Aravindan A, profile picture
Uploaded byAravindan A
PPTX, PDF79 views

application security basics

This document provides an overview of topics related to analyzing and attacking web applications. It discusses techniques for reconnaissance like using Wireshark, browser plugins, proxies, scanners and fuzzers to gather information. It also covers mapping applications, identifying vulnerabilities outlined in the OWASP Top 10 like injection, XSS and insecure authentication, and additional risks like clickjacking, denial of service and information leakage.

Embed presentation

Download to read offline
Web Applications (In)Security
Reconnaissance Topics Covered: • Web Application Analysis • Web Application Mapping Module 2–Chapter 1
Web Applications Analysis Topics Covered: • Wireshark • BrowserPlugins • Proxies • Scanners • Fuzzers Module 2–Chapter 1
Wireshark • Profile networktraffic • Capturesrawtraffic • Packetanalyzer • 2.1 – Reconnaissance
Browser Plugins • Show/ChangehowthebrowserinteractswiththeWeb Application • PopularPlugins • TamperData • LiveHTTPHeaders • 2.1 – Reconnaissance Web Server Request Response Browser
Proxies • Control howdatais exchangedbetweenthebrowserandweb app • Canvirtually tamper any request/response • 2.1 – Reconnaissance Web Server Request Response Request Response Browser Proxy
Scanners • Attemptto find vulnerabilities usingknownattacks • Canautomatically try to exploitthe vulnerabilities • 2.1 – Reconnaissance Web Server Database Scanner
Fuzzers • Submit invalid andunexpectedrandomdatatotheweb application • Evaluate how exceptionsare handled • Mightunveil bugsintheapplication code • 2.1 – Reconnaissance Web AppFuzzer
Web Applications Mapping Topics Covered: • Web Applications Mapping • Spiders 2.1–Reconnaissance
Web Applications Mapping • Collect theinfogatheredin theanalysisprocess • Mapeach infoto the appropriate resource • 2.1 – Reconnaissance Database Web Server • SW version • OS version • Net info Web App • Language • … Web Server Lucas
Spiders • Automatically sendrequestsandinterpretresponses • Create a map of the web application resources • 2.1 – Reconnaissance Web AppSpider Database
Web Applications Attacks Topics Covered: • OWASP TOP 10 – 2013 • AdditionalRisks Module 2–Chapter 2
The Game Changer • 2.2 – Web Applications Attacks Tommy HeisenbergLucas • Userinput…Cannot be trusted! Web App Request Response Request Response
OWASP TOP 10 - 2013 A1:Injection A2:BrokenAuthenticationandSessionManagement A3:Cross-SiteScripting(XSS) A4:InsecureDirectObjectReferences A5:SecurityMisconfiguration • 2.2 – Web Applications Attacks A6:SensitiveDataExposure A7: MissingFunctionLevelAccessControl A8:CrossSiteRequestForgery(CSRF) A9:UsingKnownVulnerableComponents A10:UnvalidatedRedirectsandForwards
A1: Injection • Text-basedattacksthatexploit thesyntax of thetargetedinterpreter • 2.2 – Web Applications Attacks OS Command Database Logs XML XML JavaScript JS LDAPAttack Payload
SQL Injections • Database executesthecode in theattackerpayload • 2.2 – Web Applications Attacks SELECT * FROM Movies WHERE Title = a‘ OR 1 = 1 ORDER BY Year data code escape character HTTP Request HTTP Response SQL Query SQL output Database Web Browser Title: Year: Price: a ‘ OR 1 = 1 Eisenberg Web App dumpdump
A2: Broken Auth. and Session Management • Attackerusesexposed credentialsor session IDs to impersonate users • 2.2 – Web Applications Attacks Tommy Eisenberg HTTP Request http://airline.com/login.html HTTP Response http://airline.com/?SESSIONID=03098301 Web App HTTP Request http://airline.com/?SESSIONID=03098301
