GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
|
|
- Beatrice Montgomery
- 6 years ago
- Views:
Transcription
1 Report on IRONWASP
2 Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners. GUI based and very easy to use, no security expertise required. Powerful and effective scanning engine. Supports recording Login sequence. Reporting in both HTML and RTF formats - Click here to view the sample report. Checks for over 25 different kinds of well-known web vulnerabilities. False Positives detection support. False Negatives detection support. Extensible via plug-ins or modules in Python, Ruby, C# or VB.NET CYBER SECURITY & PRIVACY FOUNDATION 2
3 Plugins IronWASP has a plugin system that supports Python and Ruby. The version of Python and Ruby used in IronWASP is IronPython and IronRuby which is syntactically similar to CPython and CRuby. However some of the standard libraries might not be available, instead plugin authors can make use of the powerful IronWASP API. Lab Setup: Operating System : Windows XP Web Server: Xampp 1.7.3( PHP 5.3.1, Apache/2.2.14, MySQL ) Web Application: BTS Lab Web Goat DVWA bwapp IronWASP Version: CYBER SECURITY & PRIVACY FOUNDATION 3
4 Test Criteria: We have set up the test in various levels. Cross Site Scripting: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross Site Flashing: Cross Site Flashing vulnerability occurs when a flash file (swf) process the input, without sanitizing/validating the input given by a user. Cross Site Request Forgery: CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via /chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application. CYBER SECURITY & PRIVACY FOUNDATION 4
5 Clickjacking: Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. Server Side Request Forgery: An application is vulnerable to Cross Site Port Attacks if the application processes user supplied URLs and does not verify/sanitize the backend response received from remote servers before sending it back to the client. An attacker can send crafted queries to a vulnerable web application to proxy attacks to external Internet facing servers, intranet devices and the web server itself using the advertised functionality of the vulnerable web application. File Inclusion: The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. Insecure Direct Object Reference: Insecure Direct Object References occur when an application provides direct access to objects based on usersupplied input. As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly, for example database records or files. CYBER SECURITY & PRIVACY FOUNDATION 5
6 Unrestricted File Upload Vulnerability: When a web application allows user to upload files without any checks on its content or file type, it can be leveraged by an attacker to do malicious actions. Open URL redirection: Invalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. Broken Authentication and Session Management: Attacker uses leaks or flaws in the authentication or session management functions (e.g., exposed accounts, passwords, session IDs) to impersonate users. Security Misconfiguration: Security misconfiguration vulnerabilities could occur if a component is susceptible to attack due to an insecure configuration option. These vulnerabilities often occur due to insecure default configuration, poorly documented default configuration, or poorly documented side-effects of optional configuration. This could range from failing to set a useful security header on a web server, to forgetting to disable default platform functionality that could grant administrative access to an attacker. Sensitive Data Exposure: Sensitive data exposure vulnerabilities can occur when an application does not adequately protect sensitive information from being disclosed to attackers. For many applications this may be limited to information such as passwords, but it can also include information such as credit card data, session tokens, or other authentication credentials. CYBER SECURITY & PRIVACY FOUNDATION 6
7 Missing Function Level Access Control: Function level access control vulnerabilities could result from insufficient protection of sensitive request handlers within an application. An application may simply hide access to sensitive actions, fail to enforce sufficient authorization for certain actions, or inadvertently expose an action through a user-controlled request parameter. Buffer Overflow: By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine. Header Injection: HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting (also known as CRLF Carriage Return Line Feed), Session fixation via the Set-Cookie header, crosssite scripting (XSS), and malicious redirect attacks via the location header. HTTP Parameter Pollution: Supplying multiple HTTP parameters with the same name may cause an application to interpret values in unanticipated ways. By exploiting these effects, an attacker may be able to bypass input validation, trigger application errors or modify internal variables values. Full Path Disclosure Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. example: /home/omg/htdocs/file/. CYBER SECURITY & PRIVACY FOUNDATION 7
