The document discusses various methods for fingerprinting web applications, including inspecting HTML data, checking for file and folder presence, and using checksums. It then analyzes popular fingerprinting tools and their flaws, and proposes methods for preventing fingerprinting, such as cleansing HTML, restricting files/folders, and modifying checksums. Finally, it suggests enhancing tools by taking a more dynamic approach, cross-referencing techniques, and incorporating human reasoning.
Sql injection bypassing hand book blackroseNoaman Aziz
In this book I am not gonna teach you Basics of SQL injection, I will assume that you already know them, because cmon every one talks about it, you will find tons and tons of posts on forums related to basics of SQL Injection, In this post I will talk about common methods of used by hackers and pentesters for evading IDS, IPS, WAF's such as Modsecurity, dotdefender etc .
The document discusses backup file artifacts (BFAs), which occur when code editors or version control systems create backup files that are sometimes left exposed publicly. This can disclose source code or sensitive information. The document introduces BFAC, a tool written in Python to detect BFAs through automated testing. BFAC checks for various types of BFA patterns and artifacts from version control systems. It aims to be more comprehensive than existing vulnerability scanners. The document also provides examples of real-world BFA findings and discusses mitigations, such as developer awareness and access rules.
Owasp top 10 web application security hazards part 2Abhinav Sejpal
Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...IRJET Journal
This document proposes a client server mutual authentication technique to prevent CSRF (cross-site request forgery) attacks. It separates the identification and authentication steps. When a user logs in, the server provides an encoded authentication token to the user in the form of an image. To complete sensitive requests, the server asks the user to select the correct token from multiple images to verify their identity. Encoding the tokens with base64 encoding improves security. The technique was tested and found to prevent CSRF attacks made through POST or GET requests using JavaScript or HTML tags by requiring the valid token for each request. This provides better protection against CSRF attacks compared to existing solutions.
The document provides an overview of web application security. It discusses what web application security entails, which is achieving an acceptable level of security for a web application solution. It explains why web application security is important given increased reliance on web apps and their global accessibility. It outlines some common security risks like browser hijacking, cookie theft, and denial of service attacks. It also discusses how security problems should be addressed earlier in the development lifecycle to reduce costs. The document then delves into specific vulnerabilities like hidden field manipulation, cookie poisoning, buffer overflows, and cross-site scripting attacks. Examples are provided to illustrate how attackers can exploit these vulnerabilities.
Methods to Bypass a Web Application Firewall EngDmitry Evteev
The document discusses methods for bypassing web application firewalls (WAFs). It provides examples of SQL injection attacks that can bypass WAFs by exploiting vulnerabilities in normalization techniques, using HTTP parameter pollution, parameter fragmentation, and logical requests. Blind SQL injection techniques are also discussed, along with ways to bypass WAF signatures by altering SQL syntax.
This document discusses security vulnerabilities and the OWASP Top 10. It provides background on why security is important when developing software, costs of data breaches, and an overview of the OWASP organization and Top 10 vulnerabilities. The Top 10 vulnerabilities discussed in more detail include injection, broken authentication and session management, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, missing function level access control, cross-site request forgery, using components with known vulnerabilities, and unvalidated redirects/forwards. Examples are given for each vulnerability.
Sql injection bypassing hand book blackroseNoaman Aziz
In this book I am not gonna teach you Basics of SQL injection, I will assume that you already know them, because cmon every one talks about it, you will find tons and tons of posts on forums related to basics of SQL Injection, In this post I will talk about common methods of used by hackers and pentesters for evading IDS, IPS, WAF's such as Modsecurity, dotdefender etc .
The document discusses backup file artifacts (BFAs), which occur when code editors or version control systems create backup files that are sometimes left exposed publicly. This can disclose source code or sensitive information. The document introduces BFAC, a tool written in Python to detect BFAs through automated testing. BFAC checks for various types of BFA patterns and artifacts from version control systems. It aims to be more comprehensive than existing vulnerability scanners. The document also provides examples of real-world BFA findings and discusses mitigations, such as developer awareness and access rules.
Owasp top 10 web application security hazards part 2Abhinav Sejpal
Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...IRJET Journal
This document proposes a client server mutual authentication technique to prevent CSRF (cross-site request forgery) attacks. It separates the identification and authentication steps. When a user logs in, the server provides an encoded authentication token to the user in the form of an image. To complete sensitive requests, the server asks the user to select the correct token from multiple images to verify their identity. Encoding the tokens with base64 encoding improves security. The technique was tested and found to prevent CSRF attacks made through POST or GET requests using JavaScript or HTML tags by requiring the valid token for each request. This provides better protection against CSRF attacks compared to existing solutions.
The document provides an overview of web application security. It discusses what web application security entails, which is achieving an acceptable level of security for a web application solution. It explains why web application security is important given increased reliance on web apps and their global accessibility. It outlines some common security risks like browser hijacking, cookie theft, and denial of service attacks. It also discusses how security problems should be addressed earlier in the development lifecycle to reduce costs. The document then delves into specific vulnerabilities like hidden field manipulation, cookie poisoning, buffer overflows, and cross-site scripting attacks. Examples are provided to illustrate how attackers can exploit these vulnerabilities.
Methods to Bypass a Web Application Firewall EngDmitry Evteev
The document discusses methods for bypassing web application firewalls (WAFs). It provides examples of SQL injection attacks that can bypass WAFs by exploiting vulnerabilities in normalization techniques, using HTTP parameter pollution, parameter fragmentation, and logical requests. Blind SQL injection techniques are also discussed, along with ways to bypass WAF signatures by altering SQL syntax.
This document discusses security vulnerabilities and the OWASP Top 10. It provides background on why security is important when developing software, costs of data breaches, and an overview of the OWASP organization and Top 10 vulnerabilities. The Top 10 vulnerabilities discussed in more detail include injection, broken authentication and session management, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, missing function level access control, cross-site request forgery, using components with known vulnerabilities, and unvalidated redirects/forwards. Examples are given for each vulnerability.
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.
Web application scanners crawl a web application to locate vulnerabilities by simulating attacks. They work by supporting various protocols, crawling and parsing content, testing for vulnerabilities, and generating reports. While scanners help find issues, developers should focus on learning secure coding practices to build applications securely from the start.
