SlideShare a Scribd company logo

Owasp webgoat

Download as PPTX, PDF
Zakaria SMAHI
Zakaria SMAHI

OWASP WEBGOAT Workshop

Technology
1 of 24
OWASP WEBGOAT Zakaria SMAHI
WHAT IS WEBGOAT  WebGoat is a delibrately insecure J2EE web application maintained by OWASP.  Designed to teach Web Application Security.  Useful to test Security Products (ex. IPS/IDS, Firewall, Web application Firewalls) against OWASP TOP 10 promise, XML and AJAX Security Threats.
INSTALL WEBGOAT 1. Download from Google Code 2. Unzip the folder 3. Click on WebGoat.bat 4. Goto http://localhost/WebGoat/ 5. Login && pass: guest.
CONNECTING THE FIRST TIME
0X000 CODE QUALITY Hint !!! Check the Source Code of the page ;)
0X001 STORED XSS  ‘Stored attacks are those where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information.’ OWASP
0X001 STORED XSS Login as tom
0X001 STORED XSS  View and Edit the profile for tom.  Select the address field.  Copy/Paste the following:  <script>alert(« XSS »)</script>  Test !!!
0X001 STORED XSS
0X002 CSRF  ‘CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.’ OWASP
0X002 CSRF
0X002 CSRF
0X003 SQL INJECTION  ‘A SQL injection attack consists of insertion or "injection“ of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.’ OWASP
0X003 SQL INJECTION Hint!!! Try ‘ OR ‘1’=‘1
0X003 SQL INJECTION
0X004 XPATH INJECTION  ‘XPath Injection attacks occur when a web site uses user-supplied information to construct an XPath query for XML data. By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured, or access data that he may not normally have access to. He may even be able to elevate his privileges on the web site if the XML data is being used for authentication (such as an XML based user file).  Like SQL, you can specify certain attributes to find, and patterns to match. When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page. This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data.’ OWASP
0X004 XPATH INJECTION
0X004 XPATH INJECTION  XPath login request is:  //Employee[UserName/text()='" & Request("Username") & "' And Password/text()='" & Request("Password") & "']  Let’s add or 1 = 1 or ‘a’ = ‘a so the request becomes:  //Employee[UserName/text()='what ever you want' or 1=1 or 'a'='a' And Password/text()='what ever you want']  Try to log in now Bingo !!
0X004 XPATH INJECTION
0X005 SAX WEB SERVICES INJECTION  We have seen that it’s possible to send Javascript code , SQL queries in a non-validated-user-input form.  It’s also possible to send XML to modify a query.  It’s used generally in XML web services.  Some web interfaces make use of Web Services in the background. If the frontend relies on the web service for all input validation, it may be possible to corrupt the XML that the web interface sends.
0X005 SAX WEB SERVICES INJECTION <?xml version='1.0' encoding='UTF-8‘?> <wsns0:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsns1='http://lessons.webgoat.owasp.org'> Hint ! <wsns0:Body> It’s an XML File <wsns1:changePassword> <id xsi:type='xsd:int'>101</id> <password xsi:type='xsd:string'>[password]</password> </wsns1:changePassword> </wsns0:Body> </wsns0:Envelope>
0X005 SAX WEB SERVICES INJECTION <?xml version='1.0' encoding='UTF-8'?> <wsns0:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsns1='http://lessons.webgoat.owasp.org'> <wsns0:Body> <wsns1:changePassword> <id xsi:type='xsd:int'>101</id> <password xsi:type='xsd:string'>pass_101</password> </wsns1:changePassword> <wsns1:changePassword> <id xsi:type='xsd:int'>102</id> <password xsi:type='xsd:string'>pass_102</password> </wsns1:changePassword> </wsns0:Body> </wsns0:Envelope>
0X005 SAX WEB SERVICES INJECTION
Thank You !

Recommended

Spring framework
Spring frameworkSpring framework
Spring frameworkRajkumar Singh
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
 
Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Ravindra Dastikop
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding PracticesThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Secure code
Secure codeSecure code
Secure codeddeogun
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 

Recommended

Spring framework
Spring frameworkSpring framework
Spring frameworkRajkumar Singh
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
 
Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Infrastructure as a Service ( IaaS)
Infrastructure as a Service ( IaaS)Ravindra Dastikop
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding PracticesThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Secure code
Secure codeSecure code
Secure codeddeogun
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
A tutorial on CloudSim
A tutorial on CloudSimA tutorial on CloudSim
A tutorial on CloudSimHabibur Rahman
 
Web application security
Web application securityWeb application security
Web application securityAkhil Raj
 
Sql injection
Sql injectionSql injection
Sql injectionNuruzzaman Milon
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Sqlmap
SqlmapSqlmap
SqlmapInstitute of Information Security (IIS)
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Xss ppt
Xss pptXss ppt
Xss pptpenetration Tester
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesCarol McDonald
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Nabin Dutta
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Introduction to spring boot
Introduction to spring bootIntroduction to spring boot
Introduction to spring bootSantosh Kumar Kar
 
