SlideShare a Scribd company logo

Chapter4:Be The Attacker

Download as PPTX, PDF
D
Dr.Sami Khiami

slides for the book web application security the fast guide chapter2 Web application technologies- authored by Dr. Sami Khiami - Sk computer co

Education
1 of 20
Be The Attacker Web Application Security Fast Guide (book slides) By Dr.Sami Khiami Chapter 4
Be the attacker 2017-05-03 Web Application Security Fast Guide (book slides) Slide 2By Dr.Sami Khiami Time and Place Targets Mindset
2017-05-03 Web Application Security Fast Guide (book slides) Slide 3By Dr.Sami Khiami Time ,Place and target
Attackers Mind set and categories 2017-05-03 Web Application Security Fast Guide (book slides) Slide 4By Dr.Sami Khiami Old School Hacker • No malicious intent • Well educated Script kiddiesCyber-Punks • 12-30 (age) • Vandalize& disturb • Like to brag Coders and Virus writers • Act like elite • Don’t use them self Professional criminals • Make living • Espionage • Target centric
Attack Process 2017-05-03 Web Application Security Fast Guide (book slides) Slide 5By Dr.Sami Khiami
Mapping 2017-05-03 Web Application Security Fast Guide (book slides) Slide 6By Dr.Sami Khiami Mapping Application Mapping Infrastructure
Mapping Servers Info(1) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 7By Dr.Sami Khiami http://www.net-square.com/httprint.html
Mapping Server info (2) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 8By Dr.Sami Khiami http://www.net-square.com/httprint.html
Mapping Intermediaries info 2017-05-03 Web Application Security Fast Guide (book slides) Slide 9By Dr.Sami Khiami Firewall Proxy Loadbalancer TargetedApplication Detecting load balancers: - Surrounding IP scan - Detecting unsynchronized time stamp - detecting different (last modified or Etag) header for the same resource - Existence of unusual cookies. - Different SSL certificate Detecting Proxies: - Using Trace command that echo the exact request and detect changes. - Standard connect test - Standard proxy request
Mapping Application 2017-05-03 Web Application Security Fast Guide (book slides) Slide 10By Dr.Sami Khiami F1 F3 F2 F4 Application Web application crawling User Guided spidering http://theSiteName.c om/stable/en/about Hidden contents Robots.txt (disallow)
Other info sources 2017-05-03 Web Application Security Fast Guide (book slides) Slide 11By Dr.Sami Khiami
Other info sources(cont.) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 12By Dr.Sami Khiami Site: www.theExploredSite which return all references indexed by google. Site: www.theExploredSite login that returns all pages containing login Link: www.theExploredSite returns all pages on other websites that has link to that specific site. Related: www.theExploredSite returns similar web pages.
Other info sources(cont.) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 13By Dr.Sami Khiami MALTEGO tool
Map Vulnerabilities & parameters 2017-05-03 Web Application Security Fast Guide (book slides) Slide 14By Dr.Sami Khiami CVE Parameters Guessing Add or remove parameters Change parameters
Documenting 2017-05-03 Web Application Security Fast Guide (book slides) Slide 15By Dr.Sami Khiami manageAccount.php error.php login.php terminateAccount.php showAccount.php activateAccount.php ?action=t&id=12 ?action=s&id=12 ?action=a&id=12 Page name Path Use SSL? Static or Dynamic Need Auth.? Used method comments aboutUs.html /about No S No Get Login.php /login Yes D Yes Post
Map Proofing 2017-05-03 Web Application Security Fast Guide (book slides) Slide 16By Dr.Sami Khiami Application • Hide your directories contents and structures • Use different root folders for user and administrator • put all JavaScript files to a single folder and be sure to omit the execution permission from that folder • remove all comment from production code • Never use absolute path to refer files, always use relative paths • The script should remove any directory traversal character like (../../) • Be sure to apply authentication on all directory contents and subdirectory
Attack analysing stage 2017-05-03 Web Application Security Fast Guide (book slides) Slide 17By Dr.Sami Khiami • Specify attack surface: figuring what are possible scenarios to execute the attack and compromise the application • Specify the feasibility of each scenario from resource and time point of view Attack surface Attack feasibility
Identify Attack Surface 2017-05-03 Web Application Security Fast Guide (book slides) Slide 18By Dr.Sami Khiami • Client side validation server or client? • possible SQL injection, Database issue, root database account or any code or discovered comment that might give partial or full access to the database. • Available upload or download functionalities with path traversal • Check for ability to display user supplied data , uploading a file or open editors. • Check ability to use invalidated parameters pushed to pages that do redirects • possibility of using brute force attack • Isolate available information that might help in escalate privileges like cookies and session state information. • Using collected info try to identify non encrypted communication channels • Identify interfaces to external system it might represent an information leakage point • Analyze all generated error message for information leakage. • Identify any pages that interact with mail server to try command or email injection • Identify the usage of native code that might be a potential vulnerability for buffer over flow. • Identify any known structure , folder names , themes from known third party application which can open the door to search for known vulnerabilities • Identify common vulnerability in the used web server.
Specify Attack feasibility 2017-05-03 Web Application Security Fast Guide (book slides) Slide 19By Dr.Sami Khiami Attack A Attack B Attack C 1 3 2 Possible attack scenario description Attackcategory Coherencewithattackpurpose(%) Estimatedeffortweight(%) Estimatedresourceweight(%) EstimatedComplexity(%) Priority A C I R
2017-05-03 Web Application Security Fast Guide (book slides) Slide 20By Dr.Sami Khiami End Of Chapter4