This document discusses web application security from the perspectives of web developers and attackers. It covers common issues web developers face, such as tight deadlines and lack of security standards. It also describes how attackers exploit vulnerabilities like injection attacks and XSS. Recent attacks are presented as examples, such as compromising a power grid operator's website through SQL injection. The document aims to raise awareness of web security challenges.
Web applications are prone to hacking because web developers are often not well-versed in security issues. The top web vulnerabilities are cross-site scripting (XSS), SQL injection, input validation issues, and remote file inclusion. XSS attacks involve injecting malicious code into web pages through user input. SQL injection occurs when user input is not sanitized before being used in SQL queries, allowing attackers to alter queries. Proper input validation and sanitization on both the client- and server-sides are needed to prevent many security bugs. Browser vulnerabilities can also potentially expose issues in web applications if not properly designed with security in mind. Constant vigilance is required to address new attacks and protect applications and users.
SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However, most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.
Top security threats to Flash/Flex applications and how to avoid themElad Elrom
The document discusses security threats to Flash and Flex applications, such as decompiling SWF files to modify code, cross-scripting attacks by injecting malicious scripts into Flex applications, and ways developers can help prevent these attacks like using code obfuscation, restricting cross-domain policies, and sanitizing user input to remove dangerous HTML tags and scripts. It provides examples of how attackers can exploit applications and recommendations for setting security permissions and validating input to avoid vulnerabilities.
Widespread security flaws in web application development 2015mahchiev
Widespread security flaws in web application development
*SQL Injection - Hands-On Example
*Cross - Site Scripting (XSS)
*Cross Site Request Forgery
*HTTP Strict Transport Security
The document discusses common security vulnerabilities in React applications such as cross-site scripting (XSS), injection attacks, CSRF attacks, malicious file uploads, insufficient authorization and authentication, distributed denial of service (DDoS) attacks, and XML external entity (XXE) attacks. It provides recommendations for how to prevent and fix each vulnerability, such as strict escaping to prevent XSS, validating all uploads, and using JSON web tokens for authorization. The document also mentions other vulnerabilities to consider like server-side rendering security and dangerous URI schemes.
The document summarizes the OWASP Top 10 security threats. It describes each of the top 10 threats, including injection, broken authentication, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, missing access controls, cross-site request forgery, use of vulnerable components, and unsafe redirects/forwards. For each threat, it provides a brief explanation of the meaning and potential impacts, such as data loss, account compromise, or full host takeover. The document encourages implementing people, process, and technology measures to address application security issues.
SQL injection attacks occur when malicious SQL statements are injected into an application's existing SQL commands, potentially allowing attackers to alter or destroy database contents. Attackers can exploit vulnerabilities like unvalidated user input or direct use of dynamic SQL queries. To prevent this, developers should follow practices like input validation, parameterizing queries, and limiting database account privileges to only what is necessary.
A presentation+class delivered to a PHP developer group at Brown University that discussed Web Application Security with a heavy emphasis on PHP, and discussed security in the SDLC, and showed with some examples what to do and not do
The document discusses various vulnerabilities in web servers and web applications. It covers popular web servers like IIS, Apache, and others. It then discusses attacking vulnerabilities in web servers like sample files, source code disclosure, canonicalization, and buffer overflows. It also discusses vulnerabilities in web applications like cross-site scripting, SQL injection, cross-site request forgery, and HTTP response splitting. It provides examples of exploits and recommendations for countermeasures to secure web servers and applications.
The document discusses Cross Site Request Forgery (CSRF) attacks. It defines CSRF as an attack where unauthorized commands are transmitted from a user that a website trusts. The attack forces a logged-in user's browser to send requests, including session cookies, to a vulnerable website. This allows the attacker to generate requests the site thinks are from the user. The document outlines how CSRF works, example attacks, defenses for users and applications, and myths about CSRF. It recommends using unpredictable CSRF tokens or re-authentication to prevent CSRF vulnerabilities.
Redefining Technical SEO - Paul Shapiro at MozCon 2019Catalyst
The document discusses redefining technical SEO and outlines various types of technical SEO work. It defines technical SEO as any sufficiently technical action undertaken with the intent to improve search results. The types of technical SEO work discussed include general technical SEO involving crawling, indexing and rendering; blurred-responsibility technical SEO that overlaps with other roles; and advanced applied technical SEO using technologies like machine learning and automation. Specific technical SEO examples are also provided, emphasizing that coding skills are fundamental for advanced, applied technical SEO work.
Cross Site Request Forgery VulnerabilitiesMarco Morana
The document summarizes a meeting agenda about cross-site request forgery (CSRF). The agenda includes discussing CSRF's placement in the OWASP Top 10, describing the CSRF threat and impact, explaining how CSRF works, providing a threat scenario example, discussing CSRF attack vectors, and covering CSRF countermeasures and testing methods.
The document discusses various web application vulnerabilities including cross-site scripting (XSS), SQL injection, and buffer overflows. It provides examples of how XSS and cross-site request forgery (XSRF) attacks work and how they exploit vulnerabilities in web applications. SQL injection is described as occurring when user input is not sanitized before being used in SQL queries.
How Implementing an effective Change Control process can have a positive impact on a project. This presentation will bring you through a step by step guide to accomplish this goal.
Biotechnology Regulation Legal Aspects & Intellectual property rights Shruti Gupta
This document summarizes biotechnology regulation and intellectual property rights in India. It defines biotechnology and describes the key regulatory bodies that oversee agricultural biotechnology - the Institutional Biosafety Committees, Review Committee on Genetic Manipulations, Genetic Engineering Approval Committee, and Department of Biotechnology. The document also outlines the process for approving research and commercial activities involving genetic manipulation. It then discusses intellectual property rights in biotechnology, including patents, plant variety rights, and copyright. The main categories and forms of intellectual property rights are defined.
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.
Web application scanners crawl a web application to locate vulnerabilities by simulating attacks. They work by supporting various protocols, crawling and parsing content, testing for vulnerabilities, and generating reports. While scanners help find issues, developers should focus on learning secure coding practices to build applications securely from the start.
This document discusses web application security from the perspectives of web developers and attackers. It covers common issues web developers face, such as tight deadlines and lack of security standards. It also describes how attackers exploit vulnerabilities like injection attacks and XSS. Recent attacks are presented as examples, such as compromising a power grid operator's website through SQL injection. The document aims to raise awareness of web security challenges.