Formation python micro club.net
Formation python micro club.netFormation python micro club.net
Formation python micro club.netZakaria SMAHI
 
Sécurisation des Web Services SOAP contre les attaques par injection par la m...
Sécurisation des Web Services SOAP contre les attaques par injection par la m...Sécurisation des Web Services SOAP contre les attaques par injection par la m...
Sécurisation des Web Services SOAP contre les attaques par injection par la m...Zakaria SMAHI
 

More Related Content

What's hot

Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
A tutorial on CloudSim
A tutorial on CloudSimA tutorial on CloudSim
A tutorial on CloudSimHabibur Rahman
 
Web application security
Web application securityWeb application security
Web application securityAkhil Raj
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesCarol McDonald
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Nabin Dutta
 

What's hot (20)

Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Network Security
Network SecurityNetwork Security
Network Security
 
A tutorial on CloudSim
A tutorial on CloudSimA tutorial on CloudSim
A tutorial on CloudSim
 
Web application security
Web application securityWeb application security
Web application security
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
Sql injection
Sql injectionSql injection
Sql injection
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Xss ppt
Xss pptXss ppt
Xss ppt
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
 
Sql injection
Sql injectionSql injection
Sql injection
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
 
Introduction to spring boot
Introduction to spring bootIntroduction to spring boot
Introduction to spring boot
 

Viewers also liked

Formation python micro club.net
Formation python micro club.netFormation python micro club.net
Formation python micro club.netZakaria SMAHI
 
Sécurisation des Web Services SOAP contre les attaques par injection par la m...
Sécurisation des Web Services SOAP contre les attaques par injection par la m...Sécurisation des Web Services SOAP contre les attaques par injection par la m...
Sécurisation des Web Services SOAP contre les attaques par injection par la m...Zakaria SMAHI
 
Sécurité des web services soap
Sécurité des web services soapSécurité des web services soap
Sécurité des web services soapZakaria SMAHI
 
Buffer Overflow exploitation
Buffer Overflow exploitationBuffer Overflow exploitation
Buffer Overflow exploitationZakaria SMAHI
 
Guide d'utilisation de nmap par smahi zakaria
Guide d'utilisation de nmap par smahi zakariaGuide d'utilisation de nmap par smahi zakaria
Guide d'utilisation de nmap par smahi zakariaZakaria SMAHI
 
workshop initiation ssh
workshop initiation sshworkshop initiation ssh
workshop initiation sshZakaria SMAHI
 
Securisation des web services soap contre les attaques par injection
Securisation des web services soap contre les attaques par injectionSecurisation des web services soap contre les attaques par injection
Securisation des web services soap contre les attaques par injectionZakaria SMAHI
 
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر Assem CHELLI
 

Viewers also liked (12)

Formation python micro club.net
Formation python micro club.netFormation python micro club.net
Formation python micro club.net
 
Sécurisation des Web Services SOAP contre les attaques par injection par la m...
Sécurisation des Web Services SOAP contre les attaques par injection par la m...Sécurisation des Web Services SOAP contre les attaques par injection par la m...
Sécurisation des Web Services SOAP contre les attaques par injection par la m...
 
Bootstrap 3
Bootstrap 3Bootstrap 3
Bootstrap 3
 
Javascript 2.0
Javascript 2.0 Javascript 2.0
Javascript 2.0
 
Sécurité des web services soap
Sécurité des web services soapSécurité des web services soap
Sécurité des web services soap
 
Buffer Overflow exploitation
Buffer Overflow exploitationBuffer Overflow exploitation
Buffer Overflow exploitation
 
Guide d'utilisation de nmap par smahi zakaria
Guide d'utilisation de nmap par smahi zakariaGuide d'utilisation de nmap par smahi zakaria
Guide d'utilisation de nmap par smahi zakaria
 
workshop initiation ssh
workshop initiation sshworkshop initiation ssh
workshop initiation ssh
 
Securisation des web services soap contre les attaques par injection
Securisation des web services soap contre les attaques par injectionSecurisation des web services soap contre les attaques par injection
Securisation des web services soap contre les attaques par injection
 
Javascript 1.0
Javascript 1.0 Javascript 1.0
Javascript 1.0
 
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
تجربتي مع المساهمة في المشاريع الحرة - اليوم الحر
 
JQuery
JQueryJQuery
JQuery
 

Similar to Owasp webgoat

Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Jim Manico
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid Ahmed Ghazey
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web AppsFrank Kim
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure codingHaitham Raik
 
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptxTrack 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptxAmazon Web Services
 
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全Amazon Web Services
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
 
