Abstract image of a woman sitting on books and studying on a laptop

Application fuzzing

B
Blueinfy Solutions

This document discusses application layer fuzzing and the potential information leaks that can occur. It describes how an attacker can inject faults through HTTP requests to trigger exceptions and scan responses for signatures. Errors can reveal details like the technology stack, network architecture, intranet applications, database connection information, file system layouts, and authentication mechanisms. Information leaks occur when deployment components like web servers and databases are misconfigured or have vulnerabilities, or when application source code does not properly handle errors. Various examples show how errors from web servers, application servers, databases, and source code can disclose internal paths, nature of errors, and potential injection points.

Technology
1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
Application Layer Fuzzing
Attacker’s approach • Fuzzing over HTTP • Injecting faults with various set of payload • Try to raise the exception • Exception throw message back as part of HTTP response • Scanning response for signatures • If signature found, it becomes interesting entry for exploitation
Possible Leaks • Errors can send information about technology stack and weaknesses. In some cases error helps in fingerprinting web and application servers running on target application. • Internal IP addresses and architecture layout for network. • Intranet applications and their setups. • Type of backend database and its connection information. • Internal folders and file system layout for application. • Username and authentication mechanism and disclosures. • Hidden paths and folder which helps in retrieving several other files and internal database information. • Error code and other relevant information which helps in analyzing possible cause for an attacker.
Root cause • Deployment cause – Application runs on technology stack, it involves web server, application servers, plugins and handlers, database server etc. If these components are not configured properly or having inherent vulnerability then it can lead to information disclosure. • Source code cause – If application source code is not having best practices for error or exception handling then it ends up leaking information to end client as part of business logic. This set of information can help in detecting vulnerability or end up sharing internal logic information.
Error handlers Web Server Application Server Source Code Database/Auth/Backend HTTP Request HTTP Response Error Messages
File not found errors • HTTP 404 - not found server id server id
Internal server errors • HTTP 500 error messages: nature of error revealed in error code
PHP error example • Attempting to read a file which does not exist: Internal path disclosed.
Application error message example • Attempting to place an order that already exists: Internal path disclosed.
MySQL error example • Generated from a failed PHP MySQL query: Possible SQL injection point uncovered.
MS-SQL error example • Generated from a failed ASP MS-SQL query: Possible SQL injection point uncovered.
Tools & Conclusion

More Related Content

PPT
Assessment methodology and approach
Blueinfy Solutions
 
PPT
AppSec 2007 - .NET Web Services Hacking
Shreeraj Shah
 
PPT
Advanced applications-architecture-threats
Blueinfy Solutions
 
PPTX
Application Security TRENDS – Lessons Learnt- Firosh Ummer
OWASP-Qatar Chapter
 
PDF
Mobile security chess board - attacks & defense
Blueinfy Solutions
 
PPT
Secure SDLC for Software
Shreeraj Shah
 
PPT
Web Services Hacking and Security
Blueinfy Solutions
 
PDF
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 
Assessment methodology and approach
Blueinfy Solutions
 
AppSec 2007 - .NET Web Services Hacking
Shreeraj Shah
 
Advanced applications-architecture-threats
Blueinfy Solutions
 
Application Security TRENDS – Lessons Learnt- Firosh Ummer
OWASP-Qatar Chapter
 
Mobile security chess board - attacks & defense
Blueinfy Solutions
 
Secure SDLC for Software
Shreeraj Shah
 
Web Services Hacking and Security
Blueinfy Solutions
 
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
 

What's hot (20)

PPT
Hacking web applications
Adeel Javaid
 
PPT
HTML5 hacking
Blueinfy Solutions
 
PPTX
Owasp Top 10 A1: Injection
Michael Hendrickx
 
PDF
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Shreeraj Shah
 
PPT
Automation In Android & iOS Application Review
Blueinfy Solutions
 
DOC
Joomla web application development vulnerabilities
BlazeDream Technologies Pvt Ltd
 
PDF
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
Shreeraj Shah
 
PPTX
Web application attacks
hruth
 
PPT
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
Shreeraj Shah
 
PDF
Workshop : Application Security
Priyanka Aash
 
PDF
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Shreeraj Shah
 
PPT
XSS and CSRF with HTML5
Shreeraj Shah
 
PDF
CNIT 129S: Ch 5: Bypassing Client-Side Controls
Sam Bowne
 
PPTX
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
PDF
Securty Testing For RESTful Applications
Source Conference
 
