Vraj3

CS 6: Application, Web and Database Security

Application hardening:
• Application hardening is the process of strengthening and securing
software applications to make them more resistant to attacks and
vulnerabilities.
• This typically involves implementing security measures like code review,
patch management, and configuration settings to reduce the potential
for exploitation by malicious actors.
• Application hardening is the process of securing an application against
local and internet base attacks.
Regularly update and apply security patches to the application's software
components to address known vulnerabilities.
• Application hardening is possible by removing the functions or
components that you don't required, you can restrict access and make
sure the application is kept up to date with patches.

1. Understanding the Application: Gain insight into the application and its
potential vulnerabilities.
2. Code Review: Developers review the application's source code to identify
and fix security vulnerabilities.
3. Authentication and Authorization: Implement strong user authentication
and access controls.
4. Data Encryption: Encrypt sensitive data in transit and at rest.
5. Input Validation: Input validation ensures that user inputs are checked
and sanitized to prevent malicious or unexpected content.
6. Secure Configuration: Properly configuring the application and its
environment is crucial for hardening.
7. Use of Security Libraries and Frameworks: Security libraries and
frameworks offer pre-built solutions for common security issues.
8. Regular Updates and Patching: Keeping the application and its
dependencies up-to-date is essential for security.
9. Security Testing: Security testing techniques, such as penetration testing
and vulnerability scanning, are employed to identify weaknesses
 Vraj3

Application patches
Application patches, also known as software patches, are updates or fixes
released by software developers to address known issues, vulnerabilities, and
bugs in a specific application. These patches are essential for improving the
functionality, stability, and security of the software. Here are some key points
about application patches:

Vulnerability Mitigation: Patches are primarily released to address security

vulnerabilities that can be exploited by malicious actors. Applying patches helps
prevent security breaches and data compromises.

Bug Fixes: Patches also resolve non-security-related issues or bugs that may
affect the application's performance, user experience, or functionality.

Regular Release Cycles: Software developers typically have regular release

cycles for patches. These can range from monthly updates to more frequent or
less frequent releases, depending on the software and the severity of issues.

Automatic Updates: Many modern applications and operating systems support

automatic patching, which can simplify the process of keeping software up-to
date and secure.

Web servers:
• A web server is software or hardware that serves web content to users
over the internet.
• It handles client requests for web pages and other online resources and
delivers them to the users' web browsers.
• Web servers play a critical role in the functioning of the World Wide Web.
• Web server is a computer where the web content is stored.
Here are some key points about web servers:

HTTP Protocol: Web servers primarily communicate using the Hypertext

Transfer Protocol (HTTP), which is the foundation of data communication on
the World Wide Web.
 Vraj3

Client-Server Model: Web servers follow a client-server model, where clients

(typically web browsers) send requests for web resources, and the server
processes these requests and delivers the requested content.

Common Web Servers: Several web server software solutions are commonly
used, including Apache HTTP Server, Nginx, Microsoft Internet Information
Services (IIS), and LiteSpeed.

Web Hosting: Web hosting providers use web servers to host websites, making
them accessible to users worldwide

Static and Dynamic Content: Web servers handle both static content (e.g.,
HTML, CSS, images) and dynamic content generated by applications (e.g., PHP
scripts, database queries).

Server-Side Processing: Some web servers support server-side scripting

languages (e.g., PHP, Python, Ruby), allowing developers to create dynamic
web applications.

Security Considerations: Web server security is crucial to prevent unauthorized

access, data breaches, and attacks. Security features like SSL/TLS encryption,
access control, and firewall configurations are essential.

Load Balancing: Large-scale websites often use load balancers in front of

multiple web servers to distribute incoming traffic and ensure high availability
and performance.

Active Directory:
• Active Directory (AD) is a directory service developed by Microsoft for
use in Windows-based networks.
• It serves as a central repository for network resources, such as users,
computers, printers, and various network devices, and it provides a
framework for organizing and managing these resources.
• Active Directory plays a fundamental role in network management and
security in Windows environments.
 Vraj3

Here are some key points about Active Directory:

Directory Services: Active Directory is a directory service, which means it stores
information about network resources and provides services for locating,
accessing, and managing these resources.

