Ethical Hacking
22 BEST Cyber Security Software Tools in 2021
Cybersecurity refers to protecting hardware, software, and data from attackers. It protects...
OWASP or Open Web Security Project is a non-profit charitable organization focused on improving the security of software and web applications.
The organization publishes a list of top web security vulnerabilities based on the data from various security organizations.
The web security vulnerabilities are prioritized depending on exploitability, detectability and impact on software.
What is needed to exploit the security vulnerability? Highest exploitability when the attack needs only web browser and lowest being advanced programming and tools.
How easy is it to detect the threat? Highest being the information displayed on URL, Form or Error message and lowest being source code.
How much damage will be done if the security vulnerability is exposed or attacked? Highest being complete system crash and lowest being nothing at all.
The main aim of OWASP Top 10 is to educate the developers, designers, managers, architects and organizations about the most important security vulnerabilities.
The Top 10 security vulnerabilities as per OWASP Top 10 are:
Description
Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the user supplied data.
Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands and gives access to unauthorized data.
The SQL command which when executed by web application can also expose the back-end database.
Implication
Vulnerable Objects
Examples:
Logging into an application without having valid credentials.
Valid userName is available, and password is not available.
Test URL: http://demo.testfire.net/default.aspx
User Name: sjones
Password: 1=1' or pass123
SQL query created and sent to Interpreter as below
SELECT * FROM Users WHERE User_Name = sjones AND Password = 1=1' or pass123;
Recommendations
Description
Cross Site Scripting is also shortly known as XSS.
XSS vulnerabilities target scripts embedded in a page that are executed on the client side i.e. user browser rather then at the server side. These flaws can occur when the application takes untrusted data and send it to the web browser without proper validation.
Attackers can use XSS to execute malicious scripts on the users in this case victim browsers. Since the browser cannot know if the script is trusty or not, the script will be executed, and the attacker can hijack session cookies, deface websites, or redirect the user to an unwanted and malicious websites.
XSS is an attack which allows the attacker to execute the scripts on the victim's browser.
Implication:
Vulnerable Objects
Examples
1. http://www.vulnerablesite.com/home?"<script>alert("xss")</script>
The above script when run on a browser, a message box will be displayed if the site is vulnerable to XSS.
The more serious attack can be done if the attacker wants to display or store session cookie.
2. http://demo.testfire.net/search.aspx?txtSearch <iframe> <src = http://google.com width = 500 height 500></iframe>
The above script when run, the browser will load an invisible frame pointing to http://google.com.
The attack can be made serious by running a malicious script on the browser.
Recommendations
Description
The websites usually create a session cookie and session ID for each valid session, and these cookies contain sensitive data like username, password, etc. When the session is ended either by logout or browser closed abruptly, these cookies should be invalidated i.e. for each session there should be a new cookie.
If the cookies are not invalidated, the sensitive data will exist in the system. For example, a user using a public computer (Cyber Cafe), the cookies of the vulnerable site sits on the system and exposed to an attacker. An attacker uses the same public computer after some time, the sensitive data is compromised.
In the same manner, a user using a public computer, instead of logging off, he closes the browser abruptly. An attacker uses the same system, when browses the same vulnerable site, the previous session of the victim will be opened. The attacker can do whatever he wants to do from stealing profile information, credit card information, etc.
A check should be done to find the strength of the authentication and session management. Keys, session tokens, cookies should be implemented properly without compromising passwords.
Vulnerable Objects
Implication
Examples
http://Examples.com/sale/saleitems;jsessionid=2P0OC2oJM0DPXSNQPLME34SERTBG/dest=Maldives (Sale of tickets to Maldives)
An authenticated user of the site wants to let his friends know about the sale and sends an email across. The friends receive the session ID and can be used to do unauthorized modifications or misuse the saved credit card details.
Recommendations
Description
It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. The attacker can use this information to access other objects and can create a future attack to access the unauthorized data.
Implication
Vulnerable Objects
Examples:
Changing "userid" in the following URL can make an attacker to view other user's information.
http://www.vulnerablesite.com/userid=123 Modified to http://www.vulnerablesite.com/userid=124
An attacker can view others information by changing user id value.
