SlideShare a Scribd company logo
1 of 15
OWASP Testing
Guide
Practical Hands-on for VAPT
A Quick Vocab.
▪ Vulnerability: A flaw or weakness in system security procedures, design,
implementation, or internal controls that may result in a security breach or a
violation of the system's security policy.
▪ Threat: The potential for a specific vulnerability to be exercised either intentionally
or accidentally
▪ Control: measures taken to prevent, detect, minimize, or eliminate risk to protect
the Integrity, Confidentiality, and Availability of information.
▪ Vulnerability Assessment: The process of identifying, quantifying, and prioritizing
(or ranking) the vulnerabilities in a system.
What is Information Security?
▪ Information Security means protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification or destruction.
▪ Term Information Security follows CIA
• Confidentiality: Assurance that the information is accessible only to
those authorized to have access. Confidentiality breaches may occur
due to improper data handling or a hacking attempt.
• Integrity: The data or resources in term of preventing improper and
unauthorized changes. Assurance that Information can be relied upon to
be sufficiently accurate for its purpose.
• Availability: Assurance that the systems responsible for delivering,
storing and processing Information are accessible when required by the
authorized users
CIA Explained:
Vulnerabilities
Where do they come from?
1. Flaws in software
2. Faulty configuration
3. Weak passwords
4. Human error
I. Inappropriately assigned permission levels
II. System inappropriately placed in infrastructure/environment
Vulnerabilities don’t go away by themselves
4.2 Information Gathering
1. Google Hacking Database
2. Internet Archive : WAYBACK MACHINE
3. Robots.txt
4. Fingerprint Webserver & Application (X-Powered-By, Server headers)
5. Crawl the Web Application
6. Review Comments and metadata.
7. Review & understand Entry points in the application
4.3 Configuration and Deployment Management
Testing
1. Test for default credentials
2. Test for Generic/Default Error Pages (404, 500, 203 etc.)
3. Direct referencing of Sensitive Documents without proper Authentication.
4. Check for broken Links
5. Test for HTTP Methods (PUT, DELETE, TRACE, OPTIONS, CONNECT)
6. Check for HTTP Strict Transport Security (HSTS)
7. Test for access of Admin Interfaces by privilege escalation/bypass.
8. Test for Rich Internet Applications (RIA) that have adopted Adobe's
crossdomain.xml policy.
4.4 Identity Management Testing
1. Test Role Definitions.
2. Test User Registration & Provisioning Process.
3. Test for Account Enumeration and Guessable User Account
4. Test for Weak or unenforced username policy
4.5 Authentication Testing
1. Test for Sensitive Information being sent over HTTP
2. Check for AUTOCOMPLETE & CAPTCHA.
3. Test Account Lockout Threshold.
4. Check for Weak Password and Security Q/A Policy.
5. Test for Password Change/Reset Policy.
6. Test for weaker authentication through alternative channel.
7. Check for Default credentials.
4.6 Authorization Testing
1. Directory Traversal
2. Insecure Direct Object Reference
3. Privilege Escalation
4. Bypass Authentication Schema
4.7 Session Management Testing
1. Check for session Cookie attributes/flags (Secure, HttpOnly, Domain, Path,
Expires attribute)
2. Session Fixation / Session Hijack / Cookie Steeling.
3. CSRF
4. Session Timeout
5. Session Puzzling.
4.8 Input Validation Testing
1. XSS, SQL Injection, Buffer Overflow
2. Local / Remote File Inclusion
3. Command & Code Injection
4.9 Testing for Error Handling
1. Enumerate Server Error Pages & Information Disclosed on same
4.10 Testing for weak Cryptography
1. Perform SSL Scan
2. Verify for Secure Certificate signing algorithm
3. Verify for CA
4. Verify SSL / TLS Version supported
5. Verify for Weak Cipher Suites Supported
6. Check for vulnerability of POODLE, FREAK, CRIME, BEAST Attacks.
7. Check the Validity / Expiry of the Certificate.
4.12 Client Side Testing
1. DOM based XSS
2. Un-validated URL Redirect
3. X Origin Resource Sharing
4. Clickjacking / UI Readdressing
5. Local / Cache storage
4.11 Business Logic Testing
One size doesn’t fit all!
Customize your plans & procedures
Differently for different types of
Application.
Do not generalize the Risk Rating.
Things to Remember
1. Stick to your protocols
2. Take the Application Version No. & Compilation/Build Time-stamp with
evidence(screenshot) as the VAPT done & Report prepared by you is valid
only on the same application until-unless tampered.
3. Make the client aware of the risks involved while performing the Security
Audit.
4. Inform the client pre & post VAPT Activity.
5. Take PoCs wherever possible.
6. Filter your results from False-Positives.
7. Stick to the Report Format (improve it with your manager’s permission)