Hierarchy and Structure: AD uses a hierarchical structure, often referred to as

the "directory tree" or "forest," to organize objects within a network. Objects
can include users, groups, computers, printers, and more.

Domains: AD is organized into domains, which are logical groupings of network

resources. Domains can be used to manage and secure resources within an
organization.

Domain Controller: A domain controller (DC) is a server running the Active

Directory Domain Services (AD DS) role, responsible for authenticating users
and managing directory objects within a domain.

Forest: A forest is a collection of domains with a shared schema, configuration,

and global catalog. It is the highest level of organization in the Active Directory
structure.

User Authentication: Active Directory provides user authentication and

authorization services, allowing users to log in to the network, access
resources, and apply security policies.

Group Policy: Group Policy allows administrators to define and enforce security
policies, software deployment, and configuration settings for users and
computers across the network.

Single Sign-On (SSO): AD enables Single Sign-On, allowing users to access

multiple resources and applications using a single set of credentials.
 Vraj3

Web security:
Web security, often referred to as web application security, is a set of practices,
technologies, and measures designed to protect websites and web applications
from various threats, vulnerabilities, and cyberattacks.
It encompasses strategies and tools that focus on safeguarding the
confidentiality, integrity, and availability of data and services provided through
web-based systems.

Web security threats:

Web security threats encompass a wide range of risks and vulnerabilities that
can compromise the security, functionality, and integrity of websites and web
applications. These threats can lead to data breaches, unauthorized access, and
various other forms of cyberattacks. Here are some common web security
threats:

Cross-Site Scripting (XSS): XSS attacks involve injecting malicious scripts into
web pages viewed by other users. These scripts can steal user data, session
cookies, or perform other malicious actions.

SQL Injection: In SQL injection attacks, malicious SQL code is injected into input
fields to manipulate or gain unauthorized access to a web application's
database.

Cross-Site Request Forgery (CSRF): CSRF attacks trick users into unknowingly
executing actions on a web application without their consent when they are
authenticated.

Phishing: Phishing attacks use deceptive websites or emails to trick users into
revealing sensitive information such as login credentials, personal details, or
financial data.

DDoS Attacks: Distributed Denial of Service (DDoS) attacks flood a website with
an overwhelming amount of traffic, causing it to become unavailable to
legitimate users.
 Vraj3

Brute Force Attacks: Attackers attempt to gain unauthorized access by trying

various username and password combinations until they find the correct ones.

File Upload Vulnerabilities: Insecure file upload mechanisms can allow

attackers to upload and execute malicious files on the server.

Security Misconfigurations: Poorly configured web servers, databases, and

application settings can expose vulnerabilities that attackers can exploit.

Insecure Authentication: Weak or easily guessable passwords, missing multi-

factor authentication, and other authentication flaws can lead to unauthorized
access.

Content Spoofing: Content spoofing attacks involve tricking users into believing
they are on a legitimate website or displaying fake content.

Zero-Day Vulnerabilities: Attackers can target previously unknown

vulnerabilities (zero-days) that have not been patched or mitigated by
developers.

Man-in-the-Middle (MitM) Attacks: MitM attacks intercept and manipulate

data exchanged between the user and the web application, often without their
knowledge.

Web traffic security approaches:

• Web traffic security is essential for protecting data, systems, and users
from a wide range of cyber threats.
• Web traffic security approaches can be implemented at different levels
within a network architecture to provide comprehensive protection.
• These levels include the network level, application level, and transport
level.
 Vraj3

Network Level:

Firewalls: Network-level firewalls, such as traditional packet-filtering firewalls

filter traffic at the network perimeter. They can accept or reject traffic

Intrusion Detection Systems (IDPS): Network-level IDS solutions analyse traffic

patterns and signatures to detect and prevent network-based attacks and
intrusions.

Virtual Private Networks (VPNs): VPNs secure communication between remote

users and networks by encrypting data as it traverses untrusted networks.

One way to provide web security is to use IP Security (IPsec)

Application Level:

Web Application Firewalls (WAFs): WAFs protect web applications by filtering

and monitoring incoming traffic, identifying and blocking attacks like SQL
injection, XSS, and CSRF.

API Security: Protecting web application APIs by using authentication,

authorization, and encryption ensures that data and services are accessed
securely.

