Embedded Files
Web applications provide an interface between end users and web servers through a set of web pages generated at the server end or that contain script code to be executed dynamically within the client Web browser.
Module Objective
Module Objective
The objective of this lab is to provide expert knowledge of web application vulnerabilities and web applications attacks such as:
Parameter tampering
Directory traversals
Cross-Site Scripting (XSS)
Web Spidering
Cookie Poisoning and cookie parameter tampering
Securing web applications from hijacking
Scenario
Scenario
A web application is an application that is accessed by users over a network such as the Internet or an intranet. The term may also mean a computer software application that is coded in a browser-supported programming language (such as JavaScript, combined with a browser-rendered markup language like HTML) and reliant on a common web browser to render the application executable.
Web applications are popular due to the ubiquity of web browsers, and the convenience of using a web browser as a client. The ability to update and maintain web applications without distributing and installing software on potentially thousands of client computers is a key reason for their popularity, as is the inherent support for cross-platform compatibility. Common web applications include webmail, online retail sales, online auctions, wikis and many other functions.
Web hacking refers to exploitation of applications via HTTP which can be done by manipulating the application via its graphical web interface, tampering the Uniform Resource Identifier (URI) or tampering HTTP elements not contained in the URI. Methods that can be used to hack web applications are SQL Injection attacks, Cross Site Scripting (XSS), Cross Site Request Forgeries (CSRF), Insecure Communications, etc.
As a security expert and Security Administrator, you need to test web applications for cross-site scripting vulnerabilities, cookie hijacking, command injection attacks, and secure web applications from such attacks.
Module Syllabus
Module Syllabus
Web Application Security Statistics
Introduction to Web Applications
Web Application Components
How Do Web Applications work?
Web Application Architecture
Web 2.0 Applications
Vulnerability Stack
Web Attack Vectors
Web Application Threats - 1
Web Application Threats - 2
Unvalidated Input
Parameter/Form Tampering
Directory Traversal
Security Misconfiguration
Injection Flaws
SQL Injection Attacks
Command Injection Attacks
Command Injection Example
File Injection Attack
What is LDAP Injection?
How LDAP Injection Works?
Hidden Field Manipulation Attack
Cross-Site Scripting (XSS) Attacks
How do XSS Attacks work?
Cross-Site Scripting Attack Scenario: Attack via Email
XSS Example: Attack via Email
XSS Example: Stealing Users' Cookies
XSS Example: Sending an Unauthorized Request
XSS Attack in Blog Posting
XSS Attack in Comment Field
XSS Cheat Sheet
Cross-Site Request Forgery (CSRF) Attack
How do CSRF Attacks work?
Web Application Denial-of-Service (DoS) Attack
Denial of Service (DoS) Examples
Buffer Overflow Attacks
Cookie/Session Poisoning
How Does Cookie Poisoning work?
Session Fixation Attack
Insufficient Transport Layer Protection
Improper Error Handling
Insecure Cryptographic Storage
Broken Authentication and Session Management
Unvalidated Redirects and Forwards
Web Services Architecture
Web Services Attack
Web Services Footprinting Attack
Web Services XML Poisoning
Footprint Web Infrastructure
Footprint Web Infrastructure: Server Discovery
Footprint Web Infrastructure: Server Identification/Banner Grabbing
Footprint Web Infrastructure: Hidden Content Discovery
Web Spidering Using Burp Suite
Hacking Web Servers
Web Server Hacking Tool: WebInspect
Analyze Web Applications
Analyze Web Applications: Identify Entry Points for User Input
Analyze Web Applications: Identify Server-Side Technologies
Analyze Web Applications: Identify Server-Side Functionality
Analyze Web Applications: Map the Attack Surface
Attack Authentication Mechanism
Username Enumeration
Password Attacks: Password Functionality Exploits
Password Attacks: Password Guessing
Password Attacks: Brute-forcing
Session Attacks: Session ID Prediction/ Brute-forcing
Cookie Exploitation: Cookie Poisoning
Authorization Attack
HTTP Request Tampering
Authorization Attack: Cookie Parameter Tampering
Session Management Attack
Attacking Session Token Generation Mechanism
Attacking Session Tokens Handling Mechanism: Session Token Sniffing
Injection Attacks
Attack Data Connectivity
Connection String Injection
Connection String Parameter Pollution (CSPP) Attacks
Connection Pool DoS
Attack Web App Client
Attack Web Services
Web Services Probing Attacks
Web Service Attacks: SOAP Injection
Web Service Attacks: XML Injection
Web Services Parsing Attacks
Web Service Attack Tool: soapUI
Web Service Attack Tool: XMLSpy
Web Application Hacking Tool: Burp Suite Professional
Web Application Hacking Tools: CookieDigger
Web Application Hacking Tools: WebScarab
Web Application Hacking Tools
Encoding Schemes
How to Defend Against SQL Injection Attacks?
How to Defend Against Command Injection Flaws?
How to Defend Against XSS Attacks?
How to Defend Against DoS Attack?
How to Defend Against Web Services Attack?
Web Application Countermeasures
How to Defend Against Web Application Attacks?
Web Application Security Tool: Acunetix Web Vulnerability Scanner
Web Application Security Tool: Falcove Web Vulnerability Scanner
Web Application Security Scanner: Netsparker
Web Application Security Tool: N-Stalker Web Application Security Scanner
Web Application Security Tools
Web Application Firewall: dotDefender
Web Application Firewall: IBM AppScan
Web Application Firewall: ServerDefender VP
Web Application Firewall
Web Application Pen Testing
Information Gathering
Configuration Management Testing
Authentication Testing
Session Management Testing
Authorization Testing
Data Validation Testing
Denial of Service Testing
Web Services Testing
AJAX Testing
Report abuse