More Related Content

What's hot

Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
XXE injection - Nguyễn Tăng Hưng
XXE injection - Nguyễn Tăng HưngXXE injection - Nguyễn Tăng Hưng
XXE injection - Nguyễn Tăng HưngVõ Thái Lâm
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testingMohit Belwal
 
Security Testing
Security TestingSecurity Testing
Security TestingQualitest
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim HegazyHackIT Ukraine
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9Murat KARA
 

What's hot (20)

Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
 
Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
XXE injection - Nguyễn Tăng Hưng
XXE injection - Nguyễn Tăng HưngXXE injection - Nguyễn Tăng Hưng
XXE injection - Nguyễn Tăng Hưng
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Security Testing for Web Application
Security Testing for Web ApplicationSecurity Testing for Web Application
Security Testing for Web Application
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
 
security onion
security onionsecurity onion
security onion
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
 
Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9Siber Güvenlik ve Etik Hacking Sunu - 9
Siber Güvenlik ve Etik Hacking Sunu - 9
 

Viewers also liked (7)

Osi model 7 Layers
Osi model 7 LayersOsi model 7 Layers
Osi model 7 Layers
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
 
AUDITime information Systems (I) Pvt. Ltd.
AUDITime information Systems (I) Pvt. Ltd.AUDITime information Systems (I) Pvt. Ltd.
AUDITime information Systems (I) Pvt. Ltd.
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Servers
 
Network architecture
Network architectureNetwork architecture
Network architecture
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
OSI Model
OSI ModelOSI Model
OSI Model
 

Similar to OTG - Practical Hands on VAPT

How to Test for The OWASP Top Ten
 How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 
OWASP, Application Security
OWASP, Application Security OWASP, Application Security
OWASP, Application Security Dilip Sharma
 
Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881Masoud Kalali
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishMarkus Eisele
 
Owasp top10salesforce
Owasp top10salesforceOwasp top10salesforce
Owasp top10salesforcegbreavin
 
Web application development_dos_and_donts
Web application development_dos_and_dontsWeb application development_dos_and_donts
Web application development_dos_and_dontshuynhvanphuc
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
Owasp Top 10 2017
Owasp Top 10 2017Owasp Top 10 2017
Owasp Top 10 2017SamsonMuoki
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10InnoTech
 
Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010Security Ninja
 

Similar to OTG - Practical Hands on VAPT (20)

How to Test for The OWASP Top Ten
 How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
 
WebApp_to_Container_Security.pdf
WebApp_to_Container_Security.pdfWebApp_to_Container_Security.pdf
WebApp_to_Container_Security.pdf
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
Web security uploadv1
Web security uploadv1Web security uploadv1
Web security uploadv1
 
OWASP, Application Security
OWASP, Application Security OWASP, Application Security
OWASP, Application Security
 
Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881Slides for the #JavaOne Session ID: CON11881
Slides for the #JavaOne Session ID: CON11881
 
Java EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFishJava EE 6 Security in practice with GlassFish
Java EE 6 Security in practice with GlassFish
 
Owasp top10salesforce
Owasp top10salesforceOwasp top10salesforce
Owasp top10salesforce
 
Web application development_dos_and_donts
Web application development_dos_and_dontsWeb application development_dos_and_donts
Web application development_dos_and_donts
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
Owasp Top 10 2017
Owasp Top 10 2017Owasp Top 10 2017
Owasp Top 10 2017
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
 
Webdays blida mobile top 10 risks
Webdays blida   mobile top 10 risksWebdays blida   mobile top 10 risks
Webdays blida mobile top 10 risks
 
Security Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSecurity Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android Apps
 
Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010
 
Web application security (eng)
Web application security (eng)Web application security (eng)
Web application security (eng)
 

Recently uploaded

Objectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptxObjectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptxMadhavi Dharankar
 
Paul Dobryden In Media Res Media Component
Paul Dobryden In Media Res Media ComponentPaul Dobryden In Media Res Media Component
Paul Dobryden In Media Res Media ComponentInMediaRes1
 
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 11 (CẢ NĂM) - FRIENDS GLOBAL - NĂM HỌC...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 11 (CẢ NĂM) - FRIENDS GLOBAL - NĂM HỌC...BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 11 (CẢ NĂM) - FRIENDS GLOBAL - NĂM HỌC...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 11 (CẢ NĂM) - FRIENDS GLOBAL - NĂM HỌC...Nguyen Thanh Tu Collection
 
DiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdfDiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdfChristalin Nelson
 
Shark introduction Morphology and its behaviour characteristics
Shark introduction Morphology and its behaviour characteristicsShark introduction Morphology and its behaviour characteristics
Shark introduction Morphology and its behaviour characteristicsArubSultan
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxAnupam32727
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroomSamsung Business USA
 
Transdisciplinary Pathways for Urban Resilience [Work in Progress].pptx
Transdisciplinary Pathways for Urban Resilience [Work in Progress].pptxTransdisciplinary Pathways for Urban Resilience [Work in Progress].pptx
Transdisciplinary Pathways for Urban Resilience [Work in Progress].pptxinfo924062
 
How to create _name_search function in odoo 17
How to create _name_search function in odoo 17How to create _name_search function in odoo 17
How to create _name_search function in odoo 17Celine George
 
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineHow to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineCeline George
 
Sarah Lahm In Media Res Media Component
Sarah Lahm  In Media Res Media ComponentSarah Lahm  In Media Res Media Component
Sarah Lahm In Media Res Media ComponentInMediaRes1
 
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...Nguyen Thanh Tu Collection
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesVijayaLaxmi84
 
4.4.24 Economic Precarity and Global Economic Forces.pptx
4.4.24 Economic Precarity and Global Economic Forces.pptx4.4.24 Economic Precarity and Global Economic Forces.pptx
4.4.24 Economic Precarity and Global Economic Forces.pptxmary850239
 
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...DrVipulVKapoor
 

Recently uploaded (20)

Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
Mattingly "AI & Prompt Design" - Introduction to Machine Learning"
 
Objectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptxObjectives n learning outcoms - MD 20240404.pptx
Objectives n learning outcoms - MD 20240404.pptx
 
Paul Dobryden In Media Res Media Component
Paul Dobryden In Media Res Media ComponentPaul Dobryden In Media Res Media Component
Paul Dobryden In Media Res Media Component
 
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 11 (CẢ NĂM) - FRIENDS GLOBAL - NĂM HỌC...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 11 (CẢ NĂM) - FRIENDS GLOBAL - NĂM HỌC...BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 11 (CẢ NĂM) - FRIENDS GLOBAL - NĂM HỌC...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 11 (CẢ NĂM) - FRIENDS GLOBAL - NĂM HỌC...
 
DiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdfDiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdf
 
Shark introduction Morphology and its behaviour characteristics
Shark introduction Morphology and its behaviour characteristicsShark introduction Morphology and its behaviour characteristics
Shark introduction Morphology and its behaviour characteristics
 
Israel Genealogy Research Assoc. April 2024 Database Release
Israel Genealogy Research Assoc. April 2024 Database ReleaseIsrael Genealogy Research Assoc. April 2024 Database Release
Israel Genealogy Research Assoc. April 2024 Database Release
 
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptxCLASSIFICATION OF ANTI - CANCER DRUGS.pptx
CLASSIFICATION OF ANTI - CANCER DRUGS.pptx
 
6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom6 ways Samsung’s Interactive Display powered by Android changes the classroom
6 ways Samsung’s Interactive Display powered by Android changes the classroom
 
Transdisciplinary Pathways for Urban Resilience [Work in Progress].pptx
Transdisciplinary Pathways for Urban Resilience [Work in Progress].pptxTransdisciplinary Pathways for Urban Resilience [Work in Progress].pptx
Transdisciplinary Pathways for Urban Resilience [Work in Progress].pptx
 
How to create _name_search function in odoo 17
How to create _name_search function in odoo 17How to create _name_search function in odoo 17
How to create _name_search function in odoo 17
 
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineHow to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command Line
 
Sarah Lahm In Media Res Media Component
Sarah Lahm  In Media Res Media ComponentSarah Lahm  In Media Res Media Component
Sarah Lahm In Media Res Media Component
 
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their uses
 
Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,Spearman's correlation,Formula,Advantages,
Spearman's correlation,Formula,Advantages,
 
4.4.24 Economic Precarity and Global Economic Forces.pptx
4.4.24 Economic Precarity and Global Economic Forces.pptx4.4.24 Economic Precarity and Global Economic Forces.pptx
4.4.24 Economic Precarity and Global Economic Forces.pptx
 
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
Plagiarism,forms,understand about plagiarism,avoid plagiarism,key significanc...
 
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
Geoffrey Chaucer Works II UGC NET JRF TGT PGT MA PHD Entrance Exam II History...
 