Transport Level:

SSL/TLS Encryption: Transport Layer Security (TLS) and Secure Sockets Layer
(SSL), provide secure encrypted communication between clients and servers,
ensuring data privacy during transit.

Encrypted DNS (DNS over HTTPS, DNS over TLS): Using encrypted DNS
protocols helps protect against eavesdropping on DNS requests and responses.

Session Security: Implementing secure session management and token-based

authentication methods helps protect sensitive user data and authentication
tokens during transport.
 Vraj3

SSL
• SSL was originated by Netscape.
• It is a computer networking protocol for securing connections between
network application clients and servers over an insecure network, such
as the internet.
• SSL uses encryption algorithms to scramble data, making it unreadable
to unauthorized parties.
• SSL provides data integrity by using cryptographic hashing and
checksums to detect unauthorized modifications to data during
transmission.
• SSL enables the authentication of both the server and, optionally, the
client. Server authentication ensures that clients are connecting to
legitimate servers, and client authentication verifies the identity of the
connecting user.
• A Secure Sockets Layer (SSL) / Transport Layer Security (TLS) handshake is
the process of creating a safe and secure encrypted communication
channel between the client (user's browser) and the server (web server).
• SSL certificates are used to validate the identity of the server and
establish trust between the client and server.
• Certificates are issued by trusted certificate authorities (CAs)

TLS:
• TLS (Transport Layer Security) is a cryptographic protocol designed to
provide secure and encrypted communication over computer networks,
such as the internet.
• TLS ensures data privacy, integrity, and authentication by encrypting data
during transmission and verifying the identities of the communicating
parties.
• TLS has largely replaced its predecessor, SSL (Secure Sockets Layer), due
to its improved security and performance features.
• TLS was developed to address security vulnerabilities found in earlier
versions of SSL, making it a more secure choice for encrypted
communications.
 Vraj3

(same as ssl)
• TLS uses encryption algorithms to scramble data, making it unreadable
to unauthorized parties.
• TLS provides data integrity by using cryptographic hashing and
checksums to detect unauthorized modifications to data during
transmission.
• TLS enables the authentication of both the server and, optionally, the
client. Server authentication ensures that clients are connecting to
legitimate servers, and client authentication verifies the identity of the
connecting user.
• A Secure Sockets Layer (SSL) / Transport Layer Security (TLS) handshake is
the process of creating a safe and secure encrypted communication
channel between the client (user's browser) and the server (web server).
• SSL/TLS certificates are used to validate the identity of the server and
establish trust between the client and server.
• Certificates are issued by trusted certificate authorities (CAs)

Secure Electronic Transaction (SET)

• Secure Electronic Transaction (SET) is a system and electronic protocol
to ensure the integrity and security of transactions conducted over
the internet.
• E-commerce websites implemented this early protocol to secure
electronic payments made via debit and credit cards.
• SET blocks out all personal details on the card, preventing hackers and
data thieves from accessing or stealing the cardholder's information.
Participants in SET: In the general scenario of online transactions, SET
includes similar participants:
• Cardholder – customer
• Issuer – customer financial institution
• Merchant
• Acquirer – Merchant financial
• Payment Gateway
• Certificate authority – Authority that follows certain standards and issues
certificates(like X.509V3) to all other participants.
 Vraj3

SET functionalities:
• Provide Authentication
• Merchant Authentication – Similar to cardholder
authentication, SET also involved the authentication of the
online merchant. Merchants needed digital certificates
issued by trusted CAs to establish their identity and
credibility.
• Customer / Cardholder Authentication – SET provided a
mechanism for authenticating the identity of the
cardholder. This was typically achieved through digital
certificates issued by a trusted certificate authority (CA)

• Provide Message Confidentiality: Confidentiality refers to

preventing unintended people from reading the message being
transferred. SET implements confidentiality by using encryption
techniques. Traditionally DES is used for encryption purposes.

