Scribd
Upload
101 views9 pages

Web Hacking: CEH Test Prep Video Series

This document provides an overview of web security architecture and methods for attacking different components of a web application. It discusses attacking the web server, platform, business logic, and references various tools and methodologies. The document also covers the OWASP top 10 security risks and a taxonomy of web application vulnerabilities.

Uploaded by

Arnav
Copyright
© Public Domain
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
101 views9 pages

Web Hacking: CEH Test Prep Video Series

This document provides an overview of web security architecture and methods for attacking different components of a web application. It discusses attacking the web server, platform, business logic, and references various tools and methodologies. The document also covers the OWASP top 10 security risks and a taxonomy of web application vulnerabilities.

Uploaded by

Arnav
Copyright
© Public Domain
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Web Hacking

CEH Test Prep Video Series


Web security architecture overview
• Web Software • Web Platform
• Web-application architecture tiers • Operating Systems
• Back-end • Web-Servers
• Front-end • Application Servers
• Thin, thick, heavy clients • Tomcat, JBOSS, WebSphere…
• Web-applications (GUI) • Database Management Software
• ”Human” interface • Relational (SQL)
• Forms, controls, dynamic content • Non-relational (No-SQL)
• Web-services (API) • Cloud environments
• “Machine” interface • SaaS, PaaS, IaaS
• Simple Object Access Protocol • Amazon AWS, DigitalOcean…
(SOAP) and XML
• RESTfull API and JSON
Attacking the web-server
• Attack phases • Attack narrative example
• Server software identification • Identifying Apache Tomcat on LAN
• Finding known vulnerabilities • Accessing management console with
• Finding indicators of compromise default credentials
• Probing for default/simple passwords OR
• Preparing and uploading the web- • Exploiting a known Tomcat
shell vulnerability
• Breaking out of “jail” • Preparing and uploading JSP web-
shell in WAR format
• Automatic vulnerability scanners • Accessing JSP shell for Tomcat-level
• Pros: routine automation access
• Cons: need for manual control and • Getting access to DB, data exfiltration
fine tuning • Optional: escalating access
Attacking the platform
• Programming languages • SQL databases
• Java, .NET, PHP, JavaScript, Python, • MySQL, MariaDB
Ruby • MS SQL
• Programming frameworks • Oracle Express
• JS: AngularJS, jQuery, React… • NoSQL databases
• PHP: Symphony, Zend, Slim… • MongoDB – document (JSON)
• Python: Django, Flask… • Redis – key-value (hash)
• Ruby: Rails, Sinatra… • Data exchange
• Java: Play, Spark… • XML (SOAP)
• JSON (REST)
Attacking the technology
• Risk points • Types of attacks
• Machine-to-machine • AAA bypass
• Human-to-machine • Authentication bypass
• Attack entry points • Session hijacking
• Vertical & horizontal escalation
• Access handling • Cross-Site Request Forgery
• Input handling • Cookie stealing
• Storage • Injections
• Transport • XSS, SQLi, RCE, L/RFI etc.
• Logic • Sensitive data leakage
• Configuration • Transport security bypass
• IDOR
• Trust abuse
• Misconfiguration abuse
Web application vulnerability taxonomy
• OWASP Top-10
• A1 Injections (SQLi, OS cmd, LDAP, Xpath, template…)
• A2 Broken authentication and session management
• A3 Cross-site scripting (XSS)
• A4 Insecure direct object reference
• A5 Security misconfiguration
• A6 Sensitive data exposure
• A7 Missing function level control
• A8 Cross-site request forgery
• A9 Components with known vulnerabilities
• A10 Unvalidated redirects and forwards
Attacking the business logic
• Review of functionality • Risk points
• Application mapping • Data validation
• Review of protocols and • Request forgery
communications • Integrity checks
• Review of work and data flows • Process timing
• Review of controls • Rate limits
• Circumvention of work flows
• - What if?.. - What if not? • File uploads
Tools and methodology
• BurpSuite • Web-specific considerations
• OWASP ZAP • Discovery
• w3af • Fuzzing
• skipfish/Subgraph Vega • Supply chain
• mitmproxy • Known-vulnerable components
• sqlmap • Distributed architecture
• Load and DoS conditions
• nikto
• xsshunter • Bug bounty vs. Pentesting
• BeEF • Open Web Application Security
Project
References
• Tools
• OWASP Vulnerable Web Applications Directory Project
https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project
• DVWA http://www.dvwa.co.uk
• Metasploitable3 https://github.com/rapid7/metasploitable3
Reading
• Web Application Hacker’s Handbook
https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
• Web Hacking 101 https://leanpub.com/web-hacking-101
• OWASP Testing Guide https://
www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
• Software Security (University of Maryland, College Park) https://
www.coursera.org/learn/software-security
• Hacktivity/ Stored XSS using SVG https://hackerone.com/reports/148853

You might also like