Recommendations:
Description
Cross Site Request Forgery is a forged request came from the cross site.
CSRF attack is an attack that occurs when a malicious website, email, or program causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated.
A CSRF attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any other automatically included authentication information, to a vulnerable web application.
A link will be sent by the attacker to the victim when the user clicks on the URL when logged into the original website, the data will be stolen from the website.
Implication
Vulnerable Objects
Examples
The victim is logged into a bank website using valid credentials. He receives mail from an attacker saying "Please click here to donate $1 to cause."
When the victim clicks on it, a valid request will be created to donate $1 to a particular account.
http://www.vulnerablebank.com/transfer.do?account=cause&amount=1
The attacker captures this request and creates below request and embeds in a button saying "I Support Cause."
http://www.vulnerablebank.com/transfer.do?account=Attacker&amount=1000
Since the session is authenticated and the request is coming through the bank website, the server would transfer $1000 dollars to the attacker.
Recommendation
Description
Security Configuration must be defined and deployed for the application, frameworks, application server, web server, database server, and platform. If these are properly configured, an attacker can have unauthorized access to sensitive data or functionality.
Sometimes such flaws result in complete system compromise. Keeping the software up to date is also good security.
Implication
Vulnerable objects
Examples
Recommendations
Description
Insecure Cryptographic storage is a common vulnerability which exists when the sensitive data is not stored securely.
The user credentials, profile information, health details, credit card information, etc. come under sensitive data information on a website.
This data will be stored on the application database. When this data are stored improperly by not using encryption or hashing*, it will be vulnerable to the attackers.
(*Hashing is transformation of the string characters into shorter strings of fixed length or a key. To decrypt the string, the algorithm used to form the key should be available)
Implication
Vulnerable objects
Examples
In one of the banking application, password database uses unsalted hashes * to store everyone's passwords. An SQL injection flaw allows the attacker to retrieve the password file. All the unsalted hashes can be brute forced in no time whereas, the salted passwords would take thousands of years.
(*Unsalted Hashes – Salt is a random data appended to the original data. Salt is appended to the password before hashing)
Recommendations
Description
Web applications check URL access rights before rendering protected links and buttons. Applications need to perform similar access control checks each time these pages are accessed.
In most of the applications, the privileged pages, locations and resources are not presented to the privileged users.
By an intelligent guess, an attacker can access privilege pages. An attacker can access sensitive pages, invoke functions and view confidential information.
Implication
Vulnerable objects:
Examples
http://www.vulnerablsite.com can be modified as http://www.vulnerablesite.com/admin
Recommendations
Description
Deals with information exchange between the user (client) and the server (application). Applications frequently transmit sensitive information like authentication details, credit card information, and session tokens over a network.
By using weak algorithms or using expired or invalid certificates or not using SSL can allow the communication to be exposed to untrusted users, which may compromise a web application and or steal sensitive information.
Implication
Vulnerable objects
Recommendations
Examples:
1. An application not using SSL, an attacker will simply monitor network traffic and observes an authenticated victim session cookie. An attacker can steal that cookie and perform Man-in-the-Middle attack.
Description
The web application uses few methods to redirect and forward users to other pages for an intended purpose.
If there is no proper validation while redirecting to other pages, attackers can make use of this and can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
Implication
Examples
1.http://www.vulnerablesite.com/login.aspx?redirectURL=ownsite.com
Modified to
http://www.vulnerablesite.com/login.aspx?redirectURL=evilsite.com
Recommendations
This article is contributed by Prasanthi Eati
Cybersecurity refers to protecting hardware, software, and data from attackers. It protects...
Below is a curated list of Bounty Programs by reputable companies 1) Intel Intel's bounty program...
We have prepared the most important Ethical Hacking interview questions to help you prepare for...
Ethical Hacking is identifying weaknesses in computer systems/networks and coming with...
{loadposition top-ads-automation-testing-tools} Penetration Testing tools help in identifying security...
Linux is the most widely used server operating system, especially for web servers. It is open...