Secure Code Warrior - Insufficient data encoding
Secure Code Warrior - Insufficient data encodingSecure Code Warrior - Insufficient data encoding
Secure Code Warrior - Insufficient data encodingSecure Code Warrior
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 

Similar to Owasp webgoat (20)

XPath Injection
XPath InjectionXPath Injection
XPath Injection
 
WebApps_Lecture_15.ppt
WebApps_Lecture_15.pptWebApps_Lecture_15.ppt
WebApps_Lecture_15.ppt
 
Full MSSQL Injection PWNage
Full MSSQL Injection PWNageFull MSSQL Injection PWNage
Full MSSQL Injection PWNage
 
ASP.NET Web Security
ASP.NET Web SecurityASP.NET Web Security
ASP.NET Web Security
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
Web Security
Web SecurityWeb Security
Web Security
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid
 
Owasp top 10_-_2010 presentation
Owasp top 10_-_2010 presentationOwasp top 10_-_2010 presentation
Owasp top 10_-_2010 presentation
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web Apps
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure coding
 
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptxTrack 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
 
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
 
SQL Injection in JAVA
SQL Injection in JAVASQL Injection in JAVA
SQL Injection in JAVA
 
Secure Code Warrior - Insufficient data encoding
Secure Code Warrior - Insufficient data encodingSecure Code Warrior - Insufficient data encoding
Secure Code Warrior - Insufficient data encoding
 
Sql injection
Sql injectionSql injection
Sql injection
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 

Recently uploaded

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Owasp webgoat

  • 2. WHAT IS WEBGOAT  WebGoat is a delibrately insecure J2EE web application maintained by OWASP.  Designed to teach Web Application Security.  Useful to test Security Products (ex. IPS/IDS, Firewall, Web application Firewalls) against OWASP TOP 10 promise, XML and AJAX Security Threats.
  • 3. INSTALL WEBGOAT 1. Download from Google Code 2. Unzip the folder 3. Click on WebGoat.bat 4. Goto http://localhost/WebGoat/ 5. Login && pass: guest.
  • 5. 0X000 CODE QUALITY Hint !!! Check the Source Code of the page ;)
  • 6. 0X001 STORED XSS  ‘Stored attacks are those where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information.’ OWASP
  • 8. 0X001 STORED XSS  View and Edit the profile for tom.  Select the address field.  Copy/Paste the following:  <script>alert(« XSS »)</script>  Test !!!
  • 10. 0X002 CSRF  ‘CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.’ OWASP
  • 13. 0X003 SQL INJECTION  ‘A SQL injection attack consists of insertion or "injection“ of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.’ OWASP
  • 16. 0X004 XPATH INJECTION  ‘XPath Injection attacks occur when a web site uses user-supplied information to construct an XPath query for XML data. By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured, or access data that he may not normally have access to. He may even be able to elevate his privileges on the web site if the XML data is being used for authentication (such as an XML based user file).  Like SQL, you can specify certain attributes to find, and patterns to match. When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page. This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data.’ OWASP
  • 18. 0X004 XPATH INJECTION  XPath login request is:  //Employee[UserName/text()='" & Request("Username") & "' And Password/text()='" & Request("Password") & "']  Let’s add or 1 = 1 or ‘a’ = ‘a so the request becomes:  //Employee[UserName/text()='what ever you want' or 1=1 or 'a'='a' And Password/text()='what ever you want']  Try to log in now Bingo !!
  • 20. 0X005 SAX WEB SERVICES INJECTION  We have seen that it’s possible to send Javascript code , SQL queries in a non-validated-user-input form.  It’s also possible to send XML to modify a query.  It’s used generally in XML web services.  Some web interfaces make use of Web Services in the background. If the frontend relies on the web service for all input validation, it may be possible to corrupt the XML that the web interface sends.
  • 21. 0X005 SAX WEB SERVICES INJECTION <?xml version='1.0' encoding='UTF-8‘?> <wsns0:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsns1='http://lessons.webgoat.owasp.org'> Hint ! <wsns0:Body> It’s an XML File <wsns1:changePassword> <id xsi:type='xsd:int'>101</id> <password xsi:type='xsd:string'>[password]</password> </wsns1:changePassword> </wsns0:Body> </wsns0:Envelope>
  • 22. 0X005 SAX WEB SERVICES INJECTION <?xml version='1.0' encoding='UTF-8'?> <wsns0:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsns1='http://lessons.webgoat.owasp.org'> <wsns0:Body> <wsns1:changePassword> <id xsi:type='xsd:int'>101</id> <password xsi:type='xsd:string'>pass_101</password> </wsns1:changePassword> <wsns1:changePassword> <id xsi:type='xsd:int'>102</id> <password xsi:type='xsd:string'>pass_102</password> </wsns1:changePassword> </wsns0:Body> </wsns0:Envelope>
  • 23. 0X005 SAX WEB SERVICES INJECTION