Presentation on theme: "Module XII Web Application Vulnerabilities"— Presentation transcript:
1Module XII Web Application Vulnerabilities Ethical HackingModule XIIWeb Application Vulnerabilities
2Module Objective Understanding Web Application Security Common Web Application Security VulnerabilitiesWeb Application Penetration MethodologiesInput ManipulationAuthentication And Session ManagementTools: Lynx, Teleport Pro, Black Widow, Web SleuthCountermeasures
3Understanding Web Application Security FirewallDatabaseWeb App ScriptsWeb ServerUser
5Web Application Penetration Methodologies Information Gathering and DiscoveryDocumenting Application / Site MapIdentifiable Characteristics / FingerprintingSignature Error and Response CodesFile / Application EnumerationForced BrowsingHidden FilesVulnerable CGIsSample FilesInput/Output Client-Side Data Manipulation
6Hacking Tool: Instant Source Instant Source lets you take a look at a web page's source code, to see how things are done. Also, you can edit HTML directly inside Internet Explorer!The program integrates into Internet Explorer and opens a new toolbar window which instantly displays the source code for whatever part of the page you select in the browser window.
7Hacking Tool: Lynx http://lynx.browser.org Lynx is a text-based browser used for downloading source files and directory links.
8Hacking Tool: Wget www.gnu.org/software/wget/wget.html Wget is a command line tool for Windows and Unix that will download the contents of a web site.It works non-interactively, so it will work in the background, after having logged off.Wget works particularly well with slow or unstable connections by continuing to retrieve a document until the document is fully downloaded.Both http and ftp retrievals can be time stamped, so Wget can see if the remote file has changed since the last retrieval and automatically retrieve the new version if it has.
9Hacking Tool: Black Widow .comBlack widow is a website scanner, a site mapping tool, a site ripper, a site mirroring tool, and an offline browser program.Use it to scan a site and create a complete profile of the site's structure, files, addresses, external links and even link errors.
10Hacking Tool: WebSleuth WebSleuth is an excellent tool that combines spidering with the capability of a personal proxy such as Achilles.
11Hidden Field Manipulation Hidden fields are embedded within HTML forms to maintain values that will be sent back to the server.Hidden fields serve as a mean for the web application to pass information between different applications.Using this method, an application may pass the data without saving it to a common backend system (typically a database.)A major assumption about the hidden fields is that since they are non visible (i.e. hidden) they will not be viewed or changed by the client.Web attacks challenge this assumption by examining the HTML code of the page and changing the request (usually a POST request) going to the server.By changing the value the entire logic between the different application parts, the application is damaged and manipulated to the new value.
14Authentication And Session Management Brute/Reverse ForceSession HijackingSession ReplaySession ForgoingPage Sequencing
15Traditional XSS Web Application Hijack Scenario - Cookie stealing User is logged on to a web application and the session is currently active. An attacker knows of a XSS hole that affects that application.The user receives a malicious XSS link via an or comes across it on a web page. In some cases an attacker can even insert it into web content (e.g. guest book, banner, etc,) and make it load automatically without requiring user intervention.
16XSS CountermeasuresAs a web application user, there are a few ways to protect yourselves from XSS attacks.The first and the most effective solution is to disable all scripting language support in your browser and reader.If this is not a feasible option for business reasons, another recommendation is to use reasonable caution while clicking links in anonymous s and dubious web pages.Proxy servers can help filter out malicious scripting in HTML.
17Buffer Overflow in WINHLP32.EXE A buffer-overrun vulnerability in WINHLP32.EXE could result in the execution of arbitrary code on the vulnerable system.This vulnerability stems from a flaw in the Item parameter within WinHLP Command.This exploit would execute in the security context of the currently logged on user.Microsoft has released Windows 2000 Service Pack 3 (SP3), which includes a fix for this vulnerability.
18Hacking Tool: Helpme2.pl Helpme2.pl is an exploit code for WinHelp32.exe Remote Buffer Overrun vulnerability.This tool generates an HTML file with a given hidden command.When this HTML file is sent to a victim through e mail, it infects the victim's computer and executes the hidden code.
20Hacking Tool: IEEN http://www.securityfriday.com/ToolDownload/IEen IEEN remotely controls Internet Explorer using DCOM.If you knew the account name and the password of a remote machine, you can remotely control the software component on it using DCOM. For example Internet Explorer is one of the soft wares that can be controlled.
21SummaryAttacking web applications is the easiest way to compromise hosts, networks and users.Generally nobody notices web application penetration, until serious damage has been done.Web application vulnerability can be eliminated to a great extent ensuring proper design specifications and coding practices as well as implementing common security procedures.Various tools help the attacker to view the source codes and scan for security holes.The first rule in web application development from a security standpoint is not to rely on the client side data for critical processes. Using an encrypted session such as SSL / “secure” cookies are advocated instead of using hidden fields, which are easily manipulated by attackers.A cross-site scripting vulnerability is caused by the failure of a web based application to validate user supplied input before returning it to the client system.If the application accepts only expected input, then the XSS can be significantly reduced.