Chi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical VariableChi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical Variable
 

OTG - Practical Hands on VAPT

  • 2. A Quick Vocab. ▪ Vulnerability: A flaw or weakness in system security procedures, design, implementation, or internal controls that may result in a security breach or a violation of the system's security policy. ▪ Threat: The potential for a specific vulnerability to be exercised either intentionally or accidentally ▪ Control: measures taken to prevent, detect, minimize, or eliminate risk to protect the Integrity, Confidentiality, and Availability of information. ▪ Vulnerability Assessment: The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.
  • 3. What is Information Security? ▪ Information Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. ▪ Term Information Security follows CIA
  • 4. • Confidentiality: Assurance that the information is accessible only to those authorized to have access. Confidentiality breaches may occur due to improper data handling or a hacking attempt. • Integrity: The data or resources in term of preventing improper and unauthorized changes. Assurance that Information can be relied upon to be sufficiently accurate for its purpose. • Availability: Assurance that the systems responsible for delivering, storing and processing Information are accessible when required by the authorized users CIA Explained:
  • 5. Vulnerabilities Where do they come from? 1. Flaws in software 2. Faulty configuration 3. Weak passwords 4. Human error I. Inappropriately assigned permission levels II. System inappropriately placed in infrastructure/environment Vulnerabilities don’t go away by themselves
  • 6. 4.2 Information Gathering 1. Google Hacking Database 2. Internet Archive : WAYBACK MACHINE 3. Robots.txt 4. Fingerprint Webserver & Application (X-Powered-By, Server headers) 5. Crawl the Web Application 6. Review Comments and metadata. 7. Review & understand Entry points in the application
  • 7. 4.3 Configuration and Deployment Management Testing 1. Test for default credentials 2. Test for Generic/Default Error Pages (404, 500, 203 etc.) 3. Direct referencing of Sensitive Documents without proper Authentication. 4. Check for broken Links 5. Test for HTTP Methods (PUT, DELETE, TRACE, OPTIONS, CONNECT) 6. Check for HTTP Strict Transport Security (HSTS) 7. Test for access of Admin Interfaces by privilege escalation/bypass. 8. Test for Rich Internet Applications (RIA) that have adopted Adobe's crossdomain.xml policy.
  • 8. 4.4 Identity Management Testing 1. Test Role Definitions. 2. Test User Registration & Provisioning Process. 3. Test for Account Enumeration and Guessable User Account 4. Test for Weak or unenforced username policy
  • 9. 4.5 Authentication Testing 1. Test for Sensitive Information being sent over HTTP 2. Check for AUTOCOMPLETE & CAPTCHA. 3. Test Account Lockout Threshold. 4. Check for Weak Password and Security Q/A Policy. 5. Test for Password Change/Reset Policy. 6. Test for weaker authentication through alternative channel. 7. Check for Default credentials.
  • 10. 4.6 Authorization Testing 1. Directory Traversal 2. Insecure Direct Object Reference 3. Privilege Escalation 4. Bypass Authentication Schema 4.7 Session Management Testing 1. Check for session Cookie attributes/flags (Secure, HttpOnly, Domain, Path, Expires attribute) 2. Session Fixation / Session Hijack / Cookie Steeling. 3. CSRF 4. Session Timeout 5. Session Puzzling.
  • 11. 4.8 Input Validation Testing 1. XSS, SQL Injection, Buffer Overflow 2. Local / Remote File Inclusion 3. Command & Code Injection 4.9 Testing for Error Handling 1. Enumerate Server Error Pages & Information Disclosed on same
  • 12. 4.10 Testing for weak Cryptography 1. Perform SSL Scan 2. Verify for Secure Certificate signing algorithm 3. Verify for CA 4. Verify SSL / TLS Version supported 5. Verify for Weak Cipher Suites Supported 6. Check for vulnerability of POODLE, FREAK, CRIME, BEAST Attacks. 7. Check the Validity / Expiry of the Certificate.
  • 13. 4.12 Client Side Testing 1. DOM based XSS 2. Un-validated URL Redirect 3. X Origin Resource Sharing 4. Clickjacking / UI Readdressing 5. Local / Cache storage 4.11 Business Logic Testing
  • 14. One size doesn’t fit all! Customize your plans & procedures Differently for different types of Application. Do not generalize the Risk Rating.
  • 15. Things to Remember 1. Stick to your protocols 2. Take the Application Version No. & Compilation/Build Time-stamp with evidence(screenshot) as the VAPT done & Report prepared by you is valid only on the same application until-unless tampered. 3. Make the client aware of the risks involved while performing the Security Audit. 4. Inform the client pre & post VAPT Activity. 5. Take PoCs wherever possible. 6. Filter your results from False-Positives. 7. Stick to the Report Format (improve it with your manager’s permission)