SlideShare a Scribd company logo

Security Testing Training With Examples

Download as PPTX, PDF
Alwin Thayyil
Alwin Thayyil

The document details security testing for web applications, emphasizing the importance of protecting confidential data and identifying vulnerabilities. It outlines various types of web application vulnerabilities, such as authentication and authorization issues, client-side attacks, SQL injection, and cross-site scripting (XSS). Tools and techniques for conducting security testing, including Burp Suite and examples of attacks, are also discussed, along with recommendations for improving security measures.

Technology
1 of 47
Downloaded 226 times
1
2
Most read
3
4
Most read
5
6
Most read
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Security Testing Training With Examples ALWIN JOSEPH THAYYIL
What is Security Testing • Security testing is the process that determines that confidential data stays confidential and users can perform only those tasks that they are authorized to perform. • It also helps in detecting all possible security risks in the system and help developers in fixing these problems through coding • Security testing is vital for e-commerce website that store sensitive customer information like credit cards.
Why web application security is of high importance • Web applications are increasing day by day • Most web applications are vulnerable. • 98 % of the web applications are vulnerable . • 78 % of easily exploitable weakness occur in web applications.
Types of web application vulnerabilities  Security Testing is deemed successful when the below attributes of an application are intact • Authentication • Authorization • Client side attacks • Command Execution • Information Disclosure • Logical Attacks
Authentication – Stealing user account identities  The Authentication section covers attacks that target a websites method of validating the identity of a user.  To confirm that something or someone is authentic – true to the claims.  The digital identity of a user is validated and verified.  Brute Force attack automates a process of trial and error to guess a person’s username, password, credit-card number or cryptographic key.  Insufficient Authentication permits an attacker to access sensitive content or functionality without proper authentication.  Weak Password Recovery Validation permits an attacker to illegally obtain, change or recover another user’s password.
Authorization – illegal access to applications  The Authorization section covers attacks that target a web sites method of determining if a user has the necessary permissions to perform a requested action.  Is the Person allowed to do this operation  Insufficient Session Expiration permits an attacker to reuse old session credentials or session IDs for authorization.  Credential / Session Prediction is a method of hijacking or impersonating a user .
Client side attacks – illegal execution of foreign code • Content Spoofing tricks a user into believing that certain content appearing on a web site is legitimate and not from an external source.  Cross-site Scripting (XSS) forces a web site to echo attacker-supplied executable code, which loads into a user’s browser.
Command Execution – hijacks control of web application  SQL Injection constructs illegal SQL statements on a web site application from user-supplied input.  Buffer Overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.
Information Disclosure – shows sensitive data to attackers  The Information Disclosure section covers attacks designed to acquire system specific information about a web site.  Information leakage : Information Leakage is when a web site reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system.  Path traversal : The Path Traversal attack technique forces access to files, directories, and commands that potentially reside outside the web document root directory.
Logical Attacks – interfere with application usage  Abuse of Functionality uses a web site’s own features and functionality to consume, defraud, or circumvent access control mechanisms.  Denial of Service (DoS) attacks prevent a web site from serving normal user activity.
Burp Suite  Burp Suite is an integrated platform for performing security testing of web applications.  The Burp Suite is made up of tools
Burp Suite  Proxy: It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.  Spider: Burp Spider is a tool for mapping web applications.  Scanner: Burp Scanner is a tool for performing automated discovery of security vulnerabilities in web applications.  Intruder: For performing powerful customized attacks to find and exploit unusual vulnerabilities.  Repeater: Burp Repeater is a tool for manually modifying and reissuing individual HTTP requests, and analyzing their responses.  Comparer: Burp Comparer is a simple tool for performing a comparison (a visual “diff”) between any two items of data.  Limitations of tools: Unrealistic expectations from the tool & People depend on the tool a lot.
Configure your browser
Brute force attack (Ex For Authentication vulnerabilities) • Brute Force Attack  Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.  The most obvious way to block brute-force attacks is to simply lock out accounts after a defined number of incorrect password attempts.
Brute force attack (Ex For Authentication vulnerabilities) This is a web application having vulnerabilities. I am going to explain brute force attack with the help of burp suite.
Brute force attack Then send it to intruder
Brute force attack
Brute force attack Then select the payloads and attack type.
Brute force attack  Give the payload 1 datas. Here in this example I had given only some values actually you can upload username and password lists from outside.
Brute force attack Give the payload 2 datas and from intruder give the attack.
Brute force attack Check the request and response of payloads having maximum length variation
Brute force attack Now the brute force attack is successfully launched with the username admin and password password.
Password Passing to server( Ex for Information leakage ) • Password Passing to server The password should be encrypted while being transmitted over the network. In the below example password between server and client is being passed in clear text during the registration process.
