Your SlideShare is downloading. ×
Web
Web
                                Application
Application
                                Hacking
Setup
            ...
A client/server software application that
interacts with users or other systems using
HTTP.

Modern applications are typ...
 Defacing websites

Stealing credit card Information

Exploiting server-side scripting

Exploiting buffer overflows

...
SCANNING



  INFORMATION GATHERING




                TESTING




                    PLANNING THE ATTACK




          ...
 Cross-site scripting
 SQL injection
 Buffer overflow
 Zero day attack
 Directory Traversal/Forceful
  Browsing
 Coo...
 Cross-site scripting (XSS) is a type of computer security vulnerability
  typically found in web applications which allo...
XSS
                                                                www.mailprovider.com
   Hacker finds out www. mailpro...
 It is basically a security exploit in which
 attacker injects SQL code through a web
  form input box, address barto gai...
var sql = quot;select * from users where username = ' username ' and
                               password = ' password ...
 Mechanism

 When the amount of data sought to be added to a buffer exceeds the
size of the buffer; generally resulting ...
 Zero-day attacks take place between
  the time a vulnerability is discovered
  by a researcher or attacker, and the time...
 Cookies are used to maintain session
  state in the otherwise stateless HTTP
  protocol.
 Poisoning allows an attacker ...
 Takes advantage of the hidden field that work as the
  only security measure in some applications.

 Modifying this hid...
 Attack occurs when the attacker
  is able to browse directories and
  files outside normal application
   access.

 Att...
 Information in error messages is
  often rich with web site-specific
  information which can be used to ::

 Determine ...
 Validation of query strings, form fields and hidden fields
  against a rigorous specification.
 Filtering script output...
Presented By
Preetish Panda
 preetish88@gmail.com
Web Application Vulnerabilities
Web Application Vulnerabilities
Web Application Vulnerabilities
Web Application Vulnerabilities
Web Application Vulnerabilities
Upcoming SlideShare
Loading in...5
×

Web Application Vulnerabilities

2,421

Published on

In this presentation I have tried to figure out common loop holes through which web applications may fall prey to the attackers, common tools used in the trade and some preventive security measures to put us on a safer side.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,421
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Web Application Vulnerabilities"

  1. 1. Web Web Application Application Hacking Setup Objectives Web Anatomy Application of an Threats Attack Countermeasures
  2. 2. A client/server software application that interacts with users or other systems using HTTP. Modern applications are typically written in Java (or similar languages) and run on distributed application server, connecting to multiple data sources.  Examples of Web Applications : i) webmail ii)Online retail sales iii)wikis
  3. 3.  Defacing websites Stealing credit card Information Exploiting server-side scripting Exploiting buffer overflows Employ malicious code Dos attack Destruction of Data
  4. 4. SCANNING INFORMATION GATHERING TESTING PLANNING THE ATTACK LAUNCHING THE ATTACK
  5. 5.  Cross-site scripting  SQL injection  Buffer overflow  Zero day attack  Directory Traversal/Forceful Browsing  Cookie/session poisoning  Parameter/form tampering  Error Message Interception
  6. 6.  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by web users into the web pages viewed by other users.  Examples of such code include JavaScript code. Stored Attack Reflected Attack
  7. 7. XSS www.mailprovider.com  Hacker finds out www. mailprovider.com suffers from XSS. Mail Users get mail asking to click a hyperlink for getting a free gift Click here For free gift When the user click malicious script gets executed. www.mailprovider.com/default.asp?name=<script>evilScript()</script> Your browser correctly interprets this as Vulnerable Web browser script and runs the script site If this script instructs the browser to send a cookie , to the hacker's computer, it quickly complies. May take the user to a fake web page of his online banking site.
  8. 8.  It is basically a security exploit in which attacker injects SQL code through a web form input box, address barto gain access to resources and makes changes to data.  SQL Injection attacks can often be executed from address bar, from within application fields, and through queries and searches
  9. 9. var sql = quot;select * from users where username = ' username ' and password = ' password ' quot; ; Username: anything‘ or 1=1-- Password: quot; select * from users where username = 'anything' or 1=1--'and password ='' quot;;
  10. 10.  Mechanism  When the amount of data sought to be added to a buffer exceeds the size of the buffer; generally resulting in a catastrophic error.  Occurs when boundary checks are not done fully or skipped. Error in programming.  After successful execution  Gain super user privilege.  Installation of backdoor.  Put a server down
  11. 11.  Zero-day attacks take place between the time a vulnerability is discovered by a researcher or attacker, and the time that the vendor issues a corrective patch.  Most zero-day attacks are only available as hand-crafted exploit code, but zero-day worms have caused rapid panic.  Zero-day vulnerability is the launching point for further exploitation of the web application and environment.  Lack of a firewall and enable heuristics scanning.
  12. 12.  Cookies are used to maintain session state in the otherwise stateless HTTP protocol.  Poisoning allows an attacker to inject malicious content, modify the user's on-line experience, and obtain unauthorized information  It can be used for rewriting the session data, displaying the cookie data, and/or specifying a new User ID or other session identifiers in the cookie.
  13. 13.  Takes advantage of the hidden field that work as the only security measure in some applications.  Modifying this hidden field value will cause the web application to change according tothe new data incorporated  Can cause  theft of services  escalation of access  session hijacking
  14. 14.  Attack occurs when the attacker is able to browse directories and files outside normal application access.  Attack exposes the directory structure of the application, and often the underlying web server and operating system  Attacker can enumerate contents, access secure or restricted pages, and gain confidential information, locate source code and so on.  No provision of access right for protected areas of site.
  15. 15.  Information in error messages is often rich with web site-specific information which can be used to ::  Determine technologies used in the web applications.  Determine whether attack attempt was successful or not.  Receive hints for attack methods to try next.
  16. 16.  Validation of query strings, form fields and hidden fields against a rigorous specification.  Filtering script output .  Structuring request such that all supplied parameters are treated as data ,rather than potentially executable content.  Validating input length in forms and carrying out bounds checking.  Defining access right to protected areas of website.  Applying checks/hot fixes.  Updating web server with security patches in timely manner.  Digitally signed and stamped logs.  Separate log for system event and transaction log for application event.
  17. 17. Presented By Preetish Panda preetish88@gmail.com

×