web application penetration
play

Web Application Penetration By: Frank Coburn & Haris Mahboob - PowerPoint PPT Presentation

Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview of the web Web proxy tool Reporting Gaps in the process app penetration testing process Penetration testing vs vulnerability assessment What


  1. Web Application Penetration By: Frank Coburn & Haris Mahboob Testing

  2. Take Aways Overview of the web Web proxy tool Reporting Gaps in the process app penetration testing process

  3. § Penetration testing vs vulnerability assessment What is it? § Finding security issues, exploiting them, and reporting on it

  4. FINDING UNDERSTANDING LEGAL VULNERABILITIES THE APPLICATION REQUIREMENTS (E.G BEFORE THE BAD SECURITY POSTURE PCI COMPLIANCE) GUYS DO Why is it needed?

  5. § Requirements for testing § Effort days § Software/hardware requirements Scoping the § Whitelisting § Testing window application § Special requests § Cost

  6. Providing Information support gathering Our Methodology Developing Reporting test cases Vulnerability Risk analysis discovery & exploitation

  7. Methodology 2 – Information Gathering Your browser and dev tools are your best friend • Unauthenticated vulnerabilities and exposures are the most critical • Depending on the timeline, proceed in order of attacks that are most likely to succeed • • Try non-intrusive methods such as searching DNS records, as well as traceroute and other enumeration *** Stakeholders need to be notified about public exposures and unauthenticated vulnerabilities right away! ***

  8. Ca Case study A WordPress site running version 4.7.0 was vulnerable to Content Injection leading to an embarrassing and potentially reputation impacting message from a script kiddie.

  9. Acting on Information Gathered Application walkthrough Fingerprinting Analyze Discover the app’s What JS framework are they Maybe you have some functionality by investigating using? experience writing code in using your browser first these languages Sometimes session cookie See how much can be found names give away the Think about how you would without authentication. underlying platform: implement this functionality, assumptions made, corners Look for common URLs, "JSESSIONID", cut, etc directories, and error pages "ASP.NetSessionID" Challenge what the developer’s assumptions in your testing

  10. Developing Test Cases Breaking components of the application by Developing Business issues: logic test cases: • Authentication and authorization issues • Jumping user flows • Session management • Testing authorization controls • Data validation • Misconfigurations • Network Level issues

  11. Carrying out the test cases Observing application behavior Vulnerability Discovery & Exploitation Improvising as the test proceeds Google everything

  12. u https://www.kisspng.com/png-owasp-top-10-web-application- security-computer-sec-4965837/

  13. Risk Analysis Likelihood of a successful Impact of a successful attack attack • How much damage can it cause • Vulnerability discovery • Taking business into context • Payload creation difficulty • Any mitigating controls in place

  14. Security issue Evidence description Reporting Impact/Likelihood Recommendations of an attack Presentation Support

  15. § Burp Suite Pro: § Proxy HTTP traffic Our Favorite § Allows modification of URL parameters Tool and HTTP request body § Useful for business logic testing § Easy searching of information sent or received

  16. ASSESSMENTS ARE LIMITED TO THE TEST ENVIRONMENT TIMEBOXED TESTER’S TECHNICAL MISREPRESENTATION Gaps in the ABILITIES process NARROW SCOPES ATTACK SURFACE LIMITATIONS

  17. Q&A Questions?

Recommend


More recommend