A3: Cross-Site Scripting (XSS) • Attackpayload storedin applicationdatabase(JavaScript Injection) • Reflected directlyinto the client • 2.2 – Web Applications Attacks Eisenberg Tommy HTTP Request HTTP Request HTTP Response Browser HTTP Request Hackerland Web App
A4: Insecure Direct Object References • Usersable to accessunauthorizedfiles data • 2.2 – Web Applications Attacks Eisenberg HTTP Request http://mybank.com/?acct=1000 HTTP Response http://mybank.com/?acct=1000 HTTP Request http://mybank.com/?acct=1001 HTTP Response http://mybank.com/?acct=1001 Web App
A5: Security Misconfiguration • Anycomponent of anysystemnot properly secured • Defaultaccounts,unpatchedflaws,unprotectedfilesanddirectories • 2.2 – Web Applications Attacks Eisenberg HTTP Request Components: • Operating System • Web Server Software • Web App Technology Database HTTP Request Web Server
A6: Sensitive Data Exposure • Attackergain accessandretrieve sensitive data • Stealingencryptionkeysorcleartextdata • 2.2 – Web Applications Attacks Eisenberg HTTP Request Web App Database HTTP Response Encrypted Data SQL Query Clear Text Data
A7: Missing Function Level Access Control • Private functionsare notprotectedagainstunauthorizedaccess • 2.2 – Web Applications Attacks Eisenberg HTTP Request http://myportal.com/?action=search HTTP Request http://myportal.com/?action=admin Web App
A8: Cross Site Request Forgery (CSRF) • Attackerforges HTTP requestsonbehalf of theuser • Canbeembeddedinimagestags,XSSetc. • Attacksucceedsonlyifuserisauthenticated • 2.2 – Web Applications Attacks Tommy Hackerland Web App Browser HTTP Request http://hackedwebsite.com http://hackedwebsite.com/welcome.html HTTP Response HTTP Request http://mybank.com/transfer?amm=1000&dest=1308921 mybank.com session cookie welcome.html <html>…. <img src= http://mybank.com/transfer? amm=1000&dest=1308921 ……</html> mybank.com session cookie
A9: Using Known Vulnerable Components • Attackerscans, identifies, andexploits vulnerable modules of webapp • Automatedtoolscanbeused • 2.2 – Web Applications Attacks Eisenberg ZAP Web App
A10: Unvalidated Redirects and Forwards • Attackersredirectvictim toa specific website • 2.2 – Web Applications Attacks HTTP Request HTTP Response HTTP Request Hackerland Web App Tommy Browser http://shop.com/prod.jsp?p=120&dest=http://hackerland.com HTTP Response Redirect to http://hackerland.com
Additional Risks Topics Covered: • Clickjacking • Application Denialof Service • Information Leakage Module 2–Chapter 2
Clickjacking • Attackerhidesclickableelements insideaniframe • User unknowinglyinteractswith theattackerpage • 2.2 – Web Applications Attacks Tommy Hackerland HTTP Request Info sent to http://hackerland.com
Application Denial of Service • Attackerconsumes all theavailable systemresources • Webapplicationstakedowntheentire system • Attackercantargetspecific usersor modules of aweb application • Common HTTP DoS attacks: • Slowloris: SlowHTTPHeadersVulnerability • RUDY(R-U-Dead-Yet):Slow HTTPPOSTVulnerability • Slow-ReadDoSAttack • 2.2 – Web Applications Attacks
Information Leakage • Web application reveals sensitive data regarding • Webapplicationitself • Hosting environment • Userdataintoerrorresponses • 2.2 – Web Applications Attacks Eisenberg Web App HTTP Request HTTP Response 503 – DB 192.168.0.23 unreachable