Recommended

Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)
Dr.Sami Khiami
 
Chapter 5: Attack Execution - The Client
Chapter 5: Attack Execution - The ClientChapter 5: Attack Execution - The Client
Chapter 5: Attack Execution - The Client
Dr.Sami Khiami
 
Chapter 2: Web application technologies
Chapter 2: Web application technologiesChapter 2: Web application technologies
Chapter 2: Web application technologies
Dr.Sami Khiami
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview
Dr.Sami Khiami
 
Chapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsChapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat models
Dr.Sami Khiami
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
InnoTech
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testing
Engr Md Yusuf Miah
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilities
Terrance Medina
 

Recommended

Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)Chapter 6 : Attack Execution (2)
Chapter 6 : Attack Execution (2)
Dr.Sami Khiami
 
Chapter 5: Attack Execution - The Client
Chapter 5: Attack Execution - The ClientChapter 5: Attack Execution - The Client
Chapter 5: Attack Execution - The Client
Dr.Sami Khiami
 
Chapter 2: Web application technologies
Chapter 2: Web application technologiesChapter 2: Web application technologies
Chapter 2: Web application technologies
Dr.Sami Khiami
 
Chapter1:information security overview
Chapter1:information security overview Chapter1:information security overview
Chapter1:information security overview
Dr.Sami Khiami
 
Chapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat modelsChapter 3: Vulnerabilities and threat models
Chapter 3: Vulnerabilities and threat models
Dr.Sami Khiami
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
InnoTech
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testing
Engr Md Yusuf Miah
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilities
Terrance Medina
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksOWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risks
Kun-Da Wu
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
ibrahimumer2
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
Ashwini Paranjpe
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
Andre Van Klaveren
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
Akansha Kesharwani
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
Hina Rawal
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
Mindfire Solutions
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure code
Miva
 
React security vulnerabilities
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilities
AngelinaJasper
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
Vishal Kumar
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
YasserElsnbary
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
Security Innovation
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveview
Shreyas N
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
Sean Jackson
 
APIDays Paris Security Workshop
APIDays Paris Security WorkshopAPIDays Paris Security Workshop
APIDays Paris Security Workshop
42Crunch
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
Deepu S Nath
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development
6502programmer
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
Alan Kan
 
Sql security
Sql securitySql security
Sql security
Safwan Hashmi
 

More Related Content

What's hot

Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksOWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risks
Kun-Da Wu
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
ibrahimumer2
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
Ashwini Paranjpe
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
Andre Van Klaveren
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
Akansha Kesharwani
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
Hina Rawal
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
Mindfire Solutions
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure code
Miva
 