8 Source Code Disclosure: When a web server has a vulnerability that leaks the source code of server-side scripts it is called source code disclosure. Bruteforce Login: The application does not prevent attackers from trying many username/password combinations in rapid succession in order to guess account credentials. Content Spoofing: The application displays user-defined content in the URL or page body in a way that makes it appear to be legitimate site content. Denial of Service The root cause of a Denial of service is when an attacker uses/exhausts/depletes all of the resources (such as bandwidth, database connections, disk storage, CPU, memory, threads, or application specific resources) on a system preventing legitimate users from using the system. To prevent depletion of resources the application must restrict the size or amount of resources that are requested or used. Fingerprinting: One or several components of the underlying software and framework leak version information. This could help an attacker to identify which components are vulnerable. This issue is mitigated by removing all version information. Information Leakage: The application discloses sensitive/classified data or useful data about the application that can be used for targeted attacks, even though the developer did not intend for the data to be disclosed. CYBER SECURITY & PRIVACY FOUNDATION 8
9 SSI Injection: The root cause of server-side includes/injection is the application's failure to validate data before it is inserted into a server-side interpreted HTML file. Some Web servers allow entering dynamic code to static HTML pages making it possible for an attacker to send code to a web application that will get executed by the web server and possibly gain access to files or other exploits similar to cross site scripting. XML Injection: XML documents are generated by including dynamic data without proper encoding. XPATH/XQuery Injection: The application unsafely incorporates user data into an XQuery or XPath pattern which can change the logic of the query. SQL Injection: A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. CYBER SECURITY & PRIVACY FOUNDATION 9
10 LDAP Injection: LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. Command Injection: Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation. Code Injection: Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. Code Injection differs from Command Injection in that an attacker is only limited by the functionality of the injected language itself. Insufficient Session Expiration: The application either does not implement an inactivity timeout or an absolute timeout, or the timeouts are too long to provide sufficient risk mitigation. The application does not provide a logout feature, or the feature does not actively terminate the user's session. CYBER SECURITY & PRIVACY FOUNDATION 10
11 HTTP Verb Tampering: The HTTP specification includes request methods other than the standard GET and POST requests. A standards compliant web server may respond to these alternative methods in ways not anticipated by developers. Although the common description is 'verb' tampering, the HTTP 1.1 standard refers to these request types as different HTTP 'methods.' Expression Language Injection: Expression Language (EL) Injection happens when attacker controlled data enters an EL interpreter. With EL implementations prior to 2.2, attacker can recover sensitive server side information available through implicit objects. This includes model objects, beans, session scope, application scope, etc. The EL 2.2 spec allows method invocation, which permits an attacker to execute arbitrary code within context of the application. This can manipulate application functionality, expose sensitive data, and branch out into system code access-- posing a risk of server compromise. ORM Injection: ORM Injection is an attack using SQL Injection against an ORM generated data access object model. From the point of view of a tester, this attack is virtually identical to a SQL Injection attack. However, the injection vulnerability exists in code generated by the ORM tool. IMAP/SMTP Injection: This threat affects all applications that communicate with mail servers (IMAP/SMTP), generally webmail applications. The aim of this test is to verify the capacity to inject arbitrary IMAP/SMTP commands into the mail servers, due to input data not being properly sanitized. CYBER SECURITY & PRIVACY FOUNDATION 11
