CYBER SECURITY

LAB 01: Introduction to Web Application Security Testing

Agenda
What is Cyber Security
Types of Hackers and Security Teams

CIA Triad

Introduction to Web Application Security Testing

Security Terminologies

OWASP TOP 10

Web Application Architecture & Components

Cryptographic Failures

Robots.txt File

Hands-On
Staff E-mails
• TA Abdelrahman Yassin:
[email protected]
• TA Oliver Ayman
[email protected]
• TA Beshoy Victor
[email protected]
 What
is Cybersecurity is the protection of internet-connected
systems, including hardware, software, and data
Cyber from cyberattacks.

Security
 TYPES
OF
HACKER
S
TYPES OF SECURITY TEAMS
 Confidentiality
CIA Integrity
Triad
Availability
Introduction
to Web
Application
Security
Testing
Web Applications vs. Websites
What Are Web Applications?
● Web applications are software programs that run on web servers and are
accessible over the internet through web browsers.
● They are designed to provide interactive and dynamic functionality to users,
allowing them to perform various tasks, access information, and interact with
data online.
● Web applications have become an integral part of modern internet usage, and
they power a wide range of online services and activities.
● Examples of web applications include:
o Social media platforms (e.g., Facebook, Twitter)
o Online email services (e.g., Gmail, Outlook)
o E-commerce websites (e.g., Amazon, eBay)
o Cloud-based productivity tools (e.g., Google Workspace, Microsoft Office 365)
How Do Web Applications Work?
● Client-Server Architecture:
The application's logic and data are hosted on a web server, and users access it using web
browsers on their devices.
● User Interface (UI):
A combination of HTML, CSS and JavaScript to create dynamic and interactive interfaces.
● Internet Connectivity:
Users interact with the application by sending requests to the server, which processes those
requests and sends back the appropriate responses.
● Cross-Platform Compatibility:
Accessible from different devices and operating systems without requiring installation or specific
software, making them platform-independent.
● Statelessness:
HTTP, the protocol used for communication between web browsers and servers, is stateless. Web
applications must manage user sessions and state to remember user interactions and ensure
continuity.
Web Application Security
● Web application security is a critical aspect of cybersecurity that focuses on
protecting web applications from various security threats and vulnerabilities, and
attacks.
● The primary objective of web application security is to ensure the confidentiality,
integrity, and availability of data processed by web applications while mitigating
the risk of unauthorized access, data breaches, and service disruptions.
● Web applications are attractive targets for attackers due to their public
accessibility and the potential for gaining access to sensitive data, such as
personal information, financial data, or intellectual property.
The Importance of Web App
Security
● Web application security is of vital importance in today's digital landscape due to
the increasing reliance on web applications for various purposes.
● Here are some key reasons why web application security is crucial:
o Protection of Sensitive Data.
o Safeguarding User Trust.
o Prevention of Financial Loss.
o Compliance and Regulatory Requirements.
o Mitigation of Cyber Threats.
o Protection Against DDoS Attacks.
o Maintaining Business Continuity.
o Preventing Defacement and Data Manipulation.
Web Application Security
Practices
● Authentication and Authorization.
● Input Validation.
● Secure Communication.
● Secure Coding Practices.
● Regular Security Updates.
● Least Privilege Principle.
● Web Application Firewalls (WAF).
● Session Management.
Web Application Security Testing
● Web application security testing is the process of evaluating and assessing the
security aspects of web applications to identify vulnerabilities, weaknesses, and
potential security risks.
● It involves conducting various tests and assessments to ensure that web
applications are resistant to security threats and can effectively protect sensitive
data and functionalities from unauthorized access or malicious activities.
● The primary goal of web application security testing is to uncover security flaws
before they are exploited by attackers (Proactive Approach).
● By identifying and addressing vulnerabilities, organizations can enhance the
overall security posture of their web applications, reduce the risk of data
breaches and unauthorized access, and protect their users and sensitive
information (Bug Bounty Programs).
Web Application Penetration
Testing
● Web application pentesting, is a subset of web application security testing that
specifically involves attempting to exploit identified vulnerabilities.
● It is a simulated attack on the web application conducted by skilled security
professionals known as pentesters, bug bounty hunters or ethical hackers.
● The process involves a systematic and controlled approach to assess the
application's security by attempting to exploit known vulnerabilities.
Web App Pentesting vs Security
Testing
 Security Terminologies

