Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Applications Testing By Jamie Rougvie Supported by.

Similar presentations


Presentation on theme: "Web Applications Testing By Jamie Rougvie Supported by."— Presentation transcript:

1 Web Applications Testing By Jamie Rougvie Supported by

2 Jamie Rougvie 2 Disclaimer All information presented here is for educational use only. Please only practice in a controlled environment that you own or that you have written permission to use!

3 Jamie Rougvie 3 Why test web application ?? Tesco web security 'flaw' probed by UK data watchdog. 6.5 Million LinkedIn passwords leaked by hackers. GoDaddy hacked, millions of sites go down in registrar outage. Yahoo hacked, 450,000 passwords posted online. IEEE exposed 100k plaintext usernames and passwords on their FTP server.

4 Jamie Rougvie 4 Common tools Web Browser Burpsuit / ZAP there are loads of others tools and plugins to aid us when testing but the most common ones are: Sqlmap Nikto Nessus Dir Buster BEEF Automated scanners Netsparker, Acunetix and W3af

5 Jamie Rougvie 5 What is a Proxy?

6 Jamie Rougvie 6 Demo Burp Suite

7 Jamie Rougvie 7 Getting Started Browse the website Identify functional pages List possible attacks for functional pages Try to implement attacks Documentation screen shots

8 Jamie Rougvie 8 Owasp Top 10 A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection A10: Unvalidated Redirects and Forwards

9 SQL Injection A1 Injection

10 Jamie Rougvie 10 About SQL SQL Injection attacks are the process of injecting SQL commands into SQL queries to manipulate the database which the application relies on. Two types of SQL injection error based and blind.

11 Jamie Rougvie 11 Demo of SQL Injection

12 Jamie Rougvie 12 SQL Explained We can assume the SQL statement is Select * FROM users WHERE username= ' ' AND password= ' ' The Code we Injected ' or ' '= ' The Query that’s gets submitted is Select * FROM users WHERE username= ' ' AND password= ' ' or ' ' = ' ' This Result is a true statement so data from the database gets returned.

13 Jamie Rougvie 13 Power of SQL Injection Bypass login pages Dump entire databases using a tool like Sqlmap. This will allow you to get usernames and passwords which you could then crack unless they were hashed. People like using the same username and password on many sites so you can now try to access other sites with the login details.

14 Cross Site Scripting A3 XSS

15 Jamie Rougvie 15 About XSS Injecting HTML or running code (Javascript) in a user web browser Three Types of XSS they are stored, reflected and DOM. XSS can be found in any user supplied input COOKIES,GET,POST,HTTP HEADERS

16 Jamie Rougvie 16 XSS Demo

17 Jamie Rougvie 17 What can you do with an XSS attack Steal Cookies Redirect users Deface website Use BEEF

18 Jamie Rougvie 18 BEEF Demo

19 Jamie Rougvie 19 The Solution Always validate any input from the user on the server side!

20 Common Vulnerabilities Low hanging fruit

21 Jamie Rougvie 21 Default Login Details Many People make the mistake of installing applications and leaving the default settings setup on it. Example: root: password - MYSQL root: blank – PHPMyAdmin This may vary between versions but a quick Google search can find the correct default login.

22 Jamie Rougvie 22 Weak Password This is really common and yet so simple to fix! 123456 Password 123456789 abc123 111111 There are loads more default and silly passwords! Other bad ideas. Any Dictionary word Website Name Organisation Details

23 Jamie Rougvie 23 Old Version Running Companies don’t upgrade web servers or CMS (Content Management System) in case they break it. This may make it easier to exploit as they would not have known security bugs fixed.

24 Jamie Rougvie 24 Information Leakage Information leaked from the site can give vital information to the attack. Information leakage can come in many forms. Example:.

25 Jamie Rougvie 25 PRATICE RESOURCES jamierougive.co.uk – My Blog jamierougive.co.uk ypisg.bcs.org – Young Professional Information Security Group ypisg.bcs.org http://vulnhub.com Great for all testing http://vulnhub.com hack.me - Working progress as seen in demos hack.me www.owasp.org – Great for web app testing www.owasp.org www.trustedsec.com – Social Engineer Toolkit www.trustedsec.com www.dvwa.co.uk – Damn Vulnerable Web App www.dvwa.co.uk www.kioptrix.com – Demo Example www.kioptrix.com g0tmi1k.blogspot.co.uk BOOT 2 ROOT g0tmi1k.blogspot.co.uk http://beefproject.com/ Beef Project http://beefproject.com/

26 Jamie Rougvie 26 Questions!! ANY QUESTIONS ?


Download ppt "Web Applications Testing By Jamie Rougvie Supported by."

Similar presentations


Ads by Google