Web applications are prone to hacking because web developers are often not well-versed in security issues. The top web vulnerabilities are cross-site scripting (XSS), SQL injection, input validation issues, and remote file inclusion. XSS attacks involve injecting malicious code into web pages through user input. SQL injection occurs when user input is not sanitized before being used in SQL queries, allowing attackers to alter queries. Proper input validation and sanitization on both the client- and server-sides are needed to prevent many security bugs. Browser vulnerabilities can also potentially expose issues in web applications if not properly designed with security in mind. Constant vigilance is required to address new attacks and protect applications and users.
SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However, most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.
Top security threats to Flash/Flex applications and how to avoid themElad Elrom
The document discusses security threats to Flash and Flex applications, such as decompiling SWF files to modify code, cross-scripting attacks by injecting malicious scripts into Flex applications, and ways developers can help prevent these attacks like using code obfuscation, restricting cross-domain policies, and sanitizing user input to remove dangerous HTML tags and scripts. It provides examples of how attackers can exploit applications and recommendations for setting security permissions and validating input to avoid vulnerabilities.
Widespread security flaws in web application development 2015mahchiev
Widespread security flaws in web application development
*SQL Injection - Hands-On Example
*Cross - Site Scripting (XSS)
*Cross Site Request Forgery
*HTTP Strict Transport Security
The document discusses common security vulnerabilities in React applications such as cross-site scripting (XSS), injection attacks, CSRF attacks, malicious file uploads, insufficient authorization and authentication, distributed denial of service (DDoS) attacks, and XML external entity (XXE) attacks. It provides recommendations for how to prevent and fix each vulnerability, such as strict escaping to prevent XSS, validating all uploads, and using JSON web tokens for authorization. The document also mentions other vulnerabilities to consider like server-side rendering security and dangerous URI schemes.
The document summarizes the OWASP Top 10 security threats. It describes each of the top 10 threats, including injection, broken authentication, cross-site scripting, insecure direct object references, security misconfiguration, sensitive data exposure, missing access controls, cross-site request forgery, use of vulnerable components, and unsafe redirects/forwards. For each threat, it provides a brief explanation of the meaning and potential impacts, such as data loss, account compromise, or full host takeover. The document encourages implementing people, process, and technology measures to address application security issues.
SQL injection attacks occur when malicious SQL statements are injected into an application's existing SQL commands, potentially allowing attackers to alter or destroy database contents. Attackers can exploit vulnerabilities like unvalidated user input or direct use of dynamic SQL queries. To prevent this, developers should follow practices like input validation, parameterizing queries, and limiting database account privileges to only what is necessary.
A presentation+class delivered to a PHP developer group at Brown University that discussed Web Application Security with a heavy emphasis on PHP, and discussed security in the SDLC, and showed with some examples what to do and not do
The document discusses various vulnerabilities in web servers and web applications. It covers popular web servers like IIS, Apache, and others. It then discusses attacking vulnerabilities in web servers like sample files, source code disclosure, canonicalization, and buffer overflows. It also discusses vulnerabilities in web applications like cross-site scripting, SQL injection, cross-site request forgery, and HTTP response splitting. It provides examples of exploits and recommendations for countermeasures to secure web servers and applications.
The document discusses Cross Site Request Forgery (CSRF) attacks. It defines CSRF as an attack where unauthorized commands are transmitted from a user that a website trusts. The attack forces a logged-in user's browser to send requests, including session cookies, to a vulnerable website. This allows the attacker to generate requests the site thinks are from the user. The document outlines how CSRF works, example attacks, defenses for users and applications, and myths about CSRF. It recommends using unpredictable CSRF tokens or re-authentication to prevent CSRF vulnerabilities.
Redefining Technical SEO - Paul Shapiro at MozCon 2019Catalyst
The document discusses redefining technical SEO and outlines various types of technical SEO work. It defines technical SEO as any sufficiently technical action undertaken with the intent to improve search results. The types of technical SEO work discussed include general technical SEO involving crawling, indexing and rendering; blurred-responsibility technical SEO that overlaps with other roles; and advanced applied technical SEO using technologies like machine learning and automation. Specific technical SEO examples are also provided, emphasizing that coding skills are fundamental for advanced, applied technical SEO work.
Cross Site Request Forgery VulnerabilitiesMarco Morana
The document summarizes a meeting agenda about cross-site request forgery (CSRF). The agenda includes discussing CSRF's placement in the OWASP Top 10, describing the CSRF threat and impact, explaining how CSRF works, providing a threat scenario example, discussing CSRF attack vectors, and covering CSRF countermeasures and testing methods.
The document discusses various web application vulnerabilities including cross-site scripting (XSS), SQL injection, and buffer overflows. It provides examples of how XSS and cross-site request forgery (XSRF) attacks work and how they exploit vulnerabilities in web applications. SQL injection is described as occurring when user input is not sanitized before being used in SQL queries.
How Implementing an effective Change Control process can have a positive impact on a project. This presentation will bring you through a step by step guide to accomplish this goal.
Biotechnology Regulation Legal Aspects & Intellectual property rights Shruti Gupta
This document summarizes biotechnology regulation and intellectual property rights in India. It defines biotechnology and describes the key regulatory bodies that oversee agricultural biotechnology - the Institutional Biosafety Committees, Review Committee on Genetic Manipulations, Genetic Engineering Approval Committee, and Department of Biotechnology. The document also outlines the process for approving research and commercial activities involving genetic manipulation. It then discusses intellectual property rights in biotechnology, including patents, plant variety rights, and copyright. The main categories and forms of intellectual property rights are defined.
This document provides an overview of photojournalism including its history, ethical issues, and perspective from Nigeria. It discusses how photojournalism evolved from the 1850s with early photographers documenting wars, to the 1880s when halftone printing allowed photographs to be published in newspapers. It also explores ethical issues like using graphic images, manipulating photos, and invading privacy. The document notes challenges facing photojournalism in Nigeria like financial pressures potentially compromising integrity and risks to journalists' safety.
This document provides an overview of biometrics. It begins with an introduction explaining that biometrics uses physiological or behavioral characteristics to recognize individuals. It then discusses the history of biometrics, including early uses of fingerprints in China and Scotland Yard. The document outlines the typical working process of biometric systems involving sample capture, extraction, comparison, and match/non-match determination. It also describes some common biometric technologies and methods like fingerprint identification, facial recognition, and voice authentication. Advantages of biometrics include increased security while disadvantages involve potential effects of age or health conditions.
