1. Introduction
What is a web application? Why web applications are the first target for hackers? Why vulnerabilities occur in web applications? How we can make a web application a cure portal. As I understand a web application is a portal available on internet for the general public who can easily make use of it positively for different purpose or for the reason the web application exists. You must be aware, web applications are the easy target for hackers to gain access because it is publicly available, and a hacker needs to know only the name of the organization which he wants to hack. Vulnerability is the weakness or lack of control exists in the application. Vulnerabilities can be due to insecure programming in web applications, lack of access control places or configured, miss configuration of applications and server or due to any other reason, there is no limit.
There are many ways to harden your web application or your web server we will discuss this in a while. Let’s see what are the key requirements which makes up a web application live?
a. Web Server
b. Application content displayed
c. And or databases
These are the key components of any web application.
Web server is a service which runs on the computer and serves of web content/application content. This server typically listen on port 80(http) or on port 443(https). There are many web servers which are freely available or commercial including top contributors
a. I.I.S by Microsoft
b. Apache by Open source community
c. Tomcat etc
Application content is what you see on the website, it can be dynamic or static, dynamic content containing web applications are at more risk as compare to static content containing web applications. Dynamic content containing web applications uses database to store the changing content. This database can be one of the following types.
a. MySql Server
b. SQL Sever
c. Oracle Server
d. MS Access or any other
We have discussed a lot on web application architecture now I will show you how to perform penetration on web application (what we say a Pen-test).
2. Information Gathering
Any pen-test can not be accomplished without performing the information gathering phase. This is the phase which is the heart of pen test, there are many ways to do information gathering lets discuss here.
a. Hacking with Search engines.
I would not list specific search engine which can be used in information gathering phase, there are lots of search engine which are more power full from which secret/confidential information can be gather. There are techniques which you can use to gather information on the target.
b. For example
You can use ‘inurl:’ in search engines to know what are the complete site map of the web portal, you can also use intitle: admin to gain access to the admin panel of the web portal, you can use inurl: Admin filetype: asp or aspx in order to search for admin login pages or simply you can lock for login page for any portal.
c. You can also look for the email address of the technical staff, email address shows the user id for that specific person
d. You can also use archives for more info to gather. This is the short list of the techniques, to explain more I would be writing a book
3. Attacks
Here I will explain you what are the major attacks which hackers use on web applications or the attacks which are dangerous for web applications. We will only discuss application level vulnerabilities and attacks.
a. Miss configuration? If you are a technical person your priority would be availability of your server, you should be asked by your senior management for the 100% up time of your server, this is the point where technical staff left security holes in the configuration just to make it live or in order to give 100% up time as directed. This miss configuration may lead to the compromise of the complete server.
Examples: default passwords, default settings for server, weaker passwords.
b. SQL Injection? A very high rated attack which can lead to complete web server compromise or complete administrative level access to hacker. SQL is a query language which programmers use for query the content from database in dynamic web applications. Many times a less experienced programmer left bugs in applications which if attacker discovered can be very harmful. SQL injection attacks occurs due weakness in input validation, insecure programming or due to insecure web application architecture. SQL inject can be used to by pass logins, gain admin level access, can be very harmful if a hackers gain access to admin logins. SQL Injection ‘UNION’ attack is commonly used in dynamic web applications penetration testing. There is more stuff which can be written on sql injection, I think this info is more than enough at this stage.
c. CSS/XSS (Cross site scripting)
XSS/CSS is a client side vulnerability which can be used in phishing attacks. Many hackers use XSS in order to gain secret information which can be credit card numbers, login passwords, private information and more. As XSS runs on client’s browser hackers use to insert scripts in order to gather information from user. If XSS used in phishing attack it can be highly rated vulnerability.
4. Be Cure
To be cure complete assessment of web application should be performed in order to test the application and make it bug free, continuous testing should be maintained. Input validation should be implemented. Default configurations should be removed or changed, secure database connectivity should be maintained and in last directory listing on every directory should be turned off, file permissions should be reviewed, access rights need to be maintained.
5. Summary
This is the short article to develop awareness on web application security, what are the holes which can be used by hackers to do security breaches. These days there is a war on survivability of web applications. Is cure being long live?
Source by Raheel Ahmad