PDF
Session7-XSS & CSRF
zakieh alizadeh
 
PPTX
Owasp first5 presentation
Ashwini Paranjpe
 
PDF
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
Sam Bowne
 
PDF
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Sam Bowne
 
PPT
Web Attacks - Top threats - 2010
Shreeraj Shah
 
Hacking web applications
Adeel Javaid
 
HTML5 hacking
Blueinfy Solutions
 
Owasp Top 10 A1: Injection
Michael Hendrickx
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Shreeraj Shah
 
Automation In Android & iOS Application Review
Blueinfy Solutions
 
Joomla web application development vulnerabilities
BlazeDream Technologies Pvt Ltd
 
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
Shreeraj Shah
 
Web application attacks
hruth
 
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
Shreeraj Shah
 
Workshop : Application Security
Priyanka Aash
 
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Shreeraj Shah
 
XSS and CSRF with HTML5
Shreeraj Shah
 
CNIT 129S: Ch 5: Bypassing Client-Side Controls
Sam Bowne
 
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
Securty Testing For RESTful Applications
Source Conference
 
Session7-XSS & CSRF
zakieh alizadeh
 
Owasp first5 presentation
Ashwini Paranjpe
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
Sam Bowne
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
Sam Bowne
 
Web Attacks - Top threats - 2010
Shreeraj Shah
 
Ad

Viewers also liked (7)

PPTX
Security Testing: Fuzzing
Andrei Rubaniuk
 
PPTX
Intro to reverse engineering owasp
Tsvetelin Choranov
 
PPTX
Reverse engineering
Hicube Infosec
 
PPTX
Register Organization and Instruction cycle
Muhammad Ameer Mohavia
 
PPTX
Processor organization & register organization
Ghanshyam Patel
 
PPTX
What the fuzz
Christopher Frenz
 
PDF
Assembly language 8086
John Cutajar
 
Security Testing: Fuzzing
Andrei Rubaniuk
 
Intro to reverse engineering owasp
Tsvetelin Choranov
 
Reverse engineering
Hicube Infosec
 
Register Organization and Instruction cycle
Muhammad Ameer Mohavia
 
Processor organization & register organization
Ghanshyam Patel
 
What the fuzz
Christopher Frenz
 
Assembly language 8086
John Cutajar
 
Ad

Similar to Application fuzzing (20)

PDF
Injecting simplicity not SQL RSA Europe 2010
Security Ninja
 
PDF
Web Security
KHOANGUYNNGANH
 
KEY
OWASP Dallas
Branden Williams
 
PPT
Web Application Security
Colin English
 
PPTX
Security hole #5 application security science or quality assurance
Tjylen Veselyj
 
PPT
Software Security in the Real World
Mark Curphey
 
PDF
Injecting simplicity not SQL BSides Las Vegas 2010
Security Ninja
 
PPTX
Altitude SF 2017: Security at the edge
Fastly
 
PPTX
Securing the Web @RivieraDev2016
Sumanth Damarla
 
PPTX
Web Application Hacking tools .pptx
Guna Dhondwad
 
PPTX
Chapter 2Chapter 2Chapter 2Chapter 2Chapter 2
user201002adobe
 
PDF
Code securely
Maksym Hopei
 
PPTX
CyberSecurityppt. pptx
iamayesha2526
 
PPT
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Alan Kan
 
PDF
Graphing for Security
mr_secure
 
PPT
Software Security Engineering
Marco Morana
 
PPTX
Phi 235 social media security users guide presentation
Alan Holyoke
 
PDF
Vulnerability Management In An Application Security World
Denim Group
 
PPTX
Web Application Security 101
Jannis Kirschner
 
PDF
Web Application Security with PHP
jikbal
 
Injecting simplicity not SQL RSA Europe 2010
Security Ninja
 
Web Security
KHOANGUYNNGANH
 
OWASP Dallas
Branden Williams
 
Web Application Security
Colin English
 
Security hole #5 application security science or quality assurance
Tjylen Veselyj
 
Software Security in the Real World
Mark Curphey
 
Injecting simplicity not SQL BSides Las Vegas 2010
Security Ninja
 
Altitude SF 2017: Security at the edge
Fastly
 
Securing the Web @RivieraDev2016
Sumanth Damarla
 
Web Application Hacking tools .pptx
Guna Dhondwad
 
Chapter 2Chapter 2Chapter 2Chapter 2Chapter 2
user201002adobe
 
Code securely
Maksym Hopei
 
CyberSecurityppt. pptx
iamayesha2526
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Alan Kan
 