More Related Content

PPTX
Hacking mobile apps
bykunwaratul hax0r
 
PPTX
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
bySecurity Innovation
 
PPTX
BHUSA 2021 - Cloud with a Chance of APT
byDouglas Bienstock
 
PPTX
Burp intruder
bypenetration Tester
 
PPTX
How to Test for The OWASP Top Ten
bySecurity Innovation
 
PDF
APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...
byapidays
 
PPTX
The presentation on my "Shadow Admins" research
byAsaf Hecht
 
PDF
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
byPriyanka Aash
 
Hacking mobile apps
bykunwaratul hax0r
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
bySecurity Innovation
 
BHUSA 2021 - Cloud with a Chance of APT
byDouglas Bienstock
 
Burp intruder
bypenetration Tester
 
How to Test for The OWASP Top Ten
bySecurity Innovation
 
APIdays Paris 2019 - RASP for APIs and Microservices by Jean-Baptiste Aviat, ...
byapidays
 
The presentation on my "Shadow Admins" research
byAsaf Hecht
 
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
byPriyanka Aash
 

What's hot

PPTX
Sql Injection
byAju Thomas
 
PPTX
Troopers 19 - I am AD FS and So Can You
byDouglas Bienstock
 
PPTX
Jenkins Terraform Vault
byShrivatsa Upadhye
 
PDF
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
byAsaf Hecht
 
PDF
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
bySam Bowne
 
PDF
Web application security & Testing
byDeepu S Nath
 
PDF
Foreman Single Sign-On Made Easy with Keycloak
byNikhil Kathole
 
PPTX
CSS 17: NYC - Protecting your Web Applications
byAlert Logic
 
PPTX
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
byInspirisys Solutions Limited
 
PDF
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
bySam Bowne
 
PDF
Top 10 web application security risks akash mahajan
byAkash Mahajan
 
PPT
Step by step guide for web application security testing
byAvyaan, Web Security Company in India
 
PDF
Web application security
byAkash Mahajan
 
PDF
IglooConf 2019 Secure your Azure applications like a pro
byKarl Ots
 
PPTX
IoT: Detect abnormal device behavior and disconnect devices automatically
byAWS Germany
 
PDF
Web security and OWASP
byIsuru Samaraweera
 
PPTX
Vulnerability intelligence with vulners.com
byIgor Bulatenko
 
PDF
CIS13: APIs, Identity, and Securing the Enterprise
byCloudIDSummit
 
PPTX
PIDS research slides from MALCON 2018 conference - Asaf Hecht
byAsaf Hecht
 
KEY
The Cloud Security Rules
byKai Roer
 
Sql Injection
byAju Thomas
 
Troopers 19 - I am AD FS and So Can You
byDouglas Bienstock
 
Jenkins Terraform Vault
byShrivatsa Upadhye
 
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
byAsaf Hecht
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
bySam Bowne
 
Web application security & Testing
byDeepu S Nath
 
Foreman Single Sign-On Made Easy with Keycloak
byNikhil Kathole
 
CSS 17: NYC - Protecting your Web Applications
byAlert Logic
 
7 Vulnerabilities In Your Web Application That Can Open The Door To Security ...
byInspirisys Solutions Limited
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
bySam Bowne
 
Top 10 web application security risks akash mahajan
byAkash Mahajan
 
Step by step guide for web application security testing
byAvyaan, Web Security Company in India
 
Web application security
byAkash Mahajan
 
IglooConf 2019 Secure your Azure applications like a pro
byKarl Ots
 
IoT: Detect abnormal device behavior and disconnect devices automatically
byAWS Germany
 
Web security and OWASP
byIsuru Samaraweera
 
Vulnerability intelligence with vulners.com
byIgor Bulatenko
 
CIS13: APIs, Identity, and Securing the Enterprise
byCloudIDSummit
 
PIDS research slides from MALCON 2018 conference - Asaf Hecht
byAsaf Hecht
 
The Cloud Security Rules
byKai Roer
 

Similar to application security basics

PPT
performing security testing of web applications.web-and- -hacking.ppt
bywaudit1
 
