Web Application Vulnerabilities


Published on

In this presentation I have tried to figure out common loop holes through which web applications may fall prey to the attackers, common tools used in the trade and some preventive security measures to put us on a safer side.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Web Application Vulnerabilities

  1. 1. Web Web Application Application Hacking Setup Objectives Web Anatomy Application of an Threats Attack Countermeasures
  2. 2. A client/server software application that interacts with users or other systems using HTTP. Modern applications are typically written in Java (or similar languages) and run on distributed application server, connecting to multiple data sources.  Examples of Web Applications : i) webmail ii)Online retail sales iii)wikis
  3. 3.  Defacing websites Stealing credit card Information Exploiting server-side scripting Exploiting buffer overflows Employ malicious code Dos attack Destruction of Data
  5. 5.  Cross-site scripting  SQL injection  Buffer overflow  Zero day attack  Directory Traversal/Forceful Browsing  Cookie/session poisoning  Parameter/form tampering  Error Message Interception
  6. 6.  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by web users into the web pages viewed by other users.  Examples of such code include JavaScript code. Stored Attack Reflected Attack
  7. 7. XSS www.mailprovider.com  Hacker finds out www. mailprovider.com suffers from XSS. Mail Users get mail asking to click a hyperlink for getting a free gift Click here For free gift When the user click malicious script gets executed. www.mailprovider.com/default.asp?name=<script>evilScript()</script> Your browser correctly interprets this as Vulnerable Web browser script and runs the script site If this script instructs the browser to send a cookie , to the hacker's computer, it quickly complies. May take the user to a fake web page of his online banking site.
  8. 8.  It is basically a security exploit in which attacker injects SQL code through a web form input box, address barto gain access to resources and makes changes to data.  SQL Injection attacks can often be executed from address bar, from within application fields, and through queries and searches
  9. 9. var sql = quot;select * from users where username = ' username ' and password = ' password ' quot; ; Username: anything‘ or 1=1-- Password: quot; select * from users where username = 'anything' or 1=1--'and password ='' quot;;
  10. 10.  Mechanism  When the amount of data sought to be added to a buffer exceeds the size of the buffer; generally resulting in a catastrophic error.  Occurs when boundary checks are not done fully or skipped. Error in programming.  After successful execution  Gain super user privilege.  Installation of backdoor.  Put a server down
  11. 11.  Zero-day attacks take place between the time a vulnerability is discovered by a researcher or attacker, and the time that the vendor issues a corrective patch.  Most zero-day attacks are only available as hand-crafted exploit code, but zero-day worms have caused rapid panic.  Zero-day vulnerability is the launching point for further exploitation of the web application and environment.  Lack of a firewall and enable heuristics scanning.
  12. 12.  Cookies are used to maintain session state in the otherwise stateless HTTP protocol.  Poisoning allows an attacker to inject malicious content, modify the user's on-line experience, and obtain unauthorized information  It can be used for rewriting the session data, displaying the cookie data, and/or specifying a new User ID or other session identifiers in the cookie.
  13. 13.  Takes advantage of the hidden field that work as the only security measure in some applications.  Modifying this hidden field value will cause the web application to change according tothe new data incorporated  Can cause  theft of services  escalation of access  session hijacking
  14. 14.  Attack occurs when the attacker is able to browse directories and files outside normal application access.  Attack exposes the directory structure of the application, and often the underlying web server and operating system  Attacker can enumerate contents, access secure or restricted pages, and gain confidential information, locate source code and so on.  No provision of access right for protected areas of site.
  15. 15.  Information in error messages is often rich with web site-specific information which can be used to ::  Determine technologies used in the web applications.  Determine whether attack attempt was successful or not.  Receive hints for attack methods to try next.
  16. 16.  Validation of query strings, form fields and hidden fields against a rigorous specification.  Filtering script output .  Structuring request such that all supplied parameters are treated as data ,rather than potentially executable content.  Validating input length in forms and carrying out bounds checking.  Defining access right to protected areas of website.  Applying checks/hot fixes.  Updating web server with security patches in timely manner.  Digitally signed and stamped logs.  Separate log for system event and transaction log for application event.
  17. 17. Presented By Preetish Panda preetish88@gmail.com