Scribd
Upload
8 views7 pages

Task 02

The document outlines common vulnerabilities found in WebGoat, a tool designed for web application security testing, including Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF). Each vulnerability is described with methods for discovery, potential dangers, and recommended mitigation strategies. The document emphasizes the importance of input validation, output encoding, and the use of security tokens to protect against these vulnerabilities.

Uploaded by

hipoxim294
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views7 pages

Task 02

The document outlines common vulnerabilities found in WebGoat, a tool designed for web application security testing, including Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF). Each vulnerability is described with methods for discovery, potential dangers, and recommended mitigation strategies. The document emphasizes the importance of input validation, output encoding, and the use of security tokens to protect against these vulnerabilities.

Uploaded by

hipoxim294
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Common Vulnerabilities in OWASP WebGoat

WebGoat is designed to be vulnerable. WebGoat and OWASP ZAP are both


valuable tools in the world of web application security. ZAP acts as a proxy between
your browser and the web application you're testing. It intercepts and analyses the
traffic, looking for potential security flaws.

Report Example: WebGoat Vulnerabilities

1. Cross-Site Scripting (XSS) – Reflected


 Vulnerability: Reflected XSS allows an attacker to inject malicious
JavaScript into a website through a user-supplied input (like a search field
or comment box). This script is then reflected back to the user, executing in
their browser.
 Discovery: In WebGoat, navigate to a lesson related to reflected XSS (e.g.,
"Cross-Site Scripting (XSS) - Reflected"). Try entering a simple JavaScript
payload like <script>alert('XSS')</script> into a vulnerable field. If an alert
box pops up, the vulnerability exists.
 Danger: XSS can be used to steal user cookies, hijack sessions, redirect
users to malicious websites, deface websites, or even spread malware.
Mitigation:
 Input Validation: Sanitize all user inputs by encoding or escaping special
characters. Use HTML entity encoding (&lt;, &gt;, &quot;, &amp;) for
outputting data in HTML.
 Output Encoding: Encode data before displaying it on the page, based on the
context (HTML, URL, JavaScript).
 Content Security Policy (CSP): Implement CSP to restrict the sources from
which scripts can be loaded, effectively mitigating even reflected XSS.
 HTTP Only Cookies: Set the HTTP Only flag on cookies to prevent client-side
JavaScript from accessing them, reducing the impact of cookie theft.

2. SQL Injection

 Vulnerability: SQL Injection occurs when user-supplied input is directly


incorporated into an SQL query, allowing an attacker to manipulate the query
and potentially access or modify the database.
 Discovery: Look for WebGoat lessons that deal with SQL Injection (e.g., "SQL
Injection (Intro)"). Try entering special characters like ' (single quote) or --
(double dash comment) into input fields. If you get SQL errors or unexpected
results, SQL Injection might be possible.
 Danger: SQL Injection can allow attackers to read sensitive data, modify data,
delete data, or even gain control of the database server.
Mitigation:

 Prepared Statements (Parameterized Queries): Use parameterized queries


where user input is treated as data, not as part of the SQL query. This
prevents the database from interpreting user input as SQL code.
 Input Validation: Validate user input to ensure it conforms to expected formats
and lengths.
 Least Privilege: Grant database users only the necessary permissions to
perform their tasks. Avoid using database accounts with excessive privileges.
 Stored Procedures: Use stored procedures to encapsulate database logic.
3. Cross-Site Request Forgery (CSRF)
 Vulnerability: CSRF attacks trick a user into performing unwanted actions on a
web application in which they're currently authenticated. Attackers often use
malicious websites, emails, or links to embed requests that the user's browser
automatically sends to the vulnerable application.
 Discovery: In WebGoat, navigate to a lesson that focuses on CSRF (e.g.,
"Cross-Site Request Forgery (CSRF)"). The goal is usually to perform an
action (like changing an email address or transferring funds) without the
user's knowledge.
 Danger: CSRF can allow attackers to perform actions on behalf of a user,
such as changing their profile information, making purchases, or even gaining
complete control of their account.
Mitigation:

 Anti-CSRF Tokens: Generate a unique, unpredictable token for each user


session and include it as a hidden field in forms. This token must be validated
on the server-side before processing the request.

SameSite Cookies: Use the SameSite attribute for cookies to control when cookies
are sent with cross-site requests. Setting it to Strict or Lax can help prevent CSRF
attacks.

 Check the Referer Header: While not completely reliable, you can check the
Referer header in the request to see if it matches the expected origin.
However, this header can be easily spoofed or not sent at all.
 User Interaction: For sensitive operations, require the user to re-authenticate
or confirm the action (e.g., by entering a password or clicking a confirmation
button).

You might also like