Session Hijacking (Ex for Session Management) This test is to check whether the cookie can be reused in another computer during the log-in phase. 1. Login in the application and capture the request in that valid session along with the authenticated URL:
Session Hijacking (Ex for Session Management) Then copy it to a notepad
Session Hijacking (Ex for Session Management) • Open the new browser and go to the authenticated URL captured in step 1. Then, capture the request and replace the cookie with earlier captured cookie value:
Session Hijacking (Ex for Session Management) Successfully launched the session hijacking attack.
Directory Scanning (Ex for Authorization)  This type of attacks exploits bugs in the web server to gain unauthorized access to files and folders that are not in the public domain. Once the attacker has gained access, they can download sensitive information, execute commands on the server or install malicious software.  http://demo.guru99.com/Security/SEC_V1/index.php  A small example for directory scanning can be shown from this site  Here the login credentials are user id: 1303 and pass:Guru99.  This is an ordinary customer login, having the rights to view his payments fund transfer etc. he is not having the permission to add, edit or delete other customers data. Enter the below url in the browser and check Now customer can add new customers.  http://demo.guru99.com/Security/SEC_V1/customer/addcustomerpage.php  I hope you checked it and understand how to perform it.
File uploads  Only valid files should be permitted for uploading.  http://demo.guru99.com/Security/SEC_V1/customer/contactus.php  In the above link the upload file menu, currently accepts any file format including exe,php, js, etc. A malicious user can upload a virus or executable file and using  The file size should also be checked so that users do not upload large files which would eat up the server space.
Forceful browsing A malicious user can access the complete application from different browsers without login. How to perform: Log in to an application then copy the url now paste it in another browser and check whether user is logging in or redirected to the login page. Recommendation: The application must implement proper session/cookie management on the server side, to ensure strict access control. This would avoid any user in directly copy-pasting of the link to get unauthorized access into the internal pages.
Audi trail Implementation  An Audit trail should be incorporated in the application, where all user activities have to be logged.
Phishing attacks  Phishing. It is a technique that uses trickery and deceit to obtain private data from users. A hacker may try to impersonate a genuine website such as yahoo and then ask the unsuspecting user to confirm their account name and password. This technique could also be used to get credit card information or any other valuable personal data.  http://bank.83answers.com/  http://demo.guru99.com/Security/SEC_V1/index.php
SQL Injection  SQL injection is a code injection technique in which malicious SQL statements are inserted into an entry field for execution.  The targeted site to perform sql injection is dvwa
SQL Injection  Enter User ID, click submit and intercept the request with Burp Suite Proxy. The next step is sending the request to Burp Suite Intruder (click right on the request and choose “Send to Intruder”).
SQL Injection  A penetration tester can create his own list of payloads or use an existing one. Exemplary payloads can be found, for example, in Kali Linux (penetration testing distribution [4]) in the /usr/share/wfuzz/wordlist/Injections directory. Let’s use SQL.txt from this location to test the parameter id for SQL injection vulnerability.
SQL Injection  It might suggest that more data was read from the database. Let’s check the response for this payload.
SQL Injection  As we can see, this payload can be used to extract first names and surnames of all users from the database.
XSS  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.  There are two types of injection active and passive.
XSS How to test XSS:  Visit the page of the website you wish to test for XSS vulnerabilities  Enter some appropriate input in to the web application and submit the request.
XSS  Alternatively, return to the Proxy "Intercept" tab and right click on the request to bring up the context menu.  Click "Send to Repeater".
XSS  Go to the "Repeater" tab.  Here we can input various XSS payloads in to the input field of a web application. We can test various inputs by editing the "Value" of the appropriate parameter in the "Raw" or "Params" tabs.
XSS  The "Response" section of the "Repeater" tab shows the response from the server.
XSS  Ensure that "Intercept is off" in the Proxy "Intercept" tab and go to your browser.  Enter the payload into the input field and submit the request.  Assess the response in the browser to check that the payload has performed as expected.
Dos attack A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, Consider a functionality (such as registration) which typically does not require authentication. An attacker can easily place a heavy load on the server by simulate multiple registration operations and by feeding in arbitrarily huge input data through the registration fields, thus placing further load on the server and also consuming database connections. This could cause the server to crash or slow down to a crawl.
Other Security Checks • Session Time out • Session should terminate when user is gone through an error page • Auto fill should be off • Check whether application is able to view the authenticated page using back button of the browser • Check whether It is possible to view the contents of the authenticated pages by fetching the page from the browser cache memory and history. • User should not have the option to remember password as this may give unauthorized access to malicious users.
References  https://www.owasp.org/index.php/  dvwa  http://searchsecurity.techtarget.com/  http://demo.guru99.com/Security/SEC_V1/index.php
THANK YOU

