13 - Hacking Web Applications

Web applications provide an interface between end users and web servers through a set of web pages generated at the server end or that contain script code to be executed dynamically within the client Web browser.

Module Objective

The objective of this lab is to provide expert knowledge of web application vulnerabilities and web applications attacks such as:

  • Parameter tampering
  • Directory traversals
  • Cross-Site Scripting (XSS)
  • Web Spidering
  • Cookie Poisoning and cookie parameter tampering
  • Securing web applications from hijacking

Scenario

A web application is an application that is accessed by users over a network such as the Internet or an intranet. The term may also mean a computer software application that is coded in a browser-supported programming language (such as JavaScript, combined with a browser-rendered markup language like HTML) and reliant on a common web browser to render the application executable.

Web applications are popular due to the ubiquity of web browsers, and the convenience of using a web browser as a client. The ability to update and maintain web applications without distributing and installing software on potentially thousands of client computers is a key reason for their popularity, as is the inherent support for cross-platform compatibility. Common web applications include webmail, online retail sales, online auctions, wikis and many other functions.

Web hacking refers to exploitation of applications via HTTP which can be done by manipulating the application via its graphical web interface, tampering the Uniform Resource Identifier (URI) or tampering HTTP elements not contained in the URI. Methods that can be used to hack web applications are SQL Injection attacks, Cross Site Scripting (XSS), Cross Site Request Forgeries (CSRF), Insecure Communications, etc.

As a security expert and Security Administrator, you need to test web applications for cross-site scripting vulnerabilities, cookie hijacking, command injection attacks, and secure web applications from such attacks.

I. Hacking Web Applications

According to the DailyNews, Cyber-crime targeted in new ICT policy; the government is reviewing the current Information and Communication Technology (ICT) policy in the quest to incorporate other relevant issues, including addressing cyber-crime, reported being on the increase.

“Many websites and web applications are vulnerable to security threat including the government's and nongovernment websites, we are therefore cautious to ensure that the problem is checked”, Mr Urasa said. Citing some of the reasons leading to hacking, he said inadequate auditing in website and web applications caused by lack of standard security auditing were among problems that many web developers faced.

As a security expert and Security Administrator, you should be aware of all the methods that can be employed by an attacker towards hacking web applications and accordingly you can implement a countermeasure for those attacks. Hence, in this lab, you will learn how to hack a website with vulnerabilities.

Lab Objectives

The objective of this lab is to help students learn how to test web applications for vulnerabilities. In this lab you will perform:

  • Parameter tampering attacks
  • Cross-site scripting (XSS or CSS)

Lab Analysis

In this lab, you have learnt how to test web applications for vulnerabilities. Analyze and document the results related to the lab exercise. Give your opinion on your target’s security posture and exposure.

II. Website Vulnerability Scanning Using Acunetix WVS

As an expert Penetration Tester, find out if your website is secure before hackers download sensitive data, commit a crime using your website as a launch pad, and endanger your business. You may use Acunetix Web Vulnerability Scanner (WVS) that checks the website, analyzes the web applications and finds perilous SQL injection, Cross site scripting and other vulnerabilities that expose the online business. Concise reports identify where web applications need to be fixed, thus enabling you to protect your business from impending hacker attacks!.

Lab Objectives

The objective of this lab is to help students secure web applications and test websites for vulnerabilities and threats.

Lab Analysis

In this lab, you have learnt how to secure web applications and test websites for vulnerabilities and threats. Analyze and document the results related to the lab exercise. Give your opinion on your target’s security posture and exposure.