Regulatory aspect of pharmaceutical change control systemDeveshDRA
The document discusses the regulatory aspects of pharmaceutical change control systems. It outlines the benefits of a change control system, including ensuring changes are properly documented, validated, approved and traceable. It describes the different categories of changes (major, moderate, minor) and approval processes. A successful change control system requires identifying the need for a change, reviewing documentation, preparing a change proposal, classifying and approving the change, developing an implementation plan, verification and closure. Regulatory guidelines require formal change control systems to evaluate all changes that could affect product quality or manufacturing processes.
Web application penetration testing lab setup guideSudhanshu Chauhan
This document provides guidance on setting up a basic environment for conducting web application penetration testing. It outlines both hardware and software requirements, including recommended tools. It then walks through installing a base OS, browsers, programming languages, web servers, and various security tools. It also provides an overview of the testing process, including information gathering, automated scanning, manual testing, and reporting.
1. Plan the application architecture and design with security in mind from the start. Consider things like authentication, authorization, input validation, etc.
2. Implement secure coding best practices to prevent vulnerabilities like XSS, SQL injection, CSRF. Validate, sanitize and encrypt all inputs.
3. Use a framework like Django or Ruby on Rails that incorporates security features and keeps applications updated.
4. Configure infrastructure securely following the principle of least privilege. Use WAFs, DDoS protection, secure protocols, and monitor for threats.
5. Test security at all stages of development using tools like ZAP and Burp Suite.
What is Web Scraping and What is it Used For? | Definition and Examples EXPLAINED
For More details Visit - https://hirinfotech.com
About Web scraping for Beginners - Introduction, Definition, Application and Best Practice in Deep Explained
What is Web Scraping or Crawling? and What it is used for? Complete introduction video.
Web Scraping is widely used today from small organizations to Fortune 500 companies. A wide range of applications of web scraping a few of them are listed here.
1. Lead Generation and Marketing Purpose
2. Product and Brand Monitoring
3. Brand or Product Market Reputation Analysis
4. Opening Mining and Sentimental Analysis
5. Gathering data for machine learning
6. Competitor Analysis
7. Finance and Stock Market Data analysis
8. Price Comparison for Product or Service
9. Building a product catalog
10. Fueling Job boards with Job listings
11. MAP compliance monitoring
12. Social media Monitor and Analysis
13. Content and News monitoring
14. Scrape search engine results for SEO monitoring
15. Business-specific application
------------
Basics of web scraping using python
Python Scraping Library
Web Application Penetration Testing Introductiongbud7
This document provides an overview of web application penetration testing. It discusses the goals of testing to evaluate security by simulating attacks. The testing process involves gathering information, understanding normal application behavior, and then applying targeted techniques to find weaknesses. The document outlines the reconnaissance, mapping, and active testing phases. It also demonstrates various tools like Burp Suite, W3AF, and SQL injection and cross-site scripting attacks.
The following slides present an
application security checklist — a look at how your company can counter the
impact of seven top application security threats.
There have been reports such as ‘there is high rate of web application vulnerability’ as well as a range of ways in which web hackers attack web applications. Since the discovery that web applications convey the best content to users, there have been attempts to determine ways in which these systems can be hacked into through defacing, damage and defrauding. As the culture of conveying information across the internet continues to gain ground, there are increasing cases of vulnerabilities of these sites to cyber criminals.
<p>Security design is an important, but often neglected, component of system design. In this session, Douglas Crockford, creator of Javascript Object Notation, will outline the security issues that must be considered in the architecture of Ajax applications.</p>
<p>The design of the browser did not anticipate the needs of multiparty applications. The browser’s security model frustrates useful activities and allows some very dangerous activities. This talk will look at the small set of options before us that will determine the future of the Web.<br />
During this session, attendees will:</p>
<ul>
<li>Learn why effective security is an inherent feature of good design;</li>
<li>Experience a real-time demo of a Ajax client/server system based on sound security principles</li>
<li>See how to apply secure design to rich web applications.</li>
</ul>
IRJET - Review on Search Engine OptimizationIRJET Journal
This document discusses search engine optimization (SEO) and how search engines work. It covers the key processes of crawling, indexing, and ranking that search engines use to find and organize web content. Crawling involves search engine bots finding and downloading web pages. Indexing processes and stores the crawled content in a searchable database. Ranking determines the order search results are displayed, with more relevant pages ranking higher. The document provides technical details on Google's architecture and algorithms to perform these core functions at scale across the vastness of the internet.
This document proposes a runtime behavior-based browser solution called Browser Guard to protect against drive-by download attacks. Browser Guard monitors the download behavior of files loaded in the browser and restricts execution of any automatically downloaded files without user consent. It works in two phases, first distinguishing trusted from malicious files based on download context, then prohibiting execution of files on the blacklist. The solution aims to enhance browser security without requiring file/script analysis or reputation checks.
This document provides an overview of software assurance policies and procedures at ABC Company, a software development firm. It discusses the types of software produced, including desktop, web, and database applications. It analyzes security risks for each type of application and proposes techniques for software assurance. It also describes ABC Company's departmental organization and system design life cycle. The document discusses security considerations for agile development models like Scrum and policies to reduce threats. Potential security issues and mitigation strategies are presented for nontraditional development models. The document is intended to analyze the security of ABC Company's applications and ensure software is optimized.
The most efficient development tool is now available in Pakistan.pptConnect Solutions
Connect Solutions is a leading Software company which providing best Shopify development services in Pakistan offering custom Shopify website development for Basic Shopify, advanced Shopify, plus & lite. Connect Solutions is a top Shopify custom theme development agency that can cater to all your Shopify needs and even your budget, and customize your theme exactly like you imagine, even if you have the most complex requirements.
Visit us:
https://connect-sol.com/shopify-development-services/
The most efficient development tool is now available in Pakistan.pdfConnect Solutions
Connect Solutions is a leading Software company which providing best Shopify development services in Pakistan offering custom Shopify website development for Basic Shopify, advanced Shopify, plus & lite. Connect Solutions is a top Shopify custom theme development agency that can cater to all your Shopify needs and even your budget, and customize your theme exactly like you imagine, even if you have the most complex requirements.
