Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Cross site scripting (XSS) is a type of computer security vulnerability typically found in web applications, but in proposing defensive measures for cross site scripting the websites validate the user input and determine if they are vulnerable to cross site scripting. The major considerations are input validation and output sanitization.
There are lots of defense techniques introduced nowadays and even though the coding methods used by developers are evolving to counter attack cross site scripting techniques, still the security threat persist in many web applications for the following reasons:
• The complexity of implementing the codes or methods.
• Non-existence of input data validation and output sanitization in all input fields of the application.
• Lack of knowledge in identifying hidden XSS issues etc.
This proposed project report will briefly discuss what cross site scripting is and highlight the security features and defense techniques that can help against this widely versatile attack.
Security Testing is deemed successful when the below attributes of an application are intact
- Authentication
- Authorization
- Availability
- Confidentiality
- Integrity
- Non-Repudiation
Testing must start early to minimize defects and cost of quality. Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high.
This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system.
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Cross site scripting (XSS) is a type of computer security vulnerability typically found in web applications, but in proposing defensive measures for cross site scripting the websites validate the user input and determine if they are vulnerable to cross site scripting. The major considerations are input validation and output sanitization.
There are lots of defense techniques introduced nowadays and even though the coding methods used by developers are evolving to counter attack cross site scripting techniques, still the security threat persist in many web applications for the following reasons:
• The complexity of implementing the codes or methods.
• Non-existence of input data validation and output sanitization in all input fields of the application.
• Lack of knowledge in identifying hidden XSS issues etc.
This proposed project report will briefly discuss what cross site scripting is and highlight the security features and defense techniques that can help against this widely versatile attack.
Security Testing is deemed successful when the below attributes of an application are intact
- Authentication
- Authorization
- Availability
- Confidentiality
- Integrity
- Non-Repudiation
Testing must start early to minimize defects and cost of quality. Security testing must start right from the Requirements Gathering phase to make sure that the quality of end-product is high.
This is to ensure that any intentional/unintentional unforeseen action does not halt or delay the system.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
The Open Web Application Security Project, is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
One of those projects, The OWASP Top Ten, provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.
The OWASP team recently released the 2017 revised and updated version of the ten most critical web application security risks and so we’ve created these flash cards for you, your friends, and your colleagues (especially product and engineering :) to test your knowledge and learn more about these important issues.
Company-wide security awareness is a powerful way to improve the overall security of your organization. So adorn your waiting rooms, cubicles, and snack rooms with these flash cards for easy learning and remembrance.
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
Web App Security - A presentation by Ryan Holland, Sr. Director, Cloud Architecture at Alert Logic for the Vancouver AWS User Group Meetup on May 31, 2017.
The Open Web Application Security Project, is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
One of those projects, The OWASP Top Ten, provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.
The OWASP team recently released the 2017 revised and updated version of the ten most critical web application security risks and so we’ve created these flash cards for you, your friends, and your colleagues (especially product and engineering :) to test your knowledge and learn more about these important issues.
Company-wide security awareness is a powerful way to improve the overall security of your organization. So adorn your waiting rooms, cubicles, and snack rooms with these flash cards for easy learning and remembrance.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Core defense mechanisms against security attacks on web applicationsKaran Nagrecha
This presentation includes various attack vectors and how to overcome those. Things to keep in mind during and after the development of an application in order to make it secure against attacks. It also includes basic steps to make application secure, which most of the developers forget or do not implement while developing an application.
Security Testing Approach for Web Application Testing.pdfAmeliaJonas2
There are numerous web security testing tools available to aid in the process. One such tool is Astra's Pentest Solution. Astra offers a comprehensive suite of Security Testing Services, including vulnerability scanning, penetration testing, and code reviews. It provides automated scanning and analysis of web applications to identify vulnerabilities and suggest remediation measures.
With the right skills, tools and software, you can protect yourself and remain secure. This presentation will take you from no knowledge of open source web security tools to a deep understanding of how to use them and their growing set of capabilities. This is a rare opportunity to learn how to use advanced ZAP features.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
View the on-demand recording: http://securityintelligence.com/events/avoiding-application-attacks/
Your organization is running fast to build your business. You are developing new applications faster than ever and utilizing new cloud-based development platforms. Your customers and employees expect applications that are powerful, highly usable, and secure. Yet this need for speed coupled with new development techniques is increasing the likelihood of security issues.
How can you meet the needs of speed to market with security? Hear Paul Ionescu, IBM Security, Ethical Hacking Team Lead discuss:
- How application attacks work
- Open Web Application Security Project (OWASP) goals
- How to build defenses into your applications
- The 10 most common web application attacks, including demos of the infamous Shellshock and Heartbleed vulnerabilities
- How to test for and prevent these types of threats
Study of Web Application Attacks & Their Countermeasuresidescitation
Web application security is among the hottest issue
in present web scenario due to increasing use of web
applications for e-business environment. Web application has
become the easiest way to provide wide range of services to
users. Due to transfer of confidential data during these services
web application are more vulnerable to attacks. Web
application attack occurs because of lack of security awareness
and poor programming skills. According to Imperva web
application attack report [1] websites are probe once every
two minutes and this has been increased to ten attacks per
second in year 2012. In this paper we have presented most
common and dangerous web application attacks and their
countermeasures.
