Presiding Officer Training module 2024 lok sabha elections
Chapter4:Be The Attacker
1. Be The Attacker
Web Application Security Fast Guide (book slides) By Dr.Sami Khiami
Chapter 4
2. Be the attacker
2017-05-03 Web Application Security Fast Guide (book slides) Slide 2By Dr.Sami Khiami
Time and Place Targets Mindset
3. 2017-05-03 Web Application Security Fast Guide (book slides) Slide 3By Dr.Sami Khiami
Time ,Place and target
4. Attackers Mind set and categories
2017-05-03 Web Application Security Fast Guide (book slides) Slide 4By Dr.Sami Khiami
Old School Hacker
• No malicious intent
• Well educated
Script kiddiesCyber-Punks
• 12-30 (age)
• Vandalize& disturb
• Like to brag
Coders and Virus writers
• Act like elite
• Don’t use them self
Professional criminals
• Make living
• Espionage
• Target centric
7. Mapping Servers Info(1)
2017-05-03 Web Application Security Fast Guide (book slides) Slide 7By Dr.Sami Khiami
http://www.net-square.com/httprint.html
8. Mapping Server info (2)
2017-05-03 Web Application Security Fast Guide (book slides) Slide 8By Dr.Sami Khiami
http://www.net-square.com/httprint.html
9. Mapping Intermediaries info
2017-05-03 Web Application Security Fast Guide (book slides) Slide 9By Dr.Sami Khiami
Firewall
Proxy
Loadbalancer
TargetedApplication
Detecting load balancers:
- Surrounding IP scan
- Detecting unsynchronized time stamp
- detecting different (last modified or Etag) header for the
same resource
- Existence of unusual cookies.
- Different SSL certificate
Detecting Proxies:
- Using Trace command that echo the exact request and
detect changes.
- Standard connect test
- Standard proxy request
10. Mapping Application
2017-05-03 Web Application Security Fast Guide (book slides) Slide 10By Dr.Sami Khiami
F1
F3
F2
F4
Application
Web application crawling
User Guided spidering
http://theSiteName.c
om/stable/en/about
Hidden contents
Robots.txt (disallow)
12. Other info sources(cont.)
2017-05-03 Web Application Security Fast Guide (book slides) Slide 12By Dr.Sami Khiami
Site: www.theExploredSite which return all references indexed by google.
Site: www.theExploredSite login that returns all pages containing login
Link: www.theExploredSite returns all pages on other websites that has link to
that specific site.
Related: www.theExploredSite returns similar web pages.
14. Map Vulnerabilities & parameters
2017-05-03 Web Application Security Fast Guide (book slides) Slide 14By Dr.Sami Khiami
CVE Parameters
Guessing
Add or remove parameters
Change parameters
15. Documenting
2017-05-03 Web Application Security Fast Guide (book slides) Slide 15By Dr.Sami Khiami
manageAccount.php
error.php
login.php
terminateAccount.php
showAccount.php
activateAccount.php
?action=t&id=12
?action=s&id=12
?action=a&id=12
Page name Path Use
SSL?
Static or
Dynamic
Need
Auth.?
Used
method
comments
aboutUs.html /about No S No Get
Login.php /login Yes D Yes Post
16. Map Proofing
2017-05-03 Web Application Security Fast Guide (book slides) Slide 16By Dr.Sami Khiami
Application
• Hide your directories contents and structures
• Use different root folders for user and administrator
• put all JavaScript files to a single folder and be sure to
omit the execution permission from that folder
• remove all comment from production code
• Never use absolute path to refer files, always use
relative paths
• The script should remove any directory traversal
character like (../../)
• Be sure to apply authentication on all directory contents
and subdirectory
17. Attack analysing stage
2017-05-03 Web Application Security Fast Guide (book slides) Slide 17By Dr.Sami Khiami
• Specify attack surface: figuring what are possible scenarios to
execute the attack and compromise the application
• Specify the feasibility of each scenario from resource and time
point of view
Attack
surface
Attack
feasibility
18. Identify Attack Surface
2017-05-03 Web Application Security Fast Guide (book slides) Slide 18By Dr.Sami Khiami
• Client side validation server or client?
• possible SQL injection, Database issue, root database account or any code or
discovered comment that might give partial or full access to the database.
• Available upload or download functionalities with path traversal
• Check for ability to display user supplied data , uploading a file or open editors.
• Check ability to use invalidated parameters pushed to pages that do redirects
• possibility of using brute force attack
• Isolate available information that might help in escalate privileges like cookies and
session state information.
• Using collected info try to identify non encrypted communication channels
• Identify interfaces to external system it might represent an information leakage point
• Analyze all generated error message for information leakage.
• Identify any pages that interact with mail server to try command or email injection
• Identify the usage of native code that might be a potential vulnerability for buffer
over flow.
• Identify any known structure , folder names , themes from known third party
application which can open the door to search for known vulnerabilities
• Identify common vulnerability in the used web server.
19. Specify Attack feasibility
2017-05-03 Web Application Security Fast Guide (book slides) Slide 19By Dr.Sami Khiami
Attack A
Attack B
Attack C
1
3
2
Possible attack scenario description
Attackcategory
Coherencewithattackpurpose(%)
Estimatedeffortweight(%)
Estimatedresourceweight(%)
EstimatedComplexity(%)
Priority
A C I R