• Provide Message Integrity: SET doesn’t allow message modification

with the help of signatures. Messages are protected against
unauthorized modification using RSA digital signatures with SHA-1
and some using HMAC with SHA-1,

SQL Injection
• SQL Injection is a security vulnerability in which malicious SQL code is
injected into a web application's input fields, allowing attackers to
manipulate or retrieve data from a database, often resulting in
unauthorized access or data breaches.
SQL injection and web application:
• Web applications often take user input through forms, URL
parameters, cookies, or other means. Attackers identify these input
fields, such as login forms, search boxes, and contact forms, where
they can inject malicious SQL code.
• Injection Point: SQL injection attacks occur when an application fails to
properly validate or sanitize user inputs, allowing the attacker to insert
malicious SQL code into the input fields or parameters.
 Vraj3

• The application then sends the manipulated input to the database for
processing. If the input is not properly validated and sanitized, the
injected SQL commands are executed.

Consequences of SQL Injection:

• Unauthorized data access
• Data manipulation or deletion
• Bypassing authentication
• Privilege escalation
• Remote code execution
Types of SQL Injection:
• Classic SQL Injection:
• Blind SQL Injection:
• Second-Order SQL Injection:
• Out-of-Band SQL Injection:

Prevention and Mitigation:

Input Validation: Ensure that user inputs are properly validated and sanitized to
prevent the injection of malicious code.

Prepared Statements and Parameterized Queries: Use parameterized queries

or prepared statements provided by database libraries to separate SQL code
from user input.

Escaping Special Characters: Escape special characters in user input to prevent

them from being interpreted as SQL commands.

Least Privilege: Implement the principle of least privilege to limit database

access rights for application accounts.
 Vraj3

Web Application Firewall (WAF): A WAF can help detect and block SQL injection
attempts.

Regular Updates: Keep web application software, libraries, and database

systems up to date to patch known vulnerabilities.

Security Testing: Regularly perform security testing and vulnerability

assessments on web applications to identify and address vulnerabilities,
including SQL injection.

Code Reviews: Conduct regular code reviews to identify and fix vulnerabilities,
including SQL injection issues, in the application code.

Application Firewall: Consider implementing a dedicated Application Firewall

that can inspect and filter SQL injection attempts before they reach your
application.
Example:
 Vraj3

OS hardening:
Hardening of the OS is the act of configuring an OS securely, updating it,
creating rules and policies to help govern the system in a secure manner, and
removing unnecessary applications and services.
OS hardening is the process of securing and strengthening an operating system
to reduce vulnerabilities and protect it from cyber threats

how SQL injection is performed on web application:

Identify Vulnerable Input: The attacker first identifies a web application input
field that is not properly validated or sanitized. Common examples include
search boxes, login forms, and user registration fields.

Inject Malicious SQL Code: The attacker inputs specially crafted data into the
vulnerable input field. For instance, in a login form, the attacker may enter a
username like admin' OR '1'='1 in an attempt to manipulate the SQL query.

Manipulate the SQL Query: If the application doesn't properly validate and
sanitize input, the malicious data is included in the SQL query. In the login form
example, the attacker's input may result in a query like:

SELECT * FROM users WHERE username='admin' OR '1'='1' AND password='...'

Exploit: In this case, the injected query always returns a valid result because
'1'='1' is always true. The attacker might gain unauthorized access to the
system as if they were an administrator.
 Vraj3

SSL TLS

TLS stands for Transport Layer

SSL stands for Secure Socket Layer.
Security.

SSL (Secure Socket Layer) supports TLS (Transport Layer Security) does
the Fortezza algorithm. not support the Fortezza algorithm.

SSL (Secure Socket Layer) is the 3.0 TLS (Transport Layer Security) is the
version. 1.0 version.

In SSL( Secure Socket Layer), the In TLS(Transport Layer Security), a

Message digest is used to create a Pseudo-random function is used to
master secret. create a master secret.

In SSL( Secure Socket Layer), the In TLS(Transport Layer Security),

Message Authentication Code Hashed Message Authentication
protocol is used. Code protocol is used.

SSL (Secure Socket Layer) is more

TLS (Transport Layer Security) is
complex than TLS(Transport Layer
simple.
Security).

SSL (Secure Socket Layer) is less

TLS (Transport Layer Security)
secured as compared to
provides high security.
TLS(Transport Layer Security).

TLS is highly reliable and upgraded.

SSL is less reliable and slower.
It provides less latency.

SSL has been depreciated. TLS is still widely used.

SSL uses port to set up explicit TLS uses protocol to set up implicit
connection. connection.