Web application vulnerabilities involve a system flaw or weakness in a web-based application. They have been around for years, largely due to not validating or sanitizing form inputs, misconfigured web servers, and application design flaws, and they can be exploited to compromise the application's security.
Similar to Security Testing Training With Examples (20)
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. What is Security Testing
• Security testing is the process that determines that confidential data
stays confidential and users can perform only those tasks that they
are authorized to perform.
• It also helps in detecting all possible security risks in the system and
help developers in fixing these problems through coding
• Security testing is vital for e-commerce website that store sensitive
customer information like credit cards.
3. Why web application security is of
high importance
• Web applications are increasing day by day
• Most web applications are vulnerable.
• 98 % of the web applications are vulnerable .
• 78 % of easily exploitable weakness occur in web applications.
4. Types of web application
vulnerabilities
Security Testing is deemed successful when the below attributes of
an application are intact
• Authentication
• Authorization
• Client side attacks
• Command Execution
• Information Disclosure
• Logical Attacks
5. Authentication – Stealing user account
identities
The Authentication section covers attacks that target a websites
method of validating the identity of a user.
To confirm that something or someone is authentic – true to the claims.
The digital identity of a user is validated and verified.
Brute Force attack automates a process of trial and error to guess a person’s
username, password, credit-card number or cryptographic key.
Insufficient Authentication permits an attacker to access sensitive content or
functionality without proper authentication.
Weak Password Recovery Validation permits an attacker to illegally obtain,
change or recover another user’s password.
6. Authorization – illegal access to applications
The Authorization section covers attacks that target a web sites method
of determining if a user has the necessary permissions to perform a
requested action.
Is the Person allowed to do this operation
Insufficient Session Expiration permits an attacker to reuse old session
credentials or session IDs for authorization.
Credential / Session Prediction is a method of hijacking or impersonating
a user .
7. Client side attacks – illegal execution of
foreign code
• Content Spoofing tricks a user into believing that certain content appearing
on a web site is legitimate and not from an external source.
Cross-site Scripting (XSS) forces a web site to echo attacker-supplied
executable code, which loads into a user’s browser.
8. Command Execution – hijacks control of web
application
SQL Injection constructs illegal SQL statements on a web site application
from user-supplied input.
Buffer Overflow occurs when a program or process tries to store more data
in a buffer (temporary data storage area) than it was intended to hold.
9. Information Disclosure – shows sensitive data to
attackers
The Information Disclosure section covers attacks designed to acquire system
specific information about a web site.
Information leakage : Information Leakage is when a web site reveals
sensitive data, such as developer comments or error messages, which may
aid an attacker in exploiting the system.
Path traversal : The Path Traversal attack technique forces access to files,
directories, and commands that potentially reside outside the web
document root directory.
10. Logical Attacks – interfere with application usage
Abuse of Functionality uses a web site’s own features and functionality to
consume, defraud, or circumvent access control mechanisms.
Denial of Service (DoS) attacks prevent a web site from serving normal user
activity.
11. Burp Suite
Burp Suite is an integrated
platform for performing security
testing of web applications.
The Burp Suite is made up of
tools
12. Burp Suite
Proxy: It operates as a man-in-the-middle between the end browser and the
target web server, and allows the user to intercept, inspect and modify the raw
traffic passing in both directions.
Spider: Burp Spider is a tool for mapping web applications.
Scanner: Burp Scanner is a tool for performing automated discovery of security
vulnerabilities in web applications.
Intruder: For performing powerful customized attacks to find and exploit unusual
vulnerabilities.
Repeater: Burp Repeater is a tool for manually modifying and reissuing individual
HTTP requests, and analyzing their responses.
Comparer: Burp Comparer is a simple tool for performing a comparison (a visual
“diff”) between any two items of data.
Limitations of tools: Unrealistic expectations from the tool & People depend on the
tool a lot.
14. Brute force attack (Ex For Authentication
vulnerabilities)
• Brute Force Attack
Brute Force Attack aims at being the simplest kind of method to
gain access to a site: it tries usernames and passwords, over and
over again, until it gets in.
The most obvious way to block brute-force attacks is to simply lock
out accounts after a defined number of incorrect password
attempts.
15. Brute force attack (Ex For Authentication
vulnerabilities)
This is a web application having
vulnerabilities. I am going to
explain brute force attack with
the help of burp suite.
19. Brute force attack
Give the
payload 1 datas.
Here in this
example I had
given only some
values actually
you can upload
username and
password lists
from outside.
22. Brute force attack
Now the brute
force attack is
successfully
launched with
the username
admin and
password
password.
23. Password Passing to server( Ex for Information
leakage )
• Password Passing to server
The password should be encrypted while
being transmitted over the network.
In the below example password between
server and client is being passed in clear text
during the registration process.