More Related Content

What's hot (20)

PPTX
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
PDF
Web application security & Testing
Deepu S Nath
 
PPTX
Deep dive into ssrf
n|u - The Open Security Community
 
PPTX
Security testing fundamentals
Cygnet Infotech
 
PDF
Penetration Testing Execution Phases
Nasir Bhutta
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PPTX
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
PDF
Threat Modeling to Reduce Software Security Risk
Security Innovation
 
PPTX
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
PDF
Application Security - Your Success Depends on it
WSO2
 
PPTX
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
PPT
Types of attacks and threads
srivijaymanickam
 
PPTX
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
PPT
Application Security
florinc
 
PPTX
Reconnaissance
n|u - The Open Security Community
 
PDF
Security testing presentation
Confiz
 
PPTX
Penetration Testing
RomSoft SRL
 
PPTX
security misconfigurations
Megha Sahu
 
PDF
Ethical Hacking Tools
Multisoft Virtual Academy
 
PPTX
SQL INJECTION
Anoop T
 
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
Web application security & Testing
Deepu S Nath
 
Deep dive into ssrf
n|u - The Open Security Community
 
Security testing fundamentals
Cygnet Infotech
 
Penetration Testing Execution Phases
Nasir Bhutta
 
Introduction to penetration testing
Nezar Alazzabi
 
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Threat Modeling to Reduce Software Security Risk
Security Innovation
 
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Application Security - Your Success Depends on it
WSO2
 
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Types of attacks and threads
srivijaymanickam
 
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Application Security
florinc
 
Reconnaissance
n|u - The Open Security Community
 
Security testing presentation
Confiz
 
Penetration Testing
RomSoft SRL
 
security misconfigurations
Megha Sahu
 
Ethical Hacking Tools
Multisoft Virtual Academy
 
SQL INJECTION
Anoop T
 

Similar to Security Testing Training With Examples (20)

PPTX
Web applications security conference slides
Bassam Al-Khatib
 
PPTX
How to Test for The OWASP Top Ten
Security Innovation
 
PPTX
What is security testing and why it is so important?
ONE BCG
 
PPT
Hacking web applications
phanleson
 
PDF
Jouri Dufour - How About Security Testing - EuroSTAR 2013
TEST Huddle
 
PPTX
Solving Labs for Vulnerabilities: Login Bypass & SQL Injection Exploits
Boston Institute of Analytics
 
PDF
Common Web Application Attacks
Ahmed Sherif
 
PDF
Web application security - Course overview
Satish b
 
PPTX
Security testing for web developers
matthewhughes
 
PPT
Hack applications
enrizmoore
 
PDF
Web Application Security: Introduction to common classes of security flaws an...
Thoughtworks
 