Module Syllabus

  • Web Application Security Statistics
  • Introduction to Web Applications
  • Web Application Components
  • How Do Web Applications work?
  • Web Application Architecture
  • Web 2.0 Applications
  • Vulnerability Stack
  • Web Attack Vectors
  • Web Application Threats - 1
  • Web Application Threats - 2
  • Unvalidated Input
  • Parameter/Form Tampering
  • Directory Traversal
  • Security Misconfiguration
  • Injection Flaws
    • SQL Injection Attacks
    • Command Injection Attacks
    • Command Injection Example
    • File Injection Attack
  • What is LDAP Injection?
  • How LDAP Injection Works?
  • Hidden Field Manipulation Attack
  • Cross-Site Scripting (XSS) Attacks
    • How do XSS Attacks work?
    • Cross-Site Scripting Attack Scenario: Attack via Email
    • XSS Example: Attack via Email
    • XSS Example: Stealing Users' Cookies
    • XSS Example: Sending an Unauthorized Request
    • XSS Attack in Blog Posting
    • XSS Attack in Comment Field
    • XSS Cheat Sheet
    • Cross-Site Request Forgery (CSRF) Attack
    • How do CSRF Attacks work?
  • Web Application Denial-of-Service (DoS) Attack
    • Denial of Service (DoS) Examples
  • Buffer Overflow Attacks
  • Cookie/Session Poisoning
    • How Does Cookie Poisoning work?
  • Session Fixation Attack
  • Insufficient Transport Layer Protection
  • Improper Error Handling
  • Insecure Cryptographic Storage
  • Broken Authentication and Session Management
  • Unvalidated Redirects and Forwards
  • Web Services Architecture
    • Web Services Attack
    • Web Services Footprinting Attack
    • Web Services XML Poisoning
  • Footprint Web Infrastructure
    • Footprint Web Infrastructure: Server Discovery
    • Footprint Web Infrastructure: Server Identification/Banner Grabbing
    • Footprint Web Infrastructure: Hidden Content Discovery
  • Web Spidering Using Burp Suite
  • Hacking Web Servers
    • Web Server Hacking Tool: WebInspect
  • Analyze Web Applications
    • Analyze Web Applications: Identify Entry Points for User Input
    • Analyze Web Applications: Identify Server-Side Technologies
    • Analyze Web Applications: Identify Server-Side Functionality
    • Analyze Web Applications: Map the Attack Surface
  • Attack Authentication Mechanism
  • Username Enumeration
  • Password Attacks: Password Functionality Exploits
  • Password Attacks: Password Guessing
  • Password Attacks: Brute-forcing
  • Session Attacks: Session ID Prediction/ Brute-forcing
  • Cookie Exploitation: Cookie Poisoning
  • Authorization Attack
    • HTTP Request Tampering
    • Authorization Attack: Cookie Parameter Tampering
  • Session Management Attack
    • Attacking Session Token Generation Mechanism
    • Attacking Session Tokens Handling Mechanism: Session Token Sniffing
  • Injection Attacks
  • Attack Data Connectivity
    • Connection String Injection
    • Connection String Parameter Pollution (CSPP) Attacks
    • Connection Pool DoS
  • Attack Web App Client
  • Attack Web Services
  • Web Services Probing Attacks
    • Web Service Attacks: SOAP Injection
    • Web Service Attacks: XML Injection
    • Web Services Parsing Attacks
  • Web Service Attack Tool: soapUI
  • Web Service Attack Tool: XMLSpy
  • Web Application Hacking Tool: Burp Suite Professional
  • Web Application Hacking Tools: CookieDigger
  • Web Application Hacking Tools: WebScarab
    • Web Application Hacking Tools
  • Encoding Schemes
    • How to Defend Against SQL Injection Attacks?
    • How to Defend Against Command Injection Flaws?
    • How to Defend Against XSS Attacks?
    • How to Defend Against DoS Attack?
    • How to Defend Against Web Services Attack?
  • Web Application Countermeasures
    • How to Defend Against Web Application Attacks?
    • Web Application Security Tool: Acunetix Web Vulnerability Scanner
    • Web Application Security Tool: Falcove Web Vulnerability Scanner
    • Web Application Security Scanner: Netsparker
    • Web Application Security Tool: N-Stalker Web Application Security Scanner
    • Web Application Security Tools
  • Web Application Firewall: dotDefender
  • Web Application Firewall: IBM AppScan
  • Web Application Firewall: ServerDefender VP
    • Web Application Firewall
  • Web Application Pen Testing
    • Information Gathering
    • Configuration Management Testing
    • Authentication Testing
    • Session Management Testing
    • Authorization Testing
    • Data Validation Testing
    • Denial of Service Testing
    • Web Services Testing
    • AJAX Testing