React security vulnerabilities
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilities
AngelinaJasper
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
Vishal Kumar
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
YasserElsnbary
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
Security Innovation
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveview
Shreyas N
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
Sean Jackson
 
APIDays Paris Security Workshop
APIDays Paris Security WorkshopAPIDays Paris Security Workshop
APIDays Paris Security Workshop
42Crunch
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
Deepu S Nath
 
Web application security
Web application securityWeb application security
Web application security
Kapil Sharma
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development
6502programmer
 

What's hot (20)

Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
OWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risksOWASP Top 10 - 2017 Top 10 web application security risks
OWASP Top 10 - 2017 Top 10 web application security risks
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
 
Pci compliance writing secure code
Pci compliance writing secure codePci compliance writing secure code
Pci compliance writing secure code
 
React security vulnerabilities
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilities
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveview
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
 
APIDays Paris Security Workshop
APIDays Paris Security WorkshopAPIDays Paris Security Workshop
APIDays Paris Security Workshop
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Web application security
Web application securityWeb application security
Web application security
 
Security For Application Development
Security For Application DevelopmentSecurity For Application Development
Security For Application Development
 

Similar to Chapter4:Be The Attacker

Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
Alan Kan
 
Sql security
Sql securitySql security
Sql security
Safwan Hashmi
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
DevSecCon
 
PwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsPwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIs
ThreatReel Podcast
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
John Ombagi
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
Thuan Ng
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
lior mazor
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web Developers
Benjamin Floyd
 
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
DefCamp
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer System
Editor IJCATR
 
SecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIsSecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIs
ThreatReel Podcast
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
Peter Selch Dahl
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
ragibhasan
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
LokeshK66
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
CNSHacking
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET Journal
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
Tomppa Järvinen
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
healdkathaleen
 
Web security
Web securityWeb security
Web security
kareem zock
 

Similar to Chapter4:Be The Attacker (20)

Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
Sql security
Sql securitySql security
Sql security
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
 
PwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsPwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIs
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
 
OWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web DevelopersOWASP Top 10 List Overview for Web Developers
OWASP Top 10 List Overview for Web Developers
 
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer System
 
SecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIsSecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIs
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
 
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
Web security
Web securityWeb security
Web security
 

Recently uploaded

clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
RitikBhardwaj56
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
Nicholas Montgomery
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
Celine George
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
Celine George
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
paigestewart1632
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
Nicholas Montgomery
 

Recently uploaded (20)

clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
 

Chapter4:Be The Attacker

  • 1. Be The Attacker Web Application Security Fast Guide (book slides) By Dr.Sami Khiami Chapter 4
  • 2. Be the attacker 2017-05-03 Web Application Security Fast Guide (book slides) Slide 2By Dr.Sami Khiami Time and Place Targets Mindset
  • 3. 2017-05-03 Web Application Security Fast Guide (book slides) Slide 3By Dr.Sami Khiami Time ,Place and target
  • 4. Attackers Mind set and categories 2017-05-03 Web Application Security Fast Guide (book slides) Slide 4By Dr.Sami Khiami Old School Hacker • No malicious intent • Well educated Script kiddiesCyber-Punks • 12-30 (age) • Vandalize& disturb • Like to brag Coders and Virus writers • Act like elite • Don’t use them self Professional criminals • Make living • Espionage • Target centric
  • 5. Attack Process 2017-05-03 Web Application Security Fast Guide (book slides) Slide 5By Dr.Sami Khiami
  • 6. Mapping 2017-05-03 Web Application Security Fast Guide (book slides) Slide 6By Dr.Sami Khiami Mapping Application Mapping Infrastructure
  • 7. Mapping Servers Info(1) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 7By Dr.Sami Khiami http://www.net-square.com/httprint.html
  • 8. Mapping Server info (2) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 8By Dr.Sami Khiami http://www.net-square.com/httprint.html
  • 9. Mapping Intermediaries info 2017-05-03 Web Application Security Fast Guide (book slides) Slide 9By Dr.Sami Khiami Firewall Proxy Loadbalancer TargetedApplication Detecting load balancers: - Surrounding IP scan - Detecting unsynchronized time stamp - detecting different (last modified or Etag) header for the same resource - Existence of unusual cookies. - Different SSL certificate Detecting Proxies: - Using Trace command that echo the exact request and detect changes. - Standard connect test - Standard proxy request
  • 10. Mapping Application 2017-05-03 Web Application Security Fast Guide (book slides) Slide 10By Dr.Sami Khiami F1 F3 F2 F4 Application Web application crawling User Guided spidering http://theSiteName.c om/stable/en/about Hidden contents Robots.txt (disallow)
  • 11. Other info sources 2017-05-03 Web Application Security Fast Guide (book slides) Slide 11By Dr.Sami Khiami
  • 12. Other info sources(cont.) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 12By Dr.Sami Khiami Site: www.theExploredSite which return all references indexed by google. Site: www.theExploredSite login that returns all pages containing login Link: www.theExploredSite returns all pages on other websites that has link to that specific site. Related: www.theExploredSite returns similar web pages.
  • 13. Other info sources(cont.) 2017-05-03 Web Application Security Fast Guide (book slides) Slide 13By Dr.Sami Khiami MALTEGO tool
  • 14. Map Vulnerabilities & parameters 2017-05-03 Web Application Security Fast Guide (book slides) Slide 14By Dr.Sami Khiami CVE Parameters Guessing Add or remove parameters Change parameters
  • 15. Documenting 2017-05-03 Web Application Security Fast Guide (book slides) Slide 15By Dr.Sami Khiami manageAccount.php error.php login.php terminateAccount.php showAccount.php activateAccount.php ?action=t&id=12 ?action=s&id=12 ?action=a&id=12 Page name Path Use SSL? Static or Dynamic Need Auth.? Used method comments aboutUs.html /about No S No Get Login.php /login Yes D Yes Post
  • 16. Map Proofing 2017-05-03 Web Application Security Fast Guide (book slides) Slide 16By Dr.Sami Khiami Application • Hide your directories contents and structures • Use different root folders for user and administrator • put all JavaScript files to a single folder and be sure to omit the execution permission from that folder • remove all comment from production code • Never use absolute path to refer files, always use relative paths • The script should remove any directory traversal character like (../../) • Be sure to apply authentication on all directory contents and subdirectory
  • 17. Attack analysing stage 2017-05-03 Web Application Security Fast Guide (book slides) Slide 17By Dr.Sami Khiami • Specify attack surface: figuring what are possible scenarios to execute the attack and compromise the application • Specify the feasibility of each scenario from resource and time point of view Attack surface Attack feasibility
  • 18. Identify Attack Surface 2017-05-03 Web Application Security Fast Guide (book slides) Slide 18By Dr.Sami Khiami • Client side validation server or client? • possible SQL injection, Database issue, root database account or any code or discovered comment that might give partial or full access to the database. • Available upload or download functionalities with path traversal • Check for ability to display user supplied data , uploading a file or open editors. • Check ability to use invalidated parameters pushed to pages that do redirects • possibility of using brute force attack • Isolate available information that might help in escalate privileges like cookies and session state information. • Using collected info try to identify non encrypted communication channels • Identify interfaces to external system it might represent an information leakage point • Analyze all generated error message for information leakage. • Identify any pages that interact with mail server to try command or email injection • Identify the usage of native code that might be a potential vulnerability for buffer over flow. • Identify any known structure , folder names , themes from known third party application which can open the door to search for known vulnerabilities • Identify common vulnerability in the used web server.
  • 19. Specify Attack feasibility 2017-05-03 Web Application Security Fast Guide (book slides) Slide 19By Dr.Sami Khiami Attack A Attack B Attack C 1 3 2 Possible attack scenario description Attackcategory Coherencewithattackpurpose(%) Estimatedeffortweight(%) Estimatedresourceweight(%) EstimatedComplexity(%) Priority A C I R
  • 20. 2017-05-03 Web Application Security Fast Guide (book slides) Slide 20By Dr.Sami Khiami End Of Chapter4