12 Using Components with Known Vulnerabilities: Vulnerabilities in third-party libraries and software are extremely common and could be used to compromise the security of systems using the software. CYBER SECURITY & PRIVACY FOUNDATION 12
13 Test Details Passive Plugins Test 1: Session fixation. Result: IronWASP successfully detected the Session fixation vulnerability in the target Web application. We ran the test against the target web application that doesn't assign a new session ID when authenticating a user. IronWASP successfully detected the Session Fixation vulnerability. CYBER SECURITY & PRIVACY FOUNDATION 13
14 Test 2: X-Header Analysis. Result: IronWASP identified the PHP version running on the target server by analysing the X-header. In this test, we ran a web server that includes the PHP version details in the X-Header part of the server response. CYBER SECURITY & PRIVACY FOUNDATION 14
15 Test 3: Clickjacking Result: IronWASP only gives an alert if there is any Clickjacking Protection enabled. It would be better if IronWASP is able to give an alert if there is no X-Frame-Options. In this test, we ran the scan against the web application that has Clickjacking protection. IronWASP successfully detected that Clickjacking Protection is in use based on the X-Frame-Options header. However, IronWASP fails to report, if there is no protection implemented. CYBER SECURITY & PRIVACY FOUNDATION 15
16 Test 4: Web Server Version Identification: Result: IronWASP successfully gathered information about the target web server. IronWasp analyzed the HTTP response and found the target server is running Apache CYBER SECURITY & PRIVACY FOUNDATION 16
17 Test 5: Missing HTTP-Only Flag. Result: IronWASP successfully detected that the 'HTTP-only' flag is missing in the cookie. In this test, we ran the IronWASP scan against a web application that doesn't set HTTP-only flag in the PHP session ID cookies. IronWASP was able to detect this bug. CYBER SECURITY & PRIVACY FOUNDATION 17
18 Test 6: Open URL Redirection. Result: IronWASP reports possible Open URL Redirection. In this test, we had a web page that redirects the user to another page or website based on the given input. IronWASP was able to detect that the page is vulnerable to Open URL Redirection. CYBER SECURITY & PRIVACY FOUNDATION 18
19 Active Plugins Test 1: Reflected Cross Site Scripting. (HTTP-Get) Result: IronWASP successfully detected HTTP-GET Based, reflected XSS vulnerabilities in the target Web Application. In this test, we ran the IronWASP scan against a URL which is vulnerable to HTTP-Get based reflected XSS. And we found that IronWASP was able to detect the reflected XSS vulnerabilities. CYBER SECURITY & PRIVACY FOUNDATION 19
20 Test 2: Reflected Cross Site Scripting. (HTTP-Post) Result: IronWASP successfully detected HTTP-Post based, reflected XSS vulnerabilities in the target Web Application. In this test, we ran the IronWASP scan against a URL which is vulnerable to HTTP-Post based reflected XSS. And we found that IronWASP was able to detect the reflected XSS vulnerabilities. CYBER SECURITY & PRIVACY FOUNDATION 20
21 Test 3: Stored Cross Site Scripting. Result: IronWASP successfully detected stored XSS vulnerabilities in the target Web Application. In this test, we ran the IronWASP scan against a URL which is vulnerable to stored XSS. And we found that IronWASP was able to detect the stored XSS vulnerabilities. CYBER SECURITY & PRIVACY FOUNDATION 21
22 Test 4: Cross Site Flashing. Result: IronWASP was not able to detect Cross Site Scripting vulnerability in a vulnerable flash file. In this test, we ran the IronWASP scan against a URL containing a vulnerable flash file (.swf). And we found that IronWASP was unsuccessful in detecting the Cross Site Flashing vulnerability. CYBER SECURITY & PRIVACY FOUNDATION 22
23 Test 5: SQL Injection. Result: IronWASP was able to successfully detect that the target Web application is vulnerable to SQL Injection vulnerability. In this test, we ran the IronWASP scan against a URL which is vulnerable to SQL Injection vulnerability. And we found that IronWASP was able to detect the SQL Injection vulnerability. CYBER SECURITY & PRIVACY FOUNDATION 23
24 Test 6: Blind SQL Injection. Result: IronWASP was successful in detecting Blind SQL Injection. In this test, we ran the IronWASP scan against a URL which is vulnerable to Blind SQL Injection vulnerability. And we found that IronWASP was able to detect the Blind SQL Injection vulnerability. CYBER SECURITY & PRIVACY FOUNDATION 24
