SlideShare a Scribd company logo

Chapter4:Be The Attacker

Download as PPTX, PDF
D
Dr.Sami Khiami

slides for the book web application security the fast guide chapter2 Web application technologies- authored by Dr. Sami Khiami - Sk computer co

Education
1 of 20
Be The Attacker Web Application Security Fast Guide (book slides) By Dr.Sami Khiami Chapter 4
Be the attacker 2017-05-03 Web Application Security Fast Guide (book slides) Slide 2By Dr.Sami Khiami Time and Place Targets Mindset
2017-05-03 Web Application Security Fast Guide (book slides) Slide 3By Dr.Sami Khiami Time ,Place and target
Attackers Mind set and categories 2017-05-03 Web Application Security Fast Guide (book slides) Slide 4By Dr.Sami Khiami Old School Hacker • No malicious intent • Well educated Script kiddiesCyber-Punks • 12-30 (age) • Vandalize& disturb • Like to brag Coders and Virus writers • Act like elite • Don’t use them self Professional criminals • Make living • Espionage • Target centric
Attack Process 2017-05-03 Web Application Security Fast Guide (book slides) Slide 5By Dr.Sami Khiami
Mapping 2017-05-03 Web Application Security Fast Guide (book slides) Slide 6By Dr.Sami Khiami Mapping Application Mapping Infrastructure
Mapping Servers Info(1) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 7By Dr.Sami Khiami http://www.net-square.com/httprint.html
Mapping Server info (2) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 8By Dr.Sami Khiami http://www.net-square.com/httprint.html
Mapping Intermediaries info 2017-05-03 Web Application Security Fast Guide (book slides) Slide 9By Dr.Sami Khiami Firewall Proxy Loadbalancer TargetedApplication Detecting load balancers: - Surrounding IP scan - Detecting unsynchronized time stamp - detecting different (last modified or Etag) header for the same resource - Existence of unusual cookies. - Different SSL certificate Detecting Proxies: - Using Trace command that echo the exact request and detect changes. - Standard connect test - Standard proxy request
Mapping Application 2017-05-03 Web Application Security Fast Guide (book slides) Slide 10By Dr.Sami Khiami F1 F3 F2 F4 Application Web application crawling User Guided spidering http://theSiteName.c om/stable/en/about Hidden contents Robots.txt (disallow)
Other info sources 2017-05-03 Web Application Security Fast Guide (book slides) Slide 11By Dr.Sami Khiami
Other info sources(cont.) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 12By Dr.Sami Khiami Site: www.theExploredSite which return all references indexed by google. Site: www.theExploredSite login that returns all pages containing login Link: www.theExploredSite returns all pages on other websites that has link to that specific site. Related: www.theExploredSite returns similar web pages.
Other info sources(cont.) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 13By Dr.Sami Khiami MALTEGO tool
Map Vulnerabilities & parameters 2017-05-03 Web Application Security Fast Guide (book slides) Slide 14By Dr.Sami Khiami CVE Parameters Guessing Add or remove parameters Change parameters
Documenting 2017-05-03 Web Application Security Fast Guide (book slides) Slide 15By Dr.Sami Khiami manageAccount.php error.php login.php terminateAccount.php showAccount.php activateAccount.php ?action=t&id=12 ?action=s&id=12 ?action=a&id=12 Page name Path Use SSL? Static or Dynamic Need Auth.? Used method comments aboutUs.html /about No S No Get Login.php /login Yes D Yes Post
Map Proofing 2017-05-03 Web Application Security Fast Guide (book slides) Slide 16By Dr.Sami Khiami Application • Hide your directories contents and structures • Use different root folders for user and administrator • put all JavaScript files to a single folder and be sure to omit the execution permission from that folder • remove all comment from production code • Never use absolute path to refer files, always use relative paths • The script should remove any directory traversal character like (../../) • Be sure to apply authentication on all directory contents and subdirectory
Attack analysing stage 2017-05-03 Web Application Security Fast Guide (book slides) Slide 17By Dr.Sami Khiami • Specify attack surface: figuring what are possible scenarios to execute the attack and compromise the application • Specify the feasibility of each scenario from resource and time point of view Attack surface Attack feasibility
Identify Attack Surface 2017-05-03 Web Application Security Fast Guide (book slides) Slide 18By Dr.Sami Khiami • Client side validation server or client? • possible SQL injection, Database issue, root database account or any code or discovered comment that might give partial or full access to the database. • Available upload or download functionalities with path traversal • Check for ability to display user supplied data , uploading a file or open editors. • Check ability to use invalidated parameters pushed to pages that do redirects • possibility of using brute force attack • Isolate available information that might help in escalate privileges like cookies and session state information. • Using collected info try to identify non encrypted communication channels • Identify interfaces to external system it might represent an information leakage point • Analyze all generated error message for information leakage. • Identify any pages that interact with mail server to try command or email injection • Identify the usage of native code that might be a potential vulnerability for buffer over flow. • Identify any known structure , folder names , themes from known third party application which can open the door to search for known vulnerabilities • Identify common vulnerability in the used web server.
Specify Attack feasibility 2017-05-03 Web Application Security Fast Guide (book slides) Slide 19By Dr.Sami Khiami Attack A Attack B Attack C 1 3 2 Possible attack scenario description Attackcategory Coherencewithattackpurpose(%) Estimatedeffortweight(%) Estimatedresourceweight(%) EstimatedComplexity(%) Priority A C I R
2017-05-03 Web Application Security Fast Guide (book slides) Slide 20By Dr.Sami Khiami End Of Chapter4