24. Session Hijacking (Ex for Session Management)
This test is to check whether the cookie can be reused in
another computer during the log-in phase.
1. Login in the application and capture the request in that valid session
along with the authenticated URL:
26. Session Hijacking (Ex for Session Management)
• Open the new browser and go to the authenticated URL captured
in step 1. Then, capture the request and replace the cookie with
earlier captured cookie value:
27. Session Hijacking (Ex for Session Management)
Successfully
launched the
session
hijacking
attack.
28. Directory Scanning (Ex for Authorization)
This type of attacks exploits bugs in the web server to gain unauthorized access to
files and folders that are not in the public domain. Once the attacker has gained
access, they can download sensitive information, execute commands on the
server or install malicious software.
http://demo.guru99.com/Security/SEC_V1/index.php
A small example for directory scanning can be shown from this site
Here the login credentials are user id: 1303 and pass:Guru99.
This is an ordinary customer login, having the rights to view his payments fund
transfer etc. he is not having the permission to add, edit or delete other customers
data. Enter the below url in the browser and check Now customer can add new
customers.
http://demo.guru99.com/Security/SEC_V1/customer/addcustomerpage.php
I hope you checked it and understand how to perform it.
29. File uploads
Only valid files should be permitted for uploading.
http://demo.guru99.com/Security/SEC_V1/customer/contactus.php
In the above link the upload file menu, currently accepts any file
format including exe,php, js, etc. A malicious user can upload a virus
or executable file and using
The file size should also be checked so that users do not upload large
files which would eat up the server space.
30. Forceful browsing
A malicious user can access the complete application from different
browsers without login.
How to perform: Log in to an application then copy the url now paste it
in another browser and check whether user is logging in or redirected
to the login page.
Recommendation: The application must implement proper
session/cookie management on the server side, to ensure strict access
control. This would avoid any user in directly copy-pasting of the link to
get unauthorized access into the internal pages.
31. Audi trail Implementation
An Audit trail should be incorporated in the application, where all
user activities have to be logged.
32. Phishing attacks
Phishing. It is a technique that uses trickery and deceit to obtain private
data from users. A hacker may try to impersonate a genuine website such
as yahoo and then ask the unsuspecting user to confirm their account name
and password. This technique could also be used to get credit card
information or any other valuable personal data.
http://bank.83answers.com/
http://demo.guru99.com/Security/SEC_V1/index.php
33. SQL Injection
SQL injection is a code injection technique in which
malicious SQL statements are inserted into an entry field for execution.
The targeted site to perform sql injection is dvwa
34. SQL Injection
Enter User ID, click submit and intercept the request with Burp Suite Proxy. The
next step is sending the request to Burp Suite Intruder (click right on the request
and choose “Send to Intruder”).
35. SQL Injection
A penetration tester can create his own list of payloads or use an existing one.
Exemplary payloads can be found, for example, in Kali Linux (penetration
testing distribution [4]) in the /usr/share/wfuzz/wordlist/Injections directory. Let’s
use SQL.txt from this location to test the parameter id for SQL injection
vulnerability.
36. SQL Injection
It might suggest that more data was read from the database. Let’s check
the response for this payload.
37. SQL Injection
As we can see, this payload can be used to extract first names and
surnames of all users from the database.
38. XSS
Cross-site scripting (XSS) is a type of computer security vulnerability
typically found in Web applications. XSS enables attackers to inject
client-side script into Web pages viewed by other users.
There are two types of injection active and passive.
39. XSS
How to test XSS:
Visit the page of the website you wish to test for XSS vulnerabilities
Enter some appropriate input in to the web application and submit
the request.
40. XSS
Alternatively, return to the Proxy "Intercept" tab and right click on the
request to bring up the context menu.
Click "Send to Repeater".
41. XSS
Go to the "Repeater" tab.
Here we can input various XSS payloads in to the input field of a web
application. We can test various inputs by editing the "Value" of the
appropriate parameter in the "Raw" or "Params" tabs.
42. XSS
The "Response" section of the "Repeater" tab shows the response from
the server.
43. XSS
Ensure that "Intercept is off" in the Proxy "Intercept" tab and go to your
browser.
Enter the payload into the input field and submit the request.
Assess the response in the browser to check that the payload has
performed as expected.
44. Dos attack
A denial of service (DoS) attack is a malicious attempt to make a
server or a network resource unavailable to users,
Consider a functionality (such as registration) which typically does not
require authentication. An attacker can easily place a heavy load on
the server by simulate multiple registration operations and by feeding
in arbitrarily huge input data through the registration fields, thus placing
further load on the server and also consuming database connections.
This could cause the server to crash or slow down to a crawl.
45. Other Security Checks
• Session Time out
• Session should terminate when user is gone through an error page
• Auto fill should be off
• Check whether application is able to view the authenticated page using back
button of the browser
• Check whether It is possible to view the contents of the authenticated pages by
fetching the page from the browser cache memory and history.
• User should not have the option to remember password as this may give
unauthorized access to malicious users.