25 Test 7: SQL Injection in 302 Found page. Result: IronWASP was able to detect SQL Injection vulnerability, even when the page is redirected to another page. In this test, we had a web page that gives the details of a logged-in user. If an unauthenticated user tries to access the page, he/she will be redirected to a login page with 302 error code. However, because of insecure coding, the page process the SQL query, before forwarding the unauthenticated user to login page. So, the 302 error response will contain the result of processed SQL Query. IronWASP was able to detect this bug. CYBER SECURITY & PRIVACY FOUNDATION 25
26 Test 8: Local File Inclusion. Result: IronWASP successfully detected the Local File Inclusion vulnerability. In this test, we ran the IronWASP scan against a URL which is vulnerable to Local File Inclusion vulnerability. And we found that IronWASP was able to detect the LFI vulnerability. CYBER SECURITY & PRIVACY FOUNDATION 26
27 Test 9: Remote File Inclusion. Result: IronWASP successfully detected the Remote File Inclusion vulnerability. In this test, we ran the IronWASP scan against a URL which is vulnerable to Remote File Inclusion vulnerability. And we found that IronWASP was able to detect the Remote File Inclusion vulnerability. CYBER SECURITY & PRIVACY FOUNDATION 27
28 Test 10: Directory Listing. Result: IronWASP was able to detect Directory listing vulnerabilities. The target web application had directory listing vulnerabilities. IronWASP successfully detected the bug. CYBER SECURITY & PRIVACY FOUNDATION 28
29 Test 11: Command Injection. Result: IronWASP was able to detect a command injection vulnerability in the target web page. The target web application had a web page which is vulnerable to command injection vulnerability, which enables attacker to run command in the target server. We ran the IronWASP scan against this page and found that IronWASP was able to detect it. CYBER SECURITY & PRIVACY FOUNDATION 29
30 Test 12: Code Injection. Result: IronWASP was able to detect a code injection vulnerability in the target web page. The target web application had a web page which is vulnerable to code injection vulnerability, which enables attacker to run PHP code in the target server. We ran the IronWASP scan against this page and found that IronWASP was able to detect it. CYBER SECURITY & PRIVACY FOUNDATION 30
31 Test 13: XPath Injection. Result: IronWASP was able to detect Xpath injection vulnerability. IronWASP was in successful in detecting Xpath injection vulnerability based on the default exception message. However, it was not able to detect the bug if there is custom exception message. CYBER SECURITY & PRIVACY FOUNDATION 31
32 Test 14: Server Side Request Forgery. Result: IronWASP was unsuccessful in detecting the SSRF vulnerability. The web application had a webpage which is vulnerable to Server Side Request Forgery. IronWASP was unsuccessful in detecting this bug. After sending localhost:65555 as a payload, IronWASP scan freezes. CYBER SECURITY & PRIVACY FOUNDATION 32
33 Test 15: Test for Header Injection. Result: IronWASP successfully detected the Header Injection Vulnerability. In this test, we ran the IronWASP scan against a URL which was vulnerable to Header Injection. And we found that IronWASP was able to detect the Header Injection. CYBER SECURITY & PRIVACY FOUNDATION 33
34 Test 16: Test for SSI Injection. Result: IronWASP was not able to discover SSI Injection. In this test, we ran the IronWASP scan against a URL which is vulnerable to SSI Injection. And we found that IronWASP was not able to detect the SSI Injection. CYBER SECURITY & PRIVACY FOUNDATION 34
35 Test 17: DOM Based XSS Result: IronWASP was unsuccessful to find DOM based XSS while testing with the automated scanner. But it was successful in finding the DOM Based XSS with manual browser crawler. Plugin Used: DOM XSS Analyzer. CYBER SECURITY & PRIVACY FOUNDATION 35
36 When we tested the DOM XSS Analyzer, we discovered that if we try to analyze the proxy logs of an automated scan, it does not give any results. But if we use a browser based crawler, it is able to detect a potential DOM Based XSS. CYBER SECURITY & PRIVACY FOUNDATION 36
37 Tools: Login Sequence Recording Tools: The Login Sequence Recorder was able to record the information needed to login as a user and saves that information so that it can later be called for in other scans/scripts. CYBER SECURITY & PRIVACY FOUNDATION 37