Visit us:
https://connect-sol.com/shopify-development-services/
Sql Injection Attacks And A Web Application EnvironmentSheri Elliott
The document discusses selecting programming languages and frameworks for developing a web application that performs machine learning on a dataset. Python was chosen for its strong machine learning libraries. The Django framework was used to build a REST API and AngularJS was used for the frontend interface. Association rule mining was performed but existing libraries were found to have implementation issues for calculating measures of interestingness. As a result, the measures were implemented from scratch instead of using an external library.
The document discusses several topics related to software development and IT systems:
- Agile approach is an iterative software development methodology where cross-functional teams work collaboratively to develop software solutions incrementally. Scrum is a popular agile method.
- An agile organization is quick to respond to changes through customized offerings, collaboration, learning from experiments, and long-term business value.
- Ajax updates parts of web pages asynchronously without reloading the whole page for better user experience.
Hide and seek - Attack Surface Management and continuous assessment.Eoin Keary
Attack surface management and visibility is key to maintaining a robust cyber security posture. Continuous assessment, accuracy and scale are key to enterprise security.
Web application vulnerabilities involve a system flaw or weakness in a web-based application. They have been around for years, largely due to not validating or sanitizing form inputs, misconfigured web servers, and application design flaws, and they can be exploited to compromise the application's security.
The most effective development service is available to Pakistan.pptConnect Solutions
The document provides an overview of web development, including defining what web development is, the basic principles involved, and the different types of web development one can pursue as an expert. It discusses that web development broadly refers to creating websites, and involves both front-end and back-end aspects. It also lists and briefly describes common types of web development such as front-end development, back-end development, full stack development, and mobile development.
HP WebInspect is a web application security scanning tool that helps identify vulnerabilities. It crawls a website to build an application tree, then audits the site using various techniques to detect issues. Some key features include customizable scanning policies and views, reporting vulnerabilities and suggested fixes, and the ability to simulate attacks. Proper configuration of the scan settings is required to tailor what is tested.
Similar to Web Application Finger Printing - Methods/Techniques and Prevention (20)
Arun Mane is the founder and director of AmynaSec Labs. He is a security speaker and trainer who has presented at many conferences including Defcon, Blackhat, Nullcon, and HITB. His areas of expertise include security testing of IoT devices, connected vehicles, medical devices, and industrial control systems. Some common issues he finds include devices being publicly accessible, having backdoors, hardcoded credentials, and crypto or web application management problems. His testing methodology involves assessing web and mobile applications, embedded device communications, hardware testing through reverse engineering, and analyzing communication protocols and stored data.
This document outlines an agenda for a presentation on open-source intelligence (OSINT) gathering techniques. The agenda includes an introduction to OSINT, different types of intelligence gathering, a scenario example, OSINT gathering tactics and tools like Shodan, TheHarvester and Google dorks, applications of OSINT, a demonstration, references for OSINT, and a conclusion. Key OSINT tools that will be demonstrated include Twitter, Shodan, TheHarvester and Google dorks for gathering information from public online sources.
This document provides an overview of server-side request forgery (SSRF) vulnerabilities, including what SSRF is, its impact, common attacks, bypassing filters, and mitigations. SSRF allows an attacker to induce the application to make requests to internal or external servers from the server side, bypassing access controls. This can enable attacks on the server itself or other backend systems and escalate privileges. The document discusses techniques for exploiting trust relationships and bypassing blacklists/whitelists to perform SSRF attacks. It also covers blind SSRF and ways to detect them using out-of-band techniques. Mitigations include avoiding user input that can trigger server requests, sanitizing input, whitelist
Nmap is a network scanning tool that can perform port scanning, operating system detection, and version detection among other features. It works by sending TCP and UDP packets to a target machine and examining the response, comparing it to its database to determine open ports and operating system. There are different scanning techniques that can be used like TCP SYN scanning, UDP scanning, and OS detection. Nmap also includes a scripting engine that allows users to write scripts to automate networking tasks. The presentation concludes with demonstrating Nmap's features through some examples.
The document provides an introduction and overview of the Metasploit Framework. It defines key terms like vulnerability, exploit, and payload. It outlines the scenario of testing a subnet to find vulnerabilities. It describes the main features of msfconsole like searching for modules, using specific modules, and configuring options. It promotes understanding and proper use, emphasizing that Metasploit alone does not make someone a hacker.
1) The document provides guidance on testing APIs for security weaknesses, including enumerating the attack surface, common tools to use, what to test for (e.g. authentication, authorization, injections), and demo apps to practice on.
2) It recommends testing authentication and authorization mechanisms like tokens, injections attacks on state-changing requests, and how data is consumed client-side.
3) The document also discusses testing for denial of service conditions, data smuggling through middleware, API rate limiting, and cross-origin requests.
TLS 1.3 is an update to the Transport Layer Security protocol that improves security and privacy. It removes vulnerable optional parts of TLS 1.2 and only supports strong ciphers to implement perfect forward secrecy. The handshake process is also significantly shortened. TLS 1.3 provides security benefits by removing outdated ciphers and privacy benefits by enabling perfect forward secrecy by default, ensuring only endpoints can decrypt traffic even if server keys are compromised in the future.
This document provides an introduction to hacking mainframes in 2020. It begins with an overview of mainframe systems and terminology. It then discusses reconnaissance methods like port scanning and credential theft to gain initial access. Next, it covers conducting internal reconnaissance to escalate privileges by exploiting surrogate users, APF authorized libraries, and UNIX privilege escalation techniques. The document aims to provide enough context for curiosity about hacking mainframe systems.
The document discusses CRLF injection and SSRF vulnerabilities. CRLF injection occurs when user input is directly parsed into response headers without sanitization, allowing special characters to be injected. SSRF is when a server is induced to make HTTP requests to domains of an attacker's choosing, potentially escalating access. Mitigations include sanitizing user input, implementing whitelists for allowed domains/protocols, and input validation.
The document provides an overview of Active Directory, including its components and how it is used to centrally manage users, computers, and other objects within a network. It discusses key Active Directory concepts such as forests, domains, organizational units, users, computers, and domain trusts. It also provides step-by-step instructions for setting up an Active Directory lab environment for red teaming purposes and integrating a client machine into the domain.