Graphing for Security
mr_secure
 
Software Security Engineering
Marco Morana
 
Phi 235 social media security users guide presentation
Alan Holyoke
 
Vulnerability Management In An Application Security World
Denim Group
 
Web Application Security 101
Jannis Kirschner
 
Web Application Security with PHP
jikbal
 

More from Blueinfy Solutions (14)

PDF
Mobile Application Scan and Testing
Blueinfy Solutions
 
PPT
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
PPT
iOS Application Security Testing
Blueinfy Solutions
 
PPT
Html5 on mobile
Blueinfy Solutions
 
PPT
Android secure coding
Blueinfy Solutions
 
PPT
Android attacks
Blueinfy Solutions
 
PPT
Source Code Analysis with SAST
Blueinfy Solutions
 
PPT
XSS - Attacks & Defense
Blueinfy Solutions
 
PPT
Defending against Injections
Blueinfy Solutions
 
PPT
XPATH, LDAP and Path Traversal Injection
Blueinfy Solutions
 
PPT
Blind SQL Injection
Blueinfy Solutions
 
PPT
SQL injection basics
Blueinfy Solutions
 
PPT
Applciation footprinting, discovery and enumeration
Blueinfy Solutions
 
PPT
HTTP protocol and Streams Security
Blueinfy Solutions
 
Mobile Application Scan and Testing
Blueinfy Solutions
 
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
 
iOS Application Security Testing
Blueinfy Solutions
 
Html5 on mobile
Blueinfy Solutions
 
Android secure coding
Blueinfy Solutions
 
Android attacks
Blueinfy Solutions
 
Source Code Analysis with SAST
Blueinfy Solutions
 
XSS - Attacks & Defense
Blueinfy Solutions
 
Defending against Injections
Blueinfy Solutions
 
XPATH, LDAP and Path Traversal Injection
Blueinfy Solutions
 
Blind SQL Injection
Blueinfy Solutions
 
SQL injection basics
Blueinfy Solutions
 
Applciation footprinting, discovery and enumeration
Blueinfy Solutions
 
HTTP protocol and Streams Security
Blueinfy Solutions
 

Recently uploaded (20)

PDF
August Patch Tuesday
Ivanti
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
August Patch Tuesday
Ivanti
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Unlock new opportunities with location data.pdf
Precisely
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 

Application fuzzing

  • 2. Attacker’s approach • Fuzzing over HTTP • Injecting faults with various set of payload • Try to raise the exception • Exception throw message back as part of HTTP response • Scanning response for signatures • If signature found, it becomes interesting entry for exploitation
  • 3. Possible Leaks • Errors can send information about technology stack and weaknesses. In some cases error helps in fingerprinting web and application servers running on target application. • Internal IP addresses and architecture layout for network. • Intranet applications and their setups. • Type of backend database and its connection information. • Internal folders and file system layout for application. • Username and authentication mechanism and disclosures. • Hidden paths and folder which helps in retrieving several other files and internal database information. • Error code and other relevant information which helps in analyzing possible cause for an attacker.
  • 4. Root cause • Deployment cause – Application runs on technology stack, it involves web server, application servers, plugins and handlers, database server etc. If these components are not configured properly or having inherent vulnerability then it can lead to information disclosure. • Source code cause – If application source code is not having best practices for error or exception handling then it ends up leaking information to end client as part of business logic. This set of information can help in detecting vulnerability or end up sharing internal logic information.
  • 5. Error handlers Web Server Application Server Source Code Database/Auth/Backend HTTP Request HTTP Response Error Messages
  • 6. File not found errors • HTTP 404 - not found server id server id
  • 7. Internal server errors • HTTP 500 error messages: nature of error revealed in error code
  • 8. PHP error example • Attempting to read a file which does not exist: Internal path disclosed.
  • 9. Application error message example • Attempting to place an order that already exists: Internal path disclosed.
  • 10. MySQL error example • Generated from a failed PHP MySQL query: Possible SQL injection point uncovered.
  • 11. MS-SQL error example • Generated from a failed ASP MS-SQL query: Possible SQL injection point uncovered.