38 Interactive Testing Tools: Test 1: Test for Broken Authentication: Result: Passed. IronWASP was successfully able to find the percentage of differences in the responses for both valid session and invalid session. CYBER SECURITY & PRIVACY FOUNDATION 38
39 Test 2: Test for Privilege Escalation: Result: IronWASP was successful in identifying potential Privilege Escalation Points. There are 2 accounts, 1. Administrator account (Full Access) 2. User Account (Limited Access) Firstly, we used the browser based crawler to crawl the website as admin. Secondly, we ran a check using a prerecorded login sequence for user and tried requesting elements that were displayed to the admin. IronWASP then was able to find the percentage of difference between a request made by the user and a request made by the admin. If the difference percentage is low, it means the page served to the user and admin are similar or else if it is high, it means the pages are different. CYBER SECURITY & PRIVACY FOUNDATION 39
40 Modules: Cross Site Request Forgery (CSRF): IronWASP has modules for CSRF POC Generation and detecting insecure CSRF Token Implementation. But it does not have any feature for finding CSRF Vulnerabilities. CSRF POC Generator. CYBER SECURITY & PRIVACY FOUNDATION 40
41 OWASP Skanda. Result: Passed. This tool allows us to exploit a known SSRF Vulnerability in a Web Application, to do a port scan of a server. CYBER SECURITY & PRIVACY FOUNDATION 41
42 Vulnerability discovery features not found in IronWASP: Insecure Direct Object Reference. Unrestricted File Upload Vulnerability. Buffer Overflow. HTTP Parameter Pollution. Full Path Disclosure. Source Code Disclosure. Bruteforce Login. Content Spoofing. Denial of Service. XML Injection. HTTP Verb Tampering. ORM Injection. IMAP/SMTP Injection. Features not yet tested: LDAP Injection. Expression Language Injection. CYBER SECURITY & PRIVACY FOUNDATION 42
43 Conclusion: We observed that IronWASP is able to detect most of the vulnerabilities that it claims it can find, and we also noticed that it has the least number of "false positives" for a tool of this kind. We believe that it has raised the standards of what a "Web Vulnerability Scanner" should comprise of. We hope that IronWASP includes the features that we marked as "feature not present" in the future releases. We also recommend that the developers work both UI and Ease of use if they want it to gain wide spread usage. The overall rating that we give IronWASP is 8/10 CYBER SECURITY & PRIVACY FOUNDATION 43
IronWASP (Iron Web application Advanced Security testing Platform)
IronWASP (Iron Web application Advanced Security testing Platform) 1. Introduction: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationWeb Application Whitepaper
Page 1 of 16 Web Application Whitepaper Prepared by Simone Quatrini and Isa Shorehdeli Security Advisory EMEAR 6 th September, 2017 1.0 General Release Page 2 of 16 1. Introduction In this digital age,
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationHP 2012 Cyber Security Risk Report Overview
HP 2012 Cyber Security Risk Report Overview September 2013 Paras Shah Software Security Assurance - Canada Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More informationWeb Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationCertified Secure Web Application Security Test Checklist
www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands Certified Secure Checklist About Certified Secure exists to encourage and fulfill
More informationAndrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West
Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing Advancing Expertise in Security Testing Taming the Wild West Canberra, Australia 1 Who is this guy? Andrew
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationTHREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda
THREAT MODELING IN SOCIAL NETWORKS Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda INTRODUCTION Social Networks popular web service. 62% adults worldwide use social media 65% of world top companies
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationSecurity Testing White Paper
Security Testing White Paper Table of Contents 1. Introduction... 3 2. Need for Security Testing... 4 3. Security Testing Framework... 5 3.1 THREAT ANALYSIS... 6 3.1.1 Application Overview... 8 3.1.2 System
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationRBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationApplication Security Approach
Technical Approach Page 1 CONTENTS Section Page No. 1. Introduction 3 2. What is Application Security 7 3. Typical Approaches 9 4. Methodology 11 Page 2 1. INTRODUCTION Page 3 It is a Unsafe Cyber world..
