Intro to Web APplication Pen Testing
------------------------------------
Penetration Testing : Its a process in which we follow some global standards to test the technology to look for flaws that a hacker can cash to gain access to any kind of information or resource in any organisation's network or any website.
Types of Pen Testing
---------------------
1. Network Pentesting : Mainly concentrated on network i.e internal testing with in the organisation.
2. Web Space Pen Testing : Mainly concentrated on Application layer attacks and making reports for the same.
Web Security Standards
----------------------
OWASP TOP 10 Attacks : This is a global category standards of attacks which are formed and followed by every info security company to audit and make report of the flaws and attack results.
------------------------------------
Penetration Testing : Its a process in which we follow some global standards to test the technology to look for flaws that a hacker can cash to gain access to any kind of information or resource in any organisation's network or any website.
Types of Pen Testing
---------------------
1. Network Pentesting : Mainly concentrated on network i.e internal testing with in the organisation.
2. Web Space Pen Testing : Mainly concentrated on Application layer attacks and making reports for the same.
Web Security Standards
----------------------
OWASP TOP 10 Attacks : This is a global category standards of attacks which are formed and followed by every info security company to audit and make report of the flaws and attack results.
According to OWASP
A1-Injection
Injection flaws, such as SQL, OS, and LDAP injection occur
when untrusted data is sent to an interpreter as part of a command or query.
The attacker’s hostile data can trick the interpreter into executing unintended
commands or accessing data without proper authorization.
A2-Broken
Authentication and Session Management
Application functions related to authentication and session
management are often not implemented correctly, allowing attackers to
compromise passwords, keys, or session tokens, or to exploit other
implementation flaws to assume other users’ identities.
A3-Cross-Site
Scripting (XSS)
XSS flaws occur whenever an application takes untrusted data
and sends it to a web browser without proper validation or escaping. XSS allows
attackers to execute scripts in the victim’s browser which can hijack user
sessions, deface web sites, or redirect the user to malicious sites.
A4-Insecure Direct Object
References
A direct object reference occurs when a developer exposes a
reference to an internal implementation object, such as a file, directory, or
database key. Without an access control check or other protection, attackers
can manipulate these references to access unauthorized data.
A5-Security
Misconfiguration
Good security requires having a secure configuration defined
and deployed for the application, frameworks, application server, web server,
database server, and platform. Secure settings should be defined, implemented,
and maintained, as defaults are often insecure. Additionally, software should
be kept up to date.
A6-Sensitive Data
Exposure
Many web applications do not properly protect sensitive
data, such as credit cards, tax IDs, and authentication credentials. Attackers
may steal or modify such weakly protected data to conduct credit card fraud,
identity theft, or other crimes. Sensitive data deserves extra protection such
as encryption at rest or in transit, as well as special precautions when
exchanged with the browser.
A7-Missing Function
Level Access Control
Most web applications verify function level access rights
before making that functionality visible in the UI. However, applications need
to perform the same access control checks on the server when each function is
accessed. If requests are not verified, attackers will be able to forge
requests in order to access functionality without proper authorization.
A8-Cross-Site Request
Forgery (CSRF)
A CSRF attack forces a logged-on victim’s browser to send a
forged HTTP request, including the victim’s session cookie and any other
automatically included authentication information, to a vulnerable web
application. This allows the attacker to force the victim’s browser to generate
requests the vulnerable application thinks are legitimate requests from the
victim.
A9-Using Components
with Known Vulnerabilities
Components, such as libraries, frameworks, and other
software modules, almost always run with full privileges. If a vulnerable
component is exploited, such an attack can facilitate serious data loss or
server takeover. Applications using components with known vulnerabilities may
undermine application defenses and enable a range of possible attacks and
impacts.
A10-Unvalidated
Redirects and Forwards
Web applications frequently redirect and forward users to
other pages and websites, and use untrusted data to determine the destination
pages. Without proper validation, attackers can redirect victims to phishing or
malware sites, or use forwards to access unauthorized pages.
No comments:
Post a Comment