PDF
Tw noche geek quito webappsec
Thoughtworks
 
DOCX
15.3 student guide web application tool time overviewtodays c
UMAR48665
 
PDF
OWASPTop 10
InnoTech
 
DOCX
15.3 Student Guide Web Application Tool TimeOverviewTodays c
MatthewTennant613
 
DOCX
15.3 Student Guide Web Application Tool TimeOverviewTodays c
AnastaciaShadelb
 
PPT
Hacking web applications
Adeel Javaid
 
PPTX
State of the information security nation
SensePost
 
PDF
Secure Coding BSSN Semarang Material.pdf
nanangAris1
 
PDF
Web PenTest Sample Report
Octogence
 
Web applications security conference slides
Bassam Al-Khatib
 
How to Test for The OWASP Top Ten
Security Innovation
 
What is security testing and why it is so important?
ONE BCG
 
Hacking web applications
phanleson
 
Jouri Dufour - How About Security Testing - EuroSTAR 2013
TEST Huddle
 
Solving Labs for Vulnerabilities: Login Bypass & SQL Injection Exploits
Boston Institute of Analytics
 
Common Web Application Attacks
Ahmed Sherif
 
Web application security - Course overview
Satish b
 
Security testing for web developers
matthewhughes
 
Hack applications
enrizmoore
 
Web Application Security: Introduction to common classes of security flaws an...
Thoughtworks
 
Tw noche geek quito webappsec
Thoughtworks
 
15.3 student guide web application tool time overviewtodays c
UMAR48665
 
OWASPTop 10
InnoTech
 
15.3 Student Guide Web Application Tool TimeOverviewTodays c
MatthewTennant613
 
15.3 Student Guide Web Application Tool TimeOverviewTodays c
AnastaciaShadelb
 
Hacking web applications
Adeel Javaid
 
State of the information security nation
SensePost
 
Secure Coding BSSN Semarang Material.pdf
nanangAris1
 
Web PenTest Sample Report
Octogence
 
Ad

Recently uploaded (20)

PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
Wojciech Ciemski for Top Cyber News MAGAZINE. June 2025
Dr. Ludmila Morozova-Buss
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
PPTX
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PDF
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PDF
Predicting the unpredictable: re-engineering recommendation algorithms for fr...
Speck&Tech
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PDF
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
PPTX
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Wojciech Ciemski for Top Cyber News MAGAZINE. June 2025
Dr. Ludmila Morozova-Buss
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
Predicting the unpredictable: re-engineering recommendation algorithms for fr...
Speck&Tech
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Ad