A security engineer discusses how logs and passive reconnaissance can reveal sensitive information like AWS credentials. The engineer searched for open Jenkins and SonarQube instances which led to discovering Slack channels containing AWS access keys. Key lessons are to know your boundaries, automate mundane tasks, don't presume systems mask secrets, and persistence is important in security work.
Shodan is a search engine that indexes internet-connected devices and provides information about devices, banners, and metadata. It works by generating random IP addresses and port scans to retrieve banner information from devices. This information is then stored in a searchable database. Users can search Shodan's database using filters like country, city, IP address, operating system, and ports. Shodan can be accessed through its website or command line interface. While useful for security research, Shodan also raises privacy and security concerns by revealing information about unprotected devices.
This document outlines an agenda for discussing cloud security. It begins with an introduction to cloud computing and deployment models. It then discusses challenges of cloud computing and why cloud security is important. Specific threats like data breaches and account hijacking are listed. The document reviews the shared responsibility model and scope of security in public clouds. It describes cloud security penetration testing methods like static and dynamic application testing. Finally, it provides prerequisites and methods for conducting cloud penetration testing, including reconnaissance, threat modeling, and following standard testing methodologies.
This document discusses several techniques for maintaining persistence on Windows systems, including modifying accessibility features, injecting into image file execution options, using AppInit DLLs, application shimming, BITS jobs, registry run keys, and Windows Management Instrumentation event subscriptions. It provides details on how each technique works, common implementations, required privileges, relevant data sources, and example event log entries.
Frida is a dynamic instrumentation toolkit that allows injecting JavaScript into applications. Objection is a runtime mobile exploration toolkit powered by Frida that helps assess the security of mobile apps. It supports iOS and Android. Objection allows exploring apps by listing classes, methods, and injecting scripts to enable dynamic analysis like dumping keychain entries.
Osquery is an open source tool that allows users to perform SQL queries on their system to retrieve information. It supports various platforms and makes it easy to get details about the system. Osquery consists of Osqueryi, Osqueryd, and Osqueryctl components. Basic queries can be run in user context mode to view system information, configuration, and tables. Osqueryd runs in daemon mode and can be configured using packs and decorators to monitor specific events and files. Osqueryctl is used to control the Osquery daemon process.
This document discusses DevSecOps, beginning with an introduction from Tibin Lukose. It then covers some challenges in DevSecOps such as developers lacking security skills, cultural challenges, and difficulties balancing speed, coverage and accuracy in testing. The document proposes a model DevSecOps company, Infosys, and provides a demo and contact information for any further questions.
This document provides an introduction to XML and related technologies like libxml2, XSLT, XPath, and XML attacks. It discusses the basics of XML including elements, tags, attributes, and validation. It also describes common XML libraries and tools like libxml2, xmllint, and xsltproc. Finally, it provides an overview of different types of XML attacks like XML injection, XPath injection, XXE, and XSLT injection.
This document contains the agenda for a presentation on Linux for hackers. The agenda includes discussing the Linux file system, managing virtual machines smartly, command line tools like alias, tee, pipe, grep, cut, uniq, and xargs, Bash scripting, logging, and proxy chaining. It also mentions demonstrating several commands and tools. The presentation aims to be an interactive session where the presenter will answer any questions from attendees.
This document provides an overview of Android penetration testing. It discusses requirements and tools for static and dynamic analysis, including Apptitude, Genymotion, and ADB. It covers analyzing the Android manifest and classes.dex files. It also describes vulnerabilities in WebViews, such as loading cleartext content and improper SSL handling. Best practices for coding securely on Android are also presented.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
2. Table of Contents
Abstract................................................................................................................................................... 3
Theory of Finger Printing and Web Application Finger printing ................................................................ 3
Usage of Web Application Finger Printing ................................................................................................ 3
Methods of Web Application Finger Printing ........................................................................................... 3
HTML Data Inspection ......................................................................................................................... 4
File and Folder Presence (HTTP response codes) .................................................................................. 5
Checksum Based identification ............................................................................................................ 5
Disadvantages of Current automated Solutions ....................................................................................... 6
Case Study of various Web Application finger printing Software’s............................................................ 6
WhatWeb ............................................................................................................................................ 6
Wapplyzer ........................................................................................................................................... 7
BlindElephant ...................................................................................................................................... 7
Plecost (Specialized Scanner for Wordpress)...................................................................................... 10
W3af Wordpress finger printer .......................................................................................................... 11
Inherent Flaws in the Design of Current automation Tools..................................................................... 12
Thwarting Web Application Finger Printing............................................................................................ 13
HTML cleansing ................................................................................................................................. 13
File and folder Restrictions ................................................................................................................ 13
Checksum Management .................................................................................................................... 14
Static Text Files (HTML, JS, CSS)...................................................................................................... 14
Image files (PNG, JPG, ICO, GIF) ..................................................................................................... 15
Incremental chaos ............................................................................................................................. 15
Enhancing Current Tools and future directions ...................................................................................... 16
New Approach for Tools .................................................................................................................... 16
Cross Referencing other techniques & using Human Common Sense in Tools .................................... 16
Conclusion............................................................................................................................................. 17
References ............................................................................................................................................ 17
3. Abstract
This Paper discusses about a relatively nascent field of Web Application finger printing, how it is
performed in the current scenarios, what are the visible shortcomings in the approach and then
discussing about ways and means to avoid Web Application Finger Printing
Theory of Finger Printing and Web Application Finger printing
Finger printing in its simplest senses is a method used to identify objects. Same Term has been used to
identify TCP/IP Stack Implementation and was known as TCP/IP finger printing. And similar usage has
been extended lately to identify web applications Installed on the Http Server.
If you know your enemies and know yourself, you can win a hundred battles without a single loss – The
Art of War (Chapter 3) in the same spirit Web Application finger printing is performed to identify the
Application and software stacks running on the HTTP Server. Web Application finger printing is at its
nascent stage as of now, however we are observing increasing awareness about it and large number of
automated solution emerging in the market.
Usage of Web Application Finger Printing
Web Application finger printing is a quintessential part of Information Gathering phase [4] of (ethical)
hacking. It allows narrowing / drilling down on specifics instead of looking for all clues. Also an
Accurately identified application can help us in quickly pinpointing known vulnerabilities and then
moving ahead with remains aspects. This Step is also essential to allow pen tester to customize its
payload or exploitation techniques based on the identification and to increase the chances of successful
intrusion.
