Web applications provide an interface between end users and web servers through a set of web pages generated at the server end or that contain script code to be executed dynamically within the client Web browser.
The objective of this lab is to provide expert knowledge of web application vulnerabilities and web applications attacks such as:
A web application is an application that is accessed by users over a network such as the Internet or an intranet. The term may also mean a computer software application that is coded in a browser-supported programming language (such as JavaScript, combined with a browser-rendered markup language like HTML) and reliant on a common web browser to render the application executable.
Web applications are popular due to the ubiquity of web browsers, and the convenience of using a web browser as a client. The ability to update and maintain web applications without distributing and installing software on potentially thousands of client computers is a key reason for their popularity, as is the inherent support for cross-platform compatibility. Common web applications include webmail, online retail sales, online auctions, wikis and many other functions.
Web hacking refers to exploitation of applications via HTTP which can be done by manipulating the application via its graphical web interface, tampering the Uniform Resource Identifier (URI) or tampering HTTP elements not contained in the URI. Methods that can be used to hack web applications are SQL Injection attacks, Cross Site Scripting (XSS), Cross Site Request Forgeries (CSRF), Insecure Communications, etc.
As a security expert and Security Administrator, you need to test web applications for cross-site scripting vulnerabilities, cookie hijacking, command injection attacks, and secure web applications from such attacks.
According to the DailyNews, Cyber-crime targeted in new ICT policy; the government is reviewing the current Information and Communication Technology (ICT) policy in the quest to incorporate other relevant issues, including addressing cyber-crime, reported being on the increase.
“Many websites and web applications are vulnerable to security threat including the government's and nongovernment websites, we are therefore cautious to ensure that the problem is checked”, Mr Urasa said. Citing some of the reasons leading to hacking, he said inadequate auditing in website and web applications caused by lack of standard security auditing were among problems that many web developers faced.
As a security expert and Security Administrator, you should be aware of all the methods that can be employed by an attacker towards hacking web applications and accordingly you can implement a countermeasure for those attacks. Hence, in this lab, you will learn how to hack a website with vulnerabilities.
Lab Objectives
The objective of this lab is to help students learn how to test web applications for vulnerabilities. In this lab you will perform:
Lab Analysis
In this lab, you have learnt how to test web applications for vulnerabilities. Analyze and document the results related to the lab exercise. Give your opinion on your target’s security posture and exposure.
As an expert Penetration Tester, find out if your website is secure before hackers download sensitive data, commit a crime using your website as a launch pad, and endanger your business. You may use Acunetix Web Vulnerability Scanner (WVS) that checks the website, analyzes the web applications and finds perilous SQL injection, Cross site scripting and other vulnerabilities that expose the online business. Concise reports identify where web applications need to be fixed, thus enabling you to protect your business from impending hacker attacks!.
Lab Objectives
The objective of this lab is to help students secure web applications and test websites for vulnerabilities and threats.
Lab Analysis
In this lab, you have learnt how to secure web applications and test websites for vulnerabilities and threats. Analyze and document the results related to the lab exercise. Give your opinion on your target’s security posture and exposure.