Security Testing Training With Examples

  • 1. Security Testing Training With Examples ALWIN JOSEPH THAYYIL
  • 2. What is Security Testing • Security testing is the process that determines that confidential data stays confidential and users can perform only those tasks that they are authorized to perform. • It also helps in detecting all possible security risks in the system and help developers in fixing these problems through coding • Security testing is vital for e-commerce website that store sensitive customer information like credit cards.
  • 3. Why web application security is of high importance • Web applications are increasing day by day • Most web applications are vulnerable. • 98 % of the web applications are vulnerable . • 78 % of easily exploitable weakness occur in web applications.
  • 4. Types of web application vulnerabilities  Security Testing is deemed successful when the below attributes of an application are intact • Authentication • Authorization • Client side attacks • Command Execution • Information Disclosure • Logical Attacks
  • 5. Authentication – Stealing user account identities  The Authentication section covers attacks that target a websites method of validating the identity of a user.  To confirm that something or someone is authentic – true to the claims.  The digital identity of a user is validated and verified.  Brute Force attack automates a process of trial and error to guess a person’s username, password, credit-card number or cryptographic key.  Insufficient Authentication permits an attacker to access sensitive content or functionality without proper authentication.  Weak Password Recovery Validation permits an attacker to illegally obtain, change or recover another user’s password.
  • 6. Authorization – illegal access to applications  The Authorization section covers attacks that target a web sites method of determining if a user has the necessary permissions to perform a requested action.  Is the Person allowed to do this operation  Insufficient Session Expiration permits an attacker to reuse old session credentials or session IDs for authorization.  Credential / Session Prediction is a method of hijacking or impersonating a user .
  • 7. Client side attacks – illegal execution of foreign code • Content Spoofing tricks a user into believing that certain content appearing on a web site is legitimate and not from an external source.  Cross-site Scripting (XSS) forces a web site to echo attacker-supplied executable code, which loads into a user’s browser.
  • 8. Command Execution – hijacks control of web application  SQL Injection constructs illegal SQL statements on a web site application from user-supplied input.  Buffer Overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.
  • 9. Information Disclosure – shows sensitive data to attackers  The Information Disclosure section covers attacks designed to acquire system specific information about a web site.  Information leakage : Information Leakage is when a web site reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system.  Path traversal : The Path Traversal attack technique forces access to files, directories, and commands that potentially reside outside the web document root directory.
  • 10. Logical Attacks – interfere with application usage  Abuse of Functionality uses a web site’s own features and functionality to consume, defraud, or circumvent access control mechanisms.  Denial of Service (DoS) attacks prevent a web site from serving normal user activity.
  • 11. Burp Suite  Burp Suite is an integrated platform for performing security testing of web applications.  The Burp Suite is made up of tools
  • 12. Burp Suite  Proxy: It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.  Spider: Burp Spider is a tool for mapping web applications.  Scanner: Burp Scanner is a tool for performing automated discovery of security vulnerabilities in web applications.  Intruder: For performing powerful customized attacks to find and exploit unusual vulnerabilities.  Repeater: Burp Repeater is a tool for manually modifying and reissuing individual HTTP requests, and analyzing their responses.  Comparer: Burp Comparer is a simple tool for performing a comparison (a visual “diff”) between any two items of data.  Limitations of tools: Unrealistic expectations from the tool & People depend on the tool a lot.
  • 14. Brute force attack (Ex For Authentication vulnerabilities) • Brute Force Attack  Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.  The most obvious way to block brute-force attacks is to simply lock out accounts after a defined number of incorrect password attempts.
  • 15. Brute force attack (Ex For Authentication vulnerabilities) This is a web application having vulnerabilities. I am going to explain brute force attack with the help of burp suite.
  • 16. Brute force attack Then send it to intruder
  • 18. Brute force attack Then select the payloads and attack type.
  • 19. Brute force attack  Give the payload 1 datas. Here in this example I had given only some values actually you can upload username and password lists from outside.
  • 20. Brute force attack Give the payload 2 datas and from intruder give the attack.
  • 21. Brute force attack Check the request and response of payloads having maximum length variation
  • 22. Brute force attack Now the brute force attack is successfully launched with the username admin and password password.
  • 23. Password Passing to server( Ex for Information leakage ) • Password Passing to server The password should be encrypted while being transmitted over the network. In the below example password between server and client is being passed in clear text during the registration process.
  • 24. Session Hijacking (Ex for Session Management) This test is to check whether the cookie can be reused in another computer during the log-in phase. 1. Login in the application and capture the request in that valid session along with the authenticated URL:
