Web application security & Testing

3,657 views
3,468 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,657
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
226
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Web application security & Testing

  1. 1. Web Application SecuritySreenath SasikumarQBurst
  2. 2. Who am I ?www.MakeMeResume.com/@sreenath
  3. 3. Take Away•  Understanding web application security•  How to security test web applications•  Mitigating web application security risks•  Open source tools
  4. 4. How web applications work
  5. 5. Understanding web security
  6. 6. Security testing web applications•  Information Gathering•  Configuration Management Testing•  Authentication Testing•  Session Management Testing•  Authorization Testing•  Business Logic Testing•  Data Validation Testing•  Denial of Service Testing
  7. 7. Information Gathering
  8. 8. www.google.com/robots.txtSpiders Robots and Crawlers
  9. 9. Search Engine DiscoveryGoogle Hacking•  site•  cache•  inurl•  filetypeHow to:ManualHackSearch
  10. 10. Identify Application Entry points•  GET•  POST•  Cookies•  Server Parameters•  FilesHow to:Tamper Data, WebScarab, ZAP
  11. 11. Web Application FingerprintingHow to:NiktoVulnerability Scanners
  12. 12. Application DiscoveryDifferent Base URL•  www.example.com/abcDifferent port•  www.example.com:8000Different sub domain ( Virtual host )•  abc.example.comHow to:Zap, WebSlayer
  13. 13. Analysis of Error Code
  14. 14. Configuration Management
  15. 15. SSL TestingIdentify ssl ports and servicesHow strong is you cipher?How to:Nmap -sV, Nessus, OpenSSL
  16. 16. Configuration Management Testing•  Infrastructure Configuration Management•  Application Configuration Management
  17. 17. Old, Backup & Unreferenced FilesUser-agent: *Disallow: /AdminDisallow: /uploadsDisallow: /backupDisallow: /~jbloggsHow to:HackSearch, Webslayer
  18. 18. Testing for HTTP Methods•  HEAD•  GET•  POST•  PUT•  DELETE•  TRACE•  OPTIONS•  CONNECTHow to:NetcatNikto
  19. 19. Authentication Testing
  20. 20. Credentials transport over anencrypted channelPrevent man in the middle attack
  21. 21. Testing for user enumerationError Messages/Notifications"Sorry, please enter a valid password""Sorry, please enter a valid username""Sorry, this user does not exist""Sorry, this user is no longer active"
  22. 22. Testing for Guessable Users& BruteForce AttacksHow to:John the RipperHydra
  23. 23. Testing for CAPTCHA
  24. 24. Testing Session & Cookies
  25. 25. Authorization Testing
  26. 26. Testing for privilege escalation•  vertical escalation•  horizontal escalationwww.example.com/?user=1&groupID=2
  27. 27. Business Logic Testing
  28. 28. Data Validation Testing
  29. 29. InjectionsSQLXSS
  30. 30. •  SQL Injection•  XSS Injection•  LDAP Injection•  XML Injection•  HTML Injection•  SSI Injection•  ORM Injection•  XPath Injection•  IMAP/SMTP Injection•  Buffer Overflow
  31. 31. Testing for Denial of Service
  32. 32. Testing for SQL Wildcard AttacksSELECT * FROM Article WHERE Content LIKE %foo%SELECT TOP 10 * FROM Article WHERE Content LIKE%_[^!_%/%a?F%_D)_(F%)_%([)({}%){()}£$&N%_)$*£()$*R"_)][%](%[x])%a][$*"£$-9]_%
  33. 33. Testing for DoS Locking CustomerAccounts
  34. 34. Open Source ToolsNiktoNessusW3AFZAPWebSlayerNetcatNmapSkipfishHydraMozilla Firefox addonsLots & lots more...
  35. 35. PenQ - Security testing browser
  36. 36. Questions ?

×