introduction to owasp & web application security
TRANSCRIPT
Information Security Consultatnt IBM, QBurst, DBG Technical Reviewer - 3 Books (2 security books) Dev – 8 Mozilla Addons Dev – World's first security testing browser Speaker at Google DevFest, Unicom, Gtech ...
[email protected]/about
Take Away
• Understanding web application security
• How to security test web applications
• Mitigating web application security risks
• Open source tools
Security testing web applications
• Information Gathering
• Configuration Management Testing
• Authentication Testing
• Session Management Testing
• Authorization Testing
• Business Logic Testing
• Data Validation Testing
• Denial of Service Testing
Identify Application Entry points
• GET
• POST
• Cookies
• Server Parameters
• Files
How to:
Tamper Data, WebScarab, ZAP
Application Discovery
Different Base URL
• www.example.com/abc
Different port
• www.example.com:8000
Different sub domain ( Virtual host )
• abc.example.com
How to:
Zap, WebSlayer
SSL Testing
Identify ssl ports and services
How strong is you cipher?
How to:
Nmap -sV, Nessus, OpenSSL
Configuration Management Testing
• Infrastructure Configuration Management
• Application Configuration Management
Old, Backup & Unreferenced Files
User-agent: *
Disallow: /Admin
Disallow: /uploads
Disallow: /backup
Disallow: /~jbloggs
How to:
HackSearch, Webslayer
Testing for HTTP Methods
• HEAD• GET• POST• PUT• DELETE• TRACE• OPTIONS• CONNECT
How to:
Netcat
Nikto
Testing for user enumeration
Error Messages/Notifications
"Sorry, please enter a valid password"
"Sorry, please enter a valid username"
"Sorry, this user does not exist"
"Sorry, this user is no longer active"
Testing for privilege escalation
• vertical escalation
• horizontal escalation
www.example.com/?user=1&groupID=2
• SQL Injection
• XSS Injection
• LDAP Injection
• XML Injection
• HTML Injection
• SSI Injection
• ORM Injection
• XPath Injection
• IMAP/SMTP Injection
• Buffer Overflow
Testing for SQL Wildcard Attacks
SELECT * FROM Article WHERE Content LIKE '%foo%'
SELECT TOP 10 * FROM Article WHERE Content LIKE
'%_[^!_%/%a?F%_D)_(F%)_%([)({}%){()}£$&N%_)$*£()$*R"_)][%](%[x])%a][$*"£$-9]_%'
Open Source Tools
Nikto
Nessus
W3AF
ZAP
WebSlayer
Netcat
Nmap
Skipfish
Hydra
Mozilla Firefox addons
Lots & lots more...