Methods of Web Application Finger Printing
Historically Identification of Open Source applications have been easier as the behavior pattern and all
the source codes are publically open. In the early days web application identification was as simple as
looking in the footer of the Page of text like “Powered by <XYZ>”. However as more and more Server
admin became aware of this simple stuff so is the Pen Testers approach became more complex towards
identification of web application running on remote machine.
4. HTML Data Inspection
This is the simplest method in which manual approach is to open the site on browser and look at its
source code, similarly on automated manner your tool will connect to site, download the page and then
will run some basic regular expression patterns which can give you the results in yes or no. Basically
what we are looking for is unique pattern specific to web software.
Examples of such patterns are
1) Wordpress
Meta Tag
Folder Names in Link section
Ever green notice at the bottom
2) OWA
URL pattern
http://<site_name>/OWA/
3) Joomla
URL pattern: http://<site_name>/component/
4) SharePoint Portal
URL Pattern: /_layouts/*
And similarly for majority of applications we can create regular expression rules to identify them.
5. These regular expression’s combined together as a monolithic tool to identify all in one go or as a
pluggable architecture for creating one pattern file for each type and work on it.
Example of tools using this technique includes browser plugin’s like Wapplyzer and web technology
finder and similar tools.
File and Folder Presence (HTTP response codes)
This approach doesn’t download the page however it starts looking for obvious trails of an application
by directly hitting the URL and in course identifying found and not found application list. In starting days
of internet this was easy, just download headers and see if it’s 200 OK or 404 not found and you are
done.
However in current scenario, people have been putting up custom 404 Pages and are actually sending
200 OK in case the page is not found. This complicates the efforts and hence the new approach is as
follows.
1) Download default page 200 OK.
2) Download a file which is guaranteed to be non-existing then mark it as a template for 404 and
then proceed with detection logic.
Based on this assumption and knowledge this kind of tools start looking for known files and folders on a
website and try to determine the exact application name and version.
Example of such scenario would be
wp-login.php => wordpress
/owa/ => Microsoft outlook web frontend.
Checksum Based identification
This is relatively a newer approach considered by far as most accurate approach in terms on application
and specific version identification.
This Technique basically works on below pattern.
1) Create checksum local file and store in DB
6. 2) Download static file from remote server
3) Create checksum
4) Compare with checksum stored in db and identified
One of the best implementation of this technique is Blind elephant
Disadvantages of Current automated Solutions
As you might have guessed these automation tools have certain disadvantages too.
1) First and foremost these tools get noisy especially in auto detection modes.
2) Large numbers of 404’s can immediately trigger alarms across the places.
3) Secondly they generally rely on the URL pattern we gave and fail to look beyond that. However
it might be the case that site main link has reference links to its blog which might not be
updated and could open gates for us.
4) They lack the humanly fuzziness.
Case Study of various Web Application finger printing Software’s
WhatWeb
Programming Language: Ruby
This is one of the beast application allowing a pluggable architecture with virtually any application
detection as you can see in the below script-let this software is performing following tasks.
1) Google dork check
2) Regexp pattern matching
3) File existence checker
4) File Content checker based on file name
5) Md5 based matching.
This effectively allows it to report application more accurately. As well as being pluggable in nature
allows it to be customized for any application encountered.
7. Wapplyzer
Programming Language: JScript
Wapplyzer is a Firefox, Chrome Plugin, and works on only regular expression matching and doesn’t need
anything other than the page to be loaded on browser. It works completely at the browser level and giv
results in form of icon’s.
BlindElephant
Programming Language: Python
This is a new entrant in the market and works on the principle of static file checksum based version
difference.
As described by author at its home page, The Static File Fingerprinting Approach in One Picture
8. This again allows this software to work for both open-source software and closed source softwares, the
condition is that the person running BlindElephant need to have access to source code to map all static
file fingerprinting.
Basic logic is here :
9.
10. Plecost (Specialized Scanner for Wordpress)
Programming Language: Python
Plecost works on a simple principle of finding right files.
It derives the version of Wordpress from readme.html as shown below:
That is fine the fun starts when you actually look at the below section of code.
11. This section works for all open source Wordpress plugin’s which are available from wordpress.org site.
Basically it tries to fetch the readme.txt for each plugin and then based on that deduces the version of
appliance installed on this server.
Note: wordpress.org makes it a mandate for every plugin author to have a correctly formed readme.txt
file and hence chances of finding these files are too large.
W3af Wordpress finger printer
Programming Language: Python
W3AF aims to be the metasploit of web, and hence is attracting quite an attention now a day. Below
listed is among the first hand plugin’s of web application finger printing in W3AF.
This plugin again take a retro approach looks for exact file names and paths and moving on to look for
specific data inside the file and if exist then deduce that application is Wordpress. This highlight is to
stress on the fact about paths and flaws which we will be discussing after this section.
12. Inherent Flaws in the Design of Current automation Tools
If you have looked carefully in the above details you will find lots of alarming things.
1) All the tools work on assumption and have very low chances of cross verifying themselves.
They assume that
a. Filename X means Z plugin. Or
b. Folder Q in site means software is used irrespective of the actual usage of the product
or not.
2) Tools are very relaying (except blind elephant which give a probability) - over confidence is
dangerous
These tools provide us results and in turn generate confidence; however everyone needs to
understand that automated solution could also be fooled. And as such these tools should also be
non authoritative in providing the output.
3) They claim to be dynamic however remain static at large parts. (dynamics is only in replacing the
front domain name)
If you careful observe above discussions on each of scanning solution, you will see
Static path’s
dependency on static filename
4) As already suggested Noise can ring alarms.
5) Even when we talk about checksum based approach then again we fail to remove the above 2
constrains and on top of that we have a fundamental flow in this approach
13. Let’s analyze the statement
Comparing Static files at known location
Does that rings some bell, known location is not necessary always the same example in
Wordpress we can change the folder location of wp-content as of now and in future we will be
able to change other folder locations too (namely wp-admin, wp-include).
Precomputed hashes
Effectively telling me that the application has hashes pre-computed and as such doesn’t take
into consideration that user will do any manipulation of file.
Thwarting Web Application Finger Printing
HTML cleansing
This is one of the oldest methods of controlling what you don’t what others to see.