PPT
Web Application Hacking 2004
byMike Spaulding
 
PPTX
LECTURE-DEC-6_web-application-attacks (1).pptx
byJhonFrancisDuarte
 
PPTX
Web Security
byAli Habeeb
 
PPT
Hack applications
byenrizmoore
 
PPT
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
byAlan Kan
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PDF
Web application security I
byMd Syed Ahamad
 
PPT
Hacking web applications
byAdeel Javaid
 
PDF
Web 20 Security Defending Ajax Ria And Soa Shreeraj Shah
bygqkbolrijy636
 
PDF
Common Web Application Attacks
byAhmed Sherif
 
PDF
Web 2.0 threats, vulnerability analysis,secure web 2.0 application developmen...
byMarco Morana
 
PDF
Web vulnerabilities
byKrishna Gehlot
 
PDF
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
byijistjournal
 
PDF
IRJET- Survey on Web Application Vulnerabilities
byIRJET Journal
 
PPT
Web application security
byrandhawa121985
 
PDF
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
byijistjournal
 
PPT
Web Attacks - Top threats - 2010
byShreeraj Shah
 
PDF
Web Application Security Guide by Qualys 2011
bynat page
 
PDF
Qg was guide
bynat page
 
performing security testing of web applications.web-and- -hacking.ppt
bywaudit1
 
Web Application Hacking 2004
byMike Spaulding
 
LECTURE-DEC-6_web-application-attacks (1).pptx
byJhonFrancisDuarte
 
Web Security
byAli Habeeb
 
Hack applications
byenrizmoore
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
byAlan Kan
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
Web application security I
byMd Syed Ahamad
 
Hacking web applications
byAdeel Javaid
 
Web 20 Security Defending Ajax Ria And Soa Shreeraj Shah
bygqkbolrijy636
 
Common Web Application Attacks
byAhmed Sherif
 
Web 2.0 threats, vulnerability analysis,secure web 2.0 application developmen...
byMarco Morana
 
Web vulnerabilities
byKrishna Gehlot
 
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
byijistjournal
 
IRJET- Survey on Web Application Vulnerabilities
byIRJET Journal
 
Web application security
byrandhawa121985
 
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
byijistjournal
 
Web Attacks - Top threats - 2010
byShreeraj Shah
 
Web Application Security Guide by Qualys 2011
bynat page
 
Qg was guide
bynat page
 

More from Aravindan A

PPTX
Advanced security in Barracuda WAF
byAravindan A
 
PPTX
WAF deployment
byAravindan A
 
PPTX
Barracuda WAF Deployment in Microsoft Azure
byAravindan A
 
PPTX
Barracuda WAF deployment in AWS
byAravindan A
 
PPTX
Application delivery
byAravindan A
 
PPTX
Logging intro
byAravindan A
 
PPTX
Access control
byAravindan A
 
PPTX
Advanced networking
byAravindan A
 
PPTX
Devops
byAravindan A
 
PPTX
Basic security and Barracuda VRS
byAravindan A
 
PPTX
general protocol basics
byAravindan A
 
PPTX
Reporting
byAravindan A
 
PPTX
System administration
byAravindan A
 
PPTX
Api sec demo_updated_v2
byAravindan A
 
PPTX
Application delivery
byAravindan A
 
PPTX
WAF CC Introduction
byAravindan A
 
Advanced security in Barracuda WAF
byAravindan A
 
WAF deployment
byAravindan A
 
Barracuda WAF Deployment in Microsoft Azure
byAravindan A
 
Barracuda WAF deployment in AWS
byAravindan A
 
Application delivery
byAravindan A
 
Logging intro
byAravindan A
 
Access control
byAravindan A
 
Advanced networking
byAravindan A
 
Devops
byAravindan A
 
Basic security and Barracuda VRS
byAravindan A
 
general protocol basics
byAravindan A
 
Reporting
byAravindan A
 
System administration
byAravindan A
 
Api sec demo_updated_v2
byAravindan A
 
Application delivery
byAravindan A
 
WAF CC Introduction
byAravindan A
 

Recently uploaded

PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PDF
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PDF
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PDF
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PDF
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 

