com/abcDifferent port•  www.example.com:8000Different sub domain ( V...
Analysis of Error Code
Configuration Management
SSL TestingIdentify ssl ports and servicesHow strong is you cipher?How to:Nmap -sV, Nessus, OpenSSL
Configuration Management Testing•  Infrastructure Configuration Management•  Application Configuration Management
Old, Backup & Unreferenced FilesUser-agent: *Disallow: /AdminDisallow: /uploadsDisallow: /backupDisallow: /~jbloggsHow to:...
Testing for HTTP Methods•  HEAD•  GET•  POST•  PUT•  DELETE•  TRACE•  OPTIONS•  CONNECTHow to:NetcatNikto
Authentication Testing
Credentials transport over anencrypted channelPrevent man in the middle attack
Testing for user enumerationError Messages/Notifications"Sorry, please enter a valid password""Sorry, please enter a valid...
Testing for Guessable Users& BruteForce AttacksHow to:John the RipperHydra
Testing for CAPTCHA
Testing Session & Cookies
Authorization Testing
Testing for privilege escalation•  vertical escalation•  horizontal escalationwww.example.com/?user=1&groupID=2
Business Logic Testing
Data Validation Testing
InjectionsSQLXSS
•  SQL Injection•  XSS Injection•  LDAP Injection•  XML Injection•  HTML Injection•  SSI Injection•  ORM Injection•  XPath...
Testing for Denial of Service
Testing for SQL Wildcard AttacksSELECT * FROM Article WHERE Content LIKE %foo%SELECT TOP 10 * FROM Article WHERE Content L...
Testing for DoS Locking CustomerAccounts
Open Source ToolsNiktoNessusW3AFZAPWebSlayerNetcatNmapSkipfishHydraMozilla Firefox addonsLots & lots more...
PenQ - Security testing browser
Questions ?
Upcoming SlideShare
Loading in …5
×

Web application security & Testing

3,014
-1

Published on

Published in: Technology

Web application security & Testing

  1. 1. Web Application SecuritySreenath SasikumarQBurst
  2. 2. Who am I ?www.MakeMeResume.com/@sreenath
  3. 3. Take Away•  Understanding web application security•  How to security test web applications•  Mitigating web application security risks•  Open source tools
  4. 4. How web applications work
  5. 5. Understanding web security
  6. 6. Security testing web applications•  Information Gathering•  Configuration Management Testing•  Authentication Testing•  Session Management Testing•  Authorization Testing•  Business Logic Testing•  Data Validation Testing•  Denial of Service Testing
  7. 7. Information Gathering
  8. 8. www.google.com/robots.txtSpiders Robots and Crawlers
  9. 9. Search Engine DiscoveryGoogle Hacking•  site•  cache•  inurl•  filetypeHow to:ManualHackSearch
  10. 10. Identify Application Entry points•  GET•  POST•  Cookies•  Server Parameters•  FilesHow to:Tamper Data, WebScarab, ZAP
  11. 11. Web Application FingerprintingHow to:NiktoVulnerability Scanners
  12. 12. Application DiscoveryDifferent Base URL•  www.example.com/abcDifferent port•  www.example.com:8000Different sub domain ( Virtual host )•  abc.example.comHow to:Zap, WebSlayer
  13. 13. Analysis of Error Code
  14. 14. Configuration Management
  15. 15. SSL TestingIdentify ssl ports and servicesHow strong is you cipher?How to:Nmap -sV, Nessus, OpenSSL
  16. 16. Configuration Management Testing•  Infrastructure Configuration Management•  Application Configuration Management
  17. 17. Old, Backup & Unreferenced FilesUser-agent: *Disallow: /AdminDisallow: /uploadsDisallow: /backupDisallow: /~jbloggsHow to:HackSearch, Webslayer
  18. 18. Testing for HTTP Methods•  HEAD•  GET•  POST•  PUT•  DELETE•  TRACE•  OPTIONS•  CONNECTHow to:NetcatNikto
  19. 19. Authentication Testing
  20. 20. Credentials transport over anencrypted channelPrevent man in the middle attack
  21. 21. Testing for user enumerationError Messages/Notifications"Sorry, please enter a valid password""Sorry, please enter a valid username""Sorry, this user does not exist""Sorry, this user is no longer active"
  22. 22. Testing for Guessable Users& BruteForce AttacksHow to:John the RipperHydra
  23. 23. Testing for CAPTCHA
  24. 24. Testing Session & Cookies
  25. 25. Authorization Testing
  26. 26. Testing for privilege escalation•  vertical escalation•  horizontal escalationwww.example.com/?user=1&groupID=2
  27. 27. Business Logic Testing
  28. 28. Data Validation Testing
  29. 29. InjectionsSQLXSS
  30. 30. •  SQL Injection•  XSS Injection•  LDAP Injection•  XML Injection•  HTML Injection•  SSI Injection•  ORM Injection•  XPath Injection•  IMAP/SMTP Injection•  Buffer Overflow
  31. 31. Testing for Denial of Service
  32. 32. Testing for SQL Wildcard AttacksSELECT * FROM Article WHERE Content LIKE %foo%SELECT TOP 10 * FROM Article WHERE Content LIKE%_[^!_%/%a?F%_D)_(F%)_%([)({}%){()}£$&N%_)$*£()$*R"_)][%](%[x])%a][$*"£$-9]_%
  33. 33. Testing for DoS Locking CustomerAccounts
  34. 34. Open Source ToolsNiktoNessusW3AFZAPWebSlayerNetcatNmapSkipfishHydraMozilla Firefox addonsLots & lots more...
  35. 35. PenQ - Security testing browser
  36. 36. Questions ?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×