More informationWeb Security, Summer Term 2012
IIG University of Freiburg Web Security, Summer Term 2012 Web Application: Testing Security Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 10) Web Application: Testing Security 1 Table of
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationTest Harness for Web Application Attacks
IJSRD National Conference on Advances in Computer Science Engineering & Technology May 2017 ISSN: 2321-0613 Test Harness for Web Application Attacks Kishan Chudasama 1 Mr. Girish Khilari 2 Mr. Suresh Sikka
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationSECURE CODING ESSENTIALS
SECURE CODING ESSENTIALS DEFENDING YOUR WEB APPLICATION AGAINST CYBER ATTACKS ROB AUGUSTINUS 30 MARCH 2017 AGENDA Intro - A.S. Watson and Me Why this Presentation? Security Architecture Secure Code Design
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationApplications Security
Applications Security OWASP Top 10 PyCon Argentina 2018 Objectives Generate awareness and visibility on web-apps security Set a baseline of shared knowledge across the company Why are we here / Trigger
More informationOWASP TOP 10. By: Ilia
OWASP TOP 10 By: Ilia Alshanetsky @iliaa ME, MYSELF & I PHP Core Developer Author of Guide to PHP Security Security Aficionado WEB SECURITY THE CONUNDRUM USABILITY SECURITY YOU CAN HAVE ONE ;-) OPEN WEB
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationAn analysis of security in a web application development process
An analysis of security in a web application development process Florent Gontharet Ethical Hacking University of Abertay Dundee MSc Ethical Hacking 2015 Table of Contents Abstract...2 Introduction...3
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationExploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationPerslink Security. Perslink Security. Eleonora Petridou Pascal Cuylaerts. System And Network Engineering University of Amsterdam.
Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011 Outline Research question About Perslink Approach Manual inspection Automated tests Vulnerabilities
More informationWeb Application Security. OWASP 11 th August, The OWASP Foundation Basic SQL injection Basic Click Jacking
Web Application Security Basic SQL injection Basic Click Jacking OWASP 11 th August, 2012 Vinod Senthil T Director infysec vinod@infysec.com 044-42611142/43 Copyright The OWASP Foundation Permission is
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationAguascalientes Local Chapter. Kickoff
Aguascalientes Local Chapter Kickoff juan.gama@owasp.org About Us Chapter Leader Juan Gama Application Security Engineer @ Aspect Security 9+ years in Appsec, Testing, Development Maintainer of OWASP Benchmark
More informationWEB APPLICATION PENETRATION TESTING VERSION 2
WEB APPLICATION PENETRATION TESTING VERSION 2 The most practical and comprehensive training course on web application pentesting elearnsecurity has been chosen by students in over 140 countries in the
More informationCertified Secure Web Application Secure Development Checklist
www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands About Certified Secure Checklist Certified Secure exists to encourage and fulfill
More informationTitle: Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs)
Title: Multiple Remote Command Execution vulnerabilities on Avaya Intuity Audix LX (plus some client-side bugs) Document last modified on: 17th September 2009 Date of discovery of vulnerabilities: December
More informationPRACTICAL WEB DEFENSE VERSION 1
PRACTICAL WEB DEFENSE VERSION 1 The most practical and comprehensive training course on web application defense elearnsecurity has been chosen by students in over 140 countries in the world and by leading
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationExecutive Summary. Flex Bounty Program Overview. Bugcrowd Inc Page 2 of 7
CANVAS by Instructure Bugcrowd Flex Program Results December 01 Executive Summary Bugcrowd Inc was engaged by Instructure to perform a Flex Bounty program, commonly known as a crowdsourced penetration
More informationRuby on Rails Secure Coding Recommendations
Introduction Altius IT s list of Ruby on Rails Secure Coding Recommendations is based upon security best practices. This list may not be complete and Altius IT recommends this list be augmented with additional
More informationMavituna Security Ltd. Finance House, 522A Uxbridge Rd. Pinner. HA5 3PU / UK
Netsparker is the first false positive free scanner. In this document you can see the details of features, how to use them and how to tweak Netsparker. If you can t find what you are looking for, please
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationTiger Scheme SST Standards Web Applications
Tiger Scheme SST Standards Web Applications Title Tiger Scheme Senior Security Tester Standards Web Applications Version 1.3 Status Public Release Date 8 th Nov 2013 Author Konstantinos Xynos Review Date
More information1 About Web Security. What is application security? So what can happen? see [?]