application security basics

  • 1.
  • 2.
    Reconnaissance Topics Covered: • WebApplication Analysis • Web Application Mapping Module 2–Chapter 1
  • 3.
    Web Applications Analysis TopicsCovered: • Wireshark • BrowserPlugins • Proxies • Scanners • Fuzzers Module 2–Chapter 1
  • 4.
    Wireshark • Profile networktraffic •Capturesrawtraffic • Packetanalyzer • 2.1 – Reconnaissance
  • 5.
    Browser Plugins • Show/ChangehowthebrowserinteractswiththeWebApplication • PopularPlugins • TamperData • LiveHTTPHeaders • 2.1 – Reconnaissance Web Server Request Response Browser
  • 6.
    Proxies • Control howdataisexchangedbetweenthebrowserandweb app • Canvirtually tamper any request/response • 2.1 – Reconnaissance Web Server Request Response Request Response Browser Proxy
  • 7.
    Scanners • Attemptto findvulnerabilities usingknownattacks • Canautomatically try to exploitthe vulnerabilities • 2.1 – Reconnaissance Web Server Database Scanner
  • 8.
    Fuzzers • Submit invalidandunexpectedrandomdatatotheweb application • Evaluate how exceptionsare handled • Mightunveil bugsintheapplication code • 2.1 – Reconnaissance Web AppFuzzer
  • 9.
    Web Applications Mapping TopicsCovered: • Web Applications Mapping • Spiders 2.1–Reconnaissance
  • 10.
    Web Applications Mapping •Collect theinfogatheredin theanalysisprocess • Mapeach infoto the appropriate resource • 2.1 – Reconnaissance Database Web Server • SW version • OS version • Net info Web App • Language • … Web Server Lucas
  • 11.
    Spiders • Automatically sendrequestsandinterpretresponses •Create a map of the web application resources • 2.1 – Reconnaissance Web AppSpider Database
  • 12.
    Web Applications Attacks TopicsCovered: • OWASP TOP 10 – 2013 • AdditionalRisks Module 2–Chapter 2
  • 13.
    The Game Changer •2.2 – Web Applications Attacks Tommy HeisenbergLucas • Userinput…Cannot be trusted! Web App Request Response Request Response
  • 14.
    OWASP TOP 10- 2013 A1:Injection A2:BrokenAuthenticationandSessionManagement A3:Cross-SiteScripting(XSS) A4:InsecureDirectObjectReferences A5:SecurityMisconfiguration • 2.2 – Web Applications Attacks A6:SensitiveDataExposure A7: MissingFunctionLevelAccessControl A8:CrossSiteRequestForgery(CSRF) A9:UsingKnownVulnerableComponents A10:UnvalidatedRedirectsandForwards
  • 15.
    A1: Injection • Text-basedattacksthatexploitthesyntax of thetargetedinterpreter • 2.2 – Web Applications Attacks OS Command Database Logs XML XML JavaScript JS LDAPAttack Payload
  • 16.
    SQL Injections • Databaseexecutesthecode in theattackerpayload • 2.2 – Web Applications Attacks SELECT * FROM Movies WHERE Title = a‘ OR 1 = 1 ORDER BY Year data code escape character HTTP Request HTTP Response SQL Query SQL output Database Web Browser Title: Year: Price: a ‘ OR 1 = 1 Eisenberg Web App dumpdump
  • 17.
    A2: Broken Auth.and Session Management • Attackerusesexposed credentialsor session IDs to impersonate users • 2.2 – Web Applications Attacks Tommy Eisenberg HTTP Request http://airline.com/login.html HTTP Response http://airline.com/?SESSIONID=03098301 Web App HTTP Request http://airline.com/?SESSIONID=03098301
  • 18.
    A3: Cross-Site Scripting(XSS) • Attackpayload storedin applicationdatabase(JavaScript Injection) • Reflected directlyinto the client • 2.2 – Web Applications Attacks Eisenberg Tommy HTTP Request HTTP Request HTTP Response Browser HTTP Request Hackerland Web App