Few things to keep in mind.
META or generator tags are not required and can be removed.
Most free software’s ask you to give credit however they don’t explicitly mention that give
credit at footer of every page, you can customize that. Also any GPL product gives you the
right to modify your content and keep it to yourself till you decide to sell it.
Comments such as TO-DO / FIXIT if made should be kept at source code / programming
language control, avoid HTML comments for any information / clue.
File and folder Restrictions
One of the application specific finger printing applications is Plecost for Wordpress. As seen above it
works on a straight forward hit a file if 200 OK with valid content plugin exist otherwise doesn’t exist.
Similar kind of approach could be easily thwarted by using simple htacess based rules or redirection
policies.
Example to beat Plecost all you need is block access to readme.txt (.html) from outside.
The reason why I suggest block and not removal as in case of removal during next upgrade all the files
will be restored, however blocking will help in all cases.
14. #blocking access to readme.txt
<files readme.txt>
order allow,deny
deny from all
</files>
This should be enough to block access to readme.txt, similar steps could be performed to block majority
of other files/folders.
What we are trying to do here is allow disallow everyone direct access to important files
Checksum Management
This particular section is a hypothetical section as of now describing theoretical approach to beating the
checksum based software versioning scheme. People are welcome to enhance this approach and
integrate this in the defensive tool chain.
As already described above checksum based approach has inherent flaws in the design and hence could
be forced to fall in its own trap. I have divided this part in 3 basic sections, text files, binary files, and
incremental chaos.
The general approach for all the below is as listed
1) Change the path as path is one static link in the whole chain.
2) We might not be able to change name so change content. (Name changing can take a lot of time
and effort not by pen tester but by developers to get things right.)
Static Text Files (HTML, JS, CSS)
This section will deal with various techniques you can use to thwart checksum’s.
1) You can just manually edit all relevant file add just about any character even a single character
can change the whole checksum.
2) You can write a script to append text at the end of file.
3) Preferred option would be to intermix the actual content with seemingly relevant content in the
whole text area.
4) Things to keep in mind while performing this exercise would be
a. If you insert text in between HTML keep check on tags like <pre> <textarea>
<text><object><span><table>, any of these tags may bark out in case you add some
random text in between.
b. Text to be inserted could be a normal comment or a complex comment made out of
random characters. It could also be a properly formatted and placed HTML data.
c. Here again we need to be one step ahead and think how this protection could be
nullified, in case of comments a person can simply remove all comments from both ends
15. and then compare text. So we need to make sure our scrambler content is not just
comments but mix of comment and tags. Also tags should not be in predefined order /
pattern otherwise regular expressions could be used to detect such material and
remove it.
d. In Java script you can add some random named function requesting some valid looking
random name div and span’s however keep in mind that the regular expressions should
not be able to isolate this particular text we add otherwise we fail the actual cause of it.
e. In CSS we can work on the above tags generated in HTML and JS to hide or change data
on them.
5) We need to make sure that data is not collated at one places rather spread across the whole file.
Image files (PNG, JPG, ICO, GIF)
Manipulating image files would be a much more daunting task as this involves binary files.
Things we need to keep in mind
1) Using any image conversion tool can degrade the quality of image.
2) We need to maintain aspect ratio and resolution of all images.
3) If manipulating at image level output quality should be hundred percent with no added
compression.
However we can still look at following prospective.
1) Changing the alpha channel value i.e. changing transparency from 0 to 1% can significantly
change checksums and still retain image.
2) Binary level edit by directly editing the binary file and adding exif data or extra data to the end
of image data.
3) Manipulating color code of a fully transparent pixel.
Incremental chaos
This is my favorite part; as we are already trying to confuse the automated solutions why not add more
spice to the recipe. So here is my next hypothetical solution which is targeted towards making
automated solutions more useless. When we are trying to hide our actual platform why not provide
them something to reliable determine and give result, in simple terms
We will hide our original software using above described approaches, effectively the software might give
a no result, relying on the confidence these automated solution present why not make sure the output
is there and when reported with full confidence that could lead to lots of chaos.
So this is how we will proceed with this approach
16. 1) Hide original framework.
2) Add static content from a different framework in usual locations.
3) Add sections on page listing css / js or html page links to this bogus cms.
Combined result INCREMENTAL CHAOS.
As we can see in the above steps step 2 and 3 are most critical ones we need to keep in mind following
points while doing such a task:
1) Content should not conflict with the actual framework.
2) Folders placed should not overwrite the existing framework.
3) CSS / JS / HTML page link in content pages is necessary to thwart the attempts of regular
expression based scanners looking for content in html data.
4) Being the original files (non-tampered) they will also give positive id to checksum based systems.
Enhancing Current Tools and future directions
This section is where I have tried to suggest some approaches which could be followed to work towards
better scanners.
New Approach for Tools
Right now tools rely heavily on regular expressions and as such could be easily defeated by providing
fake text in comments or similar format. Parsing engines should be more intelligent and should be
looking at the actual content and not whole text.
Another approach which could be deployed is instead of checksum based comparison we should have
actual diff and weighted scores could be used to validate the differences however this would be
resource intensive approach but could yield some good results however problem would be in version
identification.
Cross Referencing other techniques & using Human Common Sense in Tools
We should always cross refer other inputs example Apache server detected with aspx extension and we
found through all automated checks that “SharePoint server” is present. This doesn’t seem right to
human mind. Similar approach should be embedded in the logical section of the automated tool.
There are subtle hints provided by each framework in implementation of various protocols similar to
http finger printing [2] that approach could also be used to detect the presence of a specific application.
17. Example of such implementation could be RSS, XMLRPC.
Conclusion
This paper can act as a staple food for both offensive and defensive security professionals and I have
content for both. Would love to see both side developing tools and techniques based on the above
stated methods.
References
1. AJAX Finger Printing https://www.net-security.org/dl/articles/Ajax_fingerprinting.pdf - Shreeraj
Shah : shreeraj@net-square.com
2. Http Print White Paper : http://net-square.com/httprint/httprint_paper.html - Saumil
Shah : saumil@net-square.com
3. OWASP web application Scanner Specification :
https://www.owasp.org/index.php/Category:OWASP_Web_Application_Scanner_Specification_
Project
4. OWASP –IG-004 :
https://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint_%28OWASP-IG-
004%29