  • 25. Session Hijacking (Ex for Session Management) Then copy it to a notepad
  • 26. Session Hijacking (Ex for Session Management) • Open the new browser and go to the authenticated URL captured in step 1. Then, capture the request and replace the cookie with earlier captured cookie value:
  • 27. Session Hijacking (Ex for Session Management) Successfully launched the session hijacking attack.
  • 28. Directory Scanning (Ex for Authorization)  This type of attacks exploits bugs in the web server to gain unauthorized access to files and folders that are not in the public domain. Once the attacker has gained access, they can download sensitive information, execute commands on the server or install malicious software.  http://demo.guru99.com/Security/SEC_V1/index.php  A small example for directory scanning can be shown from this site  Here the login credentials are user id: 1303 and pass:Guru99.  This is an ordinary customer login, having the rights to view his payments fund transfer etc. he is not having the permission to add, edit or delete other customers data. Enter the below url in the browser and check Now customer can add new customers.  http://demo.guru99.com/Security/SEC_V1/customer/addcustomerpage.php  I hope you checked it and understand how to perform it.
  • 29. File uploads  Only valid files should be permitted for uploading.  http://demo.guru99.com/Security/SEC_V1/customer/contactus.php  In the above link the upload file menu, currently accepts any file format including exe,php, js, etc. A malicious user can upload a virus or executable file and using  The file size should also be checked so that users do not upload large files which would eat up the server space.
  • 30. Forceful browsing A malicious user can access the complete application from different browsers without login. How to perform: Log in to an application then copy the url now paste it in another browser and check whether user is logging in or redirected to the login page. Recommendation: The application must implement proper session/cookie management on the server side, to ensure strict access control. This would avoid any user in directly copy-pasting of the link to get unauthorized access into the internal pages.
  • 31. Audi trail Implementation  An Audit trail should be incorporated in the application, where all user activities have to be logged.
  • 32. Phishing attacks  Phishing. It is a technique that uses trickery and deceit to obtain private data from users. A hacker may try to impersonate a genuine website such as yahoo and then ask the unsuspecting user to confirm their account name and password. This technique could also be used to get credit card information or any other valuable personal data.  http://bank.83answers.com/  http://demo.guru99.com/Security/SEC_V1/index.php
  • 33. SQL Injection  SQL injection is a code injection technique in which malicious SQL statements are inserted into an entry field for execution.  The targeted site to perform sql injection is dvwa
  • 34. SQL Injection  Enter User ID, click submit and intercept the request with Burp Suite Proxy. The next step is sending the request to Burp Suite Intruder (click right on the request and choose “Send to Intruder”).
  • 35. SQL Injection  A penetration tester can create his own list of payloads or use an existing one. Exemplary payloads can be found, for example, in Kali Linux (penetration testing distribution [4]) in the /usr/share/wfuzz/wordlist/Injections directory. Let’s use SQL.txt from this location to test the parameter id for SQL injection vulnerability.
  • 36. SQL Injection  It might suggest that more data was read from the database. Let’s check the response for this payload.
  • 37. SQL Injection  As we can see, this payload can be used to extract first names and surnames of all users from the database.
  • 38. XSS  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.  There are two types of injection active and passive.
  • 39. XSS How to test XSS:  Visit the page of the website you wish to test for XSS vulnerabilities  Enter some appropriate input in to the web application and submit the request.
  • 40. XSS  Alternatively, return to the Proxy "Intercept" tab and right click on the request to bring up the context menu.  Click "Send to Repeater".
  • 41. XSS  Go to the "Repeater" tab.  Here we can input various XSS payloads in to the input field of a web application. We can test various inputs by editing the "Value" of the appropriate parameter in the "Raw" or "Params" tabs.
  • 42. XSS  The "Response" section of the "Repeater" tab shows the response from the server.
  • 43. XSS  Ensure that "Intercept is off" in the Proxy "Intercept" tab and go to your browser.  Enter the payload into the input field and submit the request.  Assess the response in the browser to check that the payload has performed as expected.
  • 44. Dos attack A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, Consider a functionality (such as registration) which typically does not require authentication. An attacker can easily place a heavy load on the server by simulate multiple registration operations and by feeding in arbitrarily huge input data through the registration fields, thus placing further load on the server and also consuming database connections. This could cause the server to crash or slow down to a crawl.
  • 45. Other Security Checks • Session Time out • Session should terminate when user is gone through an error page • Auto fill should be off • Check whether application is able to view the authenticated page using back button of the browser • Check whether It is possible to view the contents of the authenticated pages by fetching the page from the browser cache memory and history. • User should not have the option to remember password as this may give unauthorized access to malicious users.
  • 46. References  https://www.owasp.org/index.php/  dvwa  http://searchsecurity.techtarget.com/  http://demo.guru99.com/Security/SEC_V1/index.php