  • 19.
    A4: Insecure DirectObject References • Usersable to accessunauthorizedfiles data • 2.2 – Web Applications Attacks Eisenberg HTTP Request http://mybank.com/?acct=1000 HTTP Response http://mybank.com/?acct=1000 HTTP Request http://mybank.com/?acct=1001 HTTP Response http://mybank.com/?acct=1001 Web App
  • 20.
    A5: Security Misconfiguration •Anycomponent of anysystemnot properly secured • Defaultaccounts,unpatchedflaws,unprotectedfilesanddirectories • 2.2 – Web Applications Attacks Eisenberg HTTP Request Components: • Operating System • Web Server Software • Web App Technology Database HTTP Request Web Server
  • 21.
    A6: Sensitive DataExposure • Attackergain accessandretrieve sensitive data • Stealingencryptionkeysorcleartextdata • 2.2 – Web Applications Attacks Eisenberg HTTP Request Web App Database HTTP Response Encrypted Data SQL Query Clear Text Data
  • 22.
    A7: Missing FunctionLevel Access Control • Private functionsare notprotectedagainstunauthorizedaccess • 2.2 – Web Applications Attacks Eisenberg HTTP Request http://myportal.com/?action=search HTTP Request http://myportal.com/?action=admin Web App
  • 23.
    A8: Cross SiteRequest Forgery (CSRF) • Attackerforges HTTP requestsonbehalf of theuser • Canbeembeddedinimagestags,XSSetc. • Attacksucceedsonlyifuserisauthenticated • 2.2 – Web Applications Attacks Tommy Hackerland Web App Browser HTTP Request http://hackedwebsite.com http://hackedwebsite.com/welcome.html HTTP Response HTTP Request http://mybank.com/transfer?amm=1000&dest=1308921 mybank.com session cookie welcome.html <html>…. <img src= http://mybank.com/transfer? amm=1000&dest=1308921 ……</html> mybank.com session cookie
  • 24.
    A9: Using KnownVulnerable Components • Attackerscans, identifies, andexploits vulnerable modules of webapp • Automatedtoolscanbeused • 2.2 – Web Applications Attacks Eisenberg ZAP Web App
  • 25.
    A10: Unvalidated Redirectsand Forwards • Attackersredirectvictim toa specific website • 2.2 – Web Applications Attacks HTTP Request HTTP Response HTTP Request Hackerland Web App Tommy Browser http://shop.com/prod.jsp?p=120&dest=http://hackerland.com HTTP Response Redirect to http://hackerland.com
  • 26.
    Additional Risks Topics Covered: •Clickjacking • Application Denialof Service • Information Leakage Module 2–Chapter 2
  • 27.
    Clickjacking • Attackerhidesclickableelements insideaniframe •User unknowinglyinteractswith theattackerpage • 2.2 – Web Applications Attacks Tommy Hackerland HTTP Request Info sent to http://hackerland.com
  • 28.
    Application Denial ofService • Attackerconsumes all theavailable systemresources • Webapplicationstakedowntheentire system • Attackercantargetspecific usersor modules of aweb application • Common HTTP DoS attacks: • Slowloris: SlowHTTPHeadersVulnerability • RUDY(R-U-Dead-Yet):Slow HTTPPOSTVulnerability • Slow-ReadDoSAttack • 2.2 – Web Applications Attacks
  • 29.
    Information Leakage • Webapplication reveals sensitive data regarding • Webapplicationitself • Hosting environment • Userdataintoerrorresponses • 2.2 – Web Applications Attacks Eisenberg Web App HTTP Request HTTP Response 503 – DB 192.168.0.23 unreachable