Recommended

Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Dr.Sami Khiami
 
Chapter 5: Attack Execution - The Client
Chapter 5: Attack Execution - The ClientChapter 5: Attack Execution - The Client
Chapter 5: Attack Execution - The ClientDr.Sami Khiami
 
Chapter 2: Web application technologies
Chapter 2: Web application technologiesChapter 2: Web application technologies
Chapter 2: Web application technologiesDr.Sami Khiami
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview Dr.Sami Khiami
 
Chapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsChapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsDr.Sami Khiami
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10InnoTech
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testingEngr Md Yusuf Miah
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTerrance Medina
 

Recommended

Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Dr.Sami Khiami
 
Chapter 5: Attack Execution - The Client
Chapter 5: Attack Execution - The ClientChapter 5: Attack Execution - The Client
Chapter 5: Attack Execution - The ClientDr.Sami Khiami
 
Chapter 2: Web application technologies
Chapter 2: Web application technologiesChapter 2: Web application technologies
Chapter 2: Web application technologiesDr.Sami Khiami
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview Dr.Sami Khiami
 
Chapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsChapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsDr.Sami Khiami
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10InnoTech
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testingEngr Md Yusuf Miah
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTerrance Medina
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksOWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksKun-Da Wu
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017ibrahimumer2
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentationAshwini Paranjpe
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksAndre Van Klaveren
 
Broken access controls
Broken access controlsBroken access controls
Broken access controlsAkansha Kesharwani
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security IntroductionMindfire Solutions
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure codeMiva
 
React security vulnerabilities
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilitiesAngelinaJasper
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10YasserElsnbary
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveviewShreyas N
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Sean Jackson
 
APIDays Paris Security Workshop
APIDays Paris Security WorkshopAPIDays Paris Security Workshop
APIDays Paris Security Workshop42Crunch
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development6502programmer
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Sql security
Sql securitySql security
Sql securitySafwan Hashmi
 

More Related Content

What's hot

Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksOWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksKun-Da Wu
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksAndre Van Klaveren
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure codeMiva
 
React security vulnerabilities
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilitiesAngelinaJasper
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveviewShreyas N
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Sean Jackson
 
APIDays Paris Security Workshop
APIDays Paris Security WorkshopAPIDays Paris Security Workshop
APIDays Paris Security Workshop42Crunch
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development6502programmer
 

What's hot (20)

Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksOWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risks
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure code
 
React security vulnerabilities
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilities
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveview
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
 
APIDays Paris Security Workshop
APIDays Paris Security WorkshopAPIDays Paris Security Workshop
APIDays Paris Security Workshop
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Web application security
Web application securityWeb application security
Web application security
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development
 

Similar to Chapter4:Be The Attacker

Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutDevSecCon
 
PwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsPwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsCiNPA Security SIG
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developersJohn Ombagi
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxlior mazor
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersBenjamin Floyd
 
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012DefCamp
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewragibhasan
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptCNSHacking
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptLokeshK66
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris WysopalThreat Stack
 
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET Journal
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 

Similar to Chapter4:Be The Attacker (20)

Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
Sql security
Sql securitySql security
Sql security
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
 
PwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsPwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIs
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web Developers
 
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer System
 
SecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIsSecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIs
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
 
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
Web security
Web securityWeb security
Web security
 

Recently uploaded

Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 

Recently uploaded (20)

Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 

Chapter4:Be The Attacker

  • 1. Be The Attacker Web Application Security Fast Guide (book slides) By Dr.Sami Khiami Chapter 4
  • 2. Be the attacker 2017-05-03 Web Application Security Fast Guide (book slides) Slide 2By Dr.Sami Khiami Time and Place Targets Mindset
  • 3. 2017-05-03 Web Application Security Fast Guide (book slides) Slide 3By Dr.Sami Khiami Time ,Place and target
  • 4. Attackers Mind set and categories 2017-05-03 Web Application Security Fast Guide (book slides) Slide 4By Dr.Sami Khiami Old School Hacker • No malicious intent • Well educated Script kiddiesCyber-Punks • 12-30 (age) • Vandalize& disturb • Like to brag Coders and Virus writers • Act like elite • Don’t use them self Professional criminals • Make living • Espionage • Target centric
  • 5. Attack Process 2017-05-03 Web Application Security Fast Guide (book slides) Slide 5By Dr.Sami Khiami
  • 6. Mapping 2017-05-03 Web Application Security Fast Guide (book slides) Slide 6By Dr.Sami Khiami Mapping Application Mapping Infrastructure
  • 7. Mapping Servers Info(1) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 7By Dr.Sami Khiami http://www.net-square.com/httprint.html
  • 8. Mapping Server info (2) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 8By Dr.Sami Khiami http://www.net-square.com/httprint.html
  • 9. Mapping Intermediaries info 2017-05-03 Web Application Security Fast Guide (book slides) Slide 9By Dr.Sami Khiami Firewall Proxy Loadbalancer TargetedApplication Detecting load balancers: - Surrounding IP scan - Detecting unsynchronized time stamp - detecting different (last modified or Etag) header for the same resource - Existence of unusual cookies. - Different SSL certificate Detecting Proxies: - Using Trace command that echo the exact request and detect changes. - Standard connect test - Standard proxy request
  • 10. Mapping Application 2017-05-03 Web Application Security Fast Guide (book slides) Slide 10By Dr.Sami Khiami F1 F3 F2 F4 Application Web application crawling User Guided spidering http://theSiteName.c om/stable/en/about Hidden contents Robots.txt (disallow)
  • 11. Other info sources 2017-05-03 Web Application Security Fast Guide (book slides) Slide 11By Dr.Sami Khiami
  • 12. Other info sources(cont.) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 12By Dr.Sami Khiami Site: www.theExploredSite which return all references indexed by google. Site: www.theExploredSite login that returns all pages containing login Link: www.theExploredSite returns all pages on other websites that has link to that specific site. Related: www.theExploredSite returns similar web pages.
  • 13. Other info sources(cont.) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 13By Dr.Sami Khiami MALTEGO tool
  • 14. Map Vulnerabilities & parameters 2017-05-03 Web Application Security Fast Guide (book slides) Slide 14By Dr.Sami Khiami CVE Parameters Guessing Add or remove parameters Change parameters
  • 15. Documenting 2017-05-03 Web Application Security Fast Guide (book slides) Slide 15By Dr.Sami Khiami manageAccount.php error.php login.php terminateAccount.php showAccount.php activateAccount.php ?action=t&id=12 ?action=s&id=12 ?action=a&id=12 Page name Path Use SSL? Static or Dynamic Need Auth.? Used method comments aboutUs.html /about No S No Get Login.php /login Yes D Yes Post
  • 16. Map Proofing 2017-05-03 Web Application Security Fast Guide (book slides) Slide 16By Dr.Sami Khiami Application • Hide your directories contents and structures • Use different root folders for user and administrator • put all JavaScript files to a single folder and be sure to omit the execution permission from that folder • remove all comment from production code • Never use absolute path to refer files, always use relative paths • The script should remove any directory traversal character like (../../) • Be sure to apply authentication on all directory contents and subdirectory
  • 17. Attack analysing stage 2017-05-03 Web Application Security Fast Guide (book slides) Slide 17By Dr.Sami Khiami • Specify attack surface: figuring what are possible scenarios to execute the attack and compromise the application • Specify the feasibility of each scenario from resource and time point of view Attack surface Attack feasibility
  • 18. Identify Attack Surface 2017-05-03 Web Application Security Fast Guide (book slides) Slide 18By Dr.Sami Khiami • Client side validation server or client? • possible SQL injection, Database issue, root database account or any code or discovered comment that might give partial or full access to the database. • Available upload or download functionalities with path traversal • Check for ability to display user supplied data , uploading a file or open editors. • Check ability to use invalidated parameters pushed to pages that do redirects • possibility of using brute force attack • Isolate available information that might help in escalate privileges like cookies and session state information. • Using collected info try to identify non encrypted communication channels • Identify interfaces to external system it might represent an information leakage point • Analyze all generated error message for information leakage. • Identify any pages that interact with mail server to try command or email injection • Identify the usage of native code that might be a potential vulnerability for buffer over flow. • Identify any known structure , folder names , themes from known third party application which can open the door to search for known vulnerabilities • Identify common vulnerability in the used web server.
  • 19. Specify Attack feasibility 2017-05-03 Web Application Security Fast Guide (book slides) Slide 19By Dr.Sami Khiami Attack A Attack B Attack C 1 3 2 Possible attack scenario description Attackcategory Coherencewithattackpurpose(%) Estimatedeffortweight(%) Estimatedresourceweight(%) EstimatedComplexity(%) Priority A C I R
  • 20. 2017-05-03 Web Application Security Fast Guide (book slides) Slide 20By Dr.Sami Khiami End Of Chapter4