1 About Web Security What is application security? see [?] So what can happen? 1 taken from [?] first half of 2013 Let s focus on application security risks Risk = vulnerability + impact New App: http://www-03.ibm.com/security/xforce/xfisi
More informationN different strategies to automate OWASP ZAP
OWASP BUCHAREST APPSEC CONFERENCE 13 OCTOBER 2017 The OWASP Foundation http://www.owasp.org N different strategies to automate OWASP ZAP The OWASP Zed Attack Proxy Marudhamaran Gunasekaran Zap Contributor
More informationWeb Application Security Statistics Project 2007
Web Application Security Statistics Project 2007 Purpose The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More informationBIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0
BIG-IP Application Security Manager : Attack and Bot Signatures Version 13.0 Table of Contents Table of Contents Assigning Attack Signatures to Security Policies...5 About attack signatures...5 About
More informationCNIT 129S: Securing Web Applications. Ch 4: Mapping the Application
CNIT 129S: Securing Web Applications Ch 4: Mapping the Application Mapping Enumerate application's content and functionality Some is hidden, requiring guesswork and luck to discover Examine every aspect
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationWAPTv2 at a glance: Self-paced, online, flexible access interactive slides and 5+ hours of video material. Downloadable material
The most practical and comprehensive training course on Web App Pentest WAPTv2 at a glance: Self-paced, online, flexible access 1850+ interactive slides and 5+ hours of video material Downloadable material
More informationFeaturing. and. Göteborg. Ulf Larson Thursday, October 24, 13
Featuring and Göteborg OWASP top ten 2013 Based on risk data from eight firms that specialize in application security, This data spans over 500,000 vulnerabilities across hundreds of organizations and
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationIntegrity attacks (from data to code): Malicious File upload, code execution, SQL Injection
Pattern Recognition and Applications Lab Integrity attacks (from data to code): Malicious File upload, code execution, SQL Injection Igino Corona igino.corona _at_ diee.unica.it Computer Security May 2nd,
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationAutomatically Checking for Session Management Vulnerabilities in Web Applications
Regular Paper Automatically Checking for Session Management Vulnerabilities in Web Applications Yusuke Takamatsu 1,a) Yuji Kosuga 2 Kenji Kono 1,3 Received: July 4, 2012, Accepted: October 17, 2012 Abstract:
More informationSecure Development Guide
Secure Development Guide Oracle Health Sciences InForm 6.1.1 Part number: E72493-01 Copyright 2016, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationSichere Software vom Java-Entwickler
Sichere Software vom Java-Entwickler Dominik Schadow Java Forum Stuttgart 05.07.2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN We can no longer
More informationHacking by Numbers OWASP. The OWASP Foundation
Hacking by Numbers OWASP Tom Brennan WhiteHat Security Inc. tom.brennan@whitehatsec.com 973-506-9303 skype: jinxpuppy Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify
More informationWebGoat& WebScarab. What is computer security for $1000 Alex?
WebGoat& WebScarab What is computer security for $1000 Alex? Install WebGoat 10 Download from Google Code 20 Unzip the folder to where ever you want 30 Click on WebGoat.bat 40 Goto http://localhost/webgoat/attack
More informationF5 Application Security. Radovan Gibala Field Systems Engineer
1 F5 Application Security Radovan Gibala Field Systems Engineer r.gibala@f5.com +420 731 137 223 2007 2 Agenda Challenge Websecurity What are the problems? Building blocks of Web Applications Vulnerabilities
More informationSecurity Penetration Test of HIE Portal for A CUSTOMER IMPLEMENTION. Services provided to: [LOGO(s) of company providing service to]
Security Penetration Test of HIE Portal for A CUSTOMER IMPLEMENTION Services provided to: [LOGO(s) of company providing service to] Version V1.0 V1 February 13 th, 2014 Prepared By: Denis Calderone TBG
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationBugcrowd v1.6 - Nov. 2, 2018
Bugcrowd is proud of the VRT, a valuable resource for both researchers and customers to better understand the technical rating we use to classify vulnerabilities. This report details how and why we created
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationOWASP TOP OWASP TOP
ANALYZING THE OWASP TOP 10 TOP APPLICATION SECURITY THREATS & HOW TO MITIGATE THEM Cars require seatbelts. Pill bottles need safety caps. Applications need web application firewalls, and for good reason.
More information"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary
Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationIntegrity attacks (from data to code): Cross-site Scripting - XSS
Pattern Recognition and Applications Lab Integrity attacks (from data to code): Cross-site Scripting - XSS Igino Corona igino.corona (at) diee.unica.it Computer Security April 12, 2018 Department of Electrical
More informationVulnerabilities in online banking applications
Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison
More information