VULNERABILI THREAT EXPLOIT RISK

TY
Threat vs. Risk
● Threat:
o A threat refers to any potential source of harm or adverse event that may exploit a
vulnerability in a system or organization's security measures.
o Threats can be human-made, such as cybercriminals, hackers, or insiders with malicious
intent, or they can be natural, such as floods, earthquakes, or power outages.
o In the context of cybersecurity, threats can include various types of attacks, like malware
infections, phishing attempts, denial-of-service attacks, and data breaches.
● Risk:
● Risk is the potential for a loss or harm resulting from a threat exploiting a vulnerability in a
system or organization.
● It is a combination of the likelihood or probability of a threat occurrence and the impact or
severity of the resulting adverse event.
● Risk is often measured in terms of the likelihood of an incident happening and the potential
magnitude of its impact.
Common Web Application Threats &
Risks
Common Web Application Threats &
Risks
OWASP TOP 10
● The OWASP Top 10 is a regularly updated list of the most critical web application security
risks.
● It is maintained by the Open Web Application Security Project (OWASP), a nonprofit
organization focused on improving web application security. It aims to raise awareness
about common web application security risks and help developers prioritize security
efforts.
● The OWASP Top 10 serves as a valuable guide for developers, web app pentesters, and
organizations to understand and prioritize common security risks in web applications.
● Each release of the OWASP Top 10 builds upon the previous versions, improving its
accuracy, relevance, and practicality.
Rank Vulnerability
A01 Broken Access Control

A02 Cryptographic Failures

A03 Injection OWASP

A04 Insecure Design
TOP
10
A05 Security Misconfiguration

A06 Vulnerable and Outdated Components

A07 Identification and Authentication Failures 2021

A08 Software and Data Integrity Failures

A09 Security Logging and Monitoring Failures

A10 Server-Side Request Forgery (SSRF)

 Web
Application
Architecture
&
Components
Client-Server Model
● Web applications are typically built on the client-server model. In this
architecture, the web application is divided into two main components:
o Client: The client represents the user interface and user interaction with the web
application. It is the front-end of the application that users access through their web
browsers. The client is responsible for:
 Displaying the web pages
 Handling user input
 Sending requests to the server for data or actions.
o Server: The server represents the back-end of the
web application. It:
 Processes client requests
 Executes the application's business logic
 Communicates with databases and other services
 Generates responses to be sent back to the client.
Client-side Processing
● Client-side processing involves executing tasks and computations on the user's
device, typically within their web browser.
● The client-side refers to the user's end of the web application, where the web
browser and user interface reside.
● Client-side processing has some limitations. It is not suitable for handling
sensitive or critical operations, as it can be easily manipulated by users or
malicious actors.
● Key characteristics of client-side processing:
o User Interaction
o Responsive User Experience
o JavaScript
o Data Validation
● Client-Side Technologies: HTML, CSS, JavaScript, Cookies and Local Storage.
Server-side Processing
● Server-side processing involves executing tasks and computations on the web server,
which is the remote computer where the web application is hosted.
● The server-side refers to the backend of the web application, where the business logic and
data processing take place.
● Key characteristics of server-side processing:
o Data Processing
o Security
o Server-side Languages
o Data Storage
● Server-side Technologies:
o Web Server: responsible for receiving and responding to HTTP requests from clients (web browsers)
o Application Server: processes user requests, accesses databases, generates dynamic content to clients.
o Database Server: stores user information, content, configurations (MySQL, PostgreSQL, MSSQL, Oracle)
o Server-side Scripting Languages: interact with databases, perform validations (PHP, Python, Java, Ruby)
Web Application Architecture
How Web Pages Are Rendered
Cryptogra
phic
Failures
What are Cryptographic Failures?
● Cryptographic Failures, or previously known as Sensitive data
exposure vulnerabilities refer to security flaws in a system that lead
to the unintended exposure of confidential or sensitive information.

● Cryptographic Failures refer to the failure to properly implement and

manage cryptographic practices in a way that ensures the
confidentiality and integrity of sensitive data.

● These vulnerabilities can have serious consequences, including data

breaches, privacy violations, and financial losses.
Cryptographic Failures: Use of Unencrypted
Channel
Cryptographic Failures: Storage of
Credentials in Cleartext
Cryptographic Failures: Use of One-Way
Hash Without Salt
Cryptographic Failures: Strong Hashing
with Salt
Cryptographic Failures: Other
Examples
● Obscuring passwords or sensitive information using trivial encoding
algorithms.
● Transmitting sensitive information in cleartext over a communication
channel that can be sniffed by unauthorized actors.
● Hard-coding credentials, such as passwords or cryptographic keys,
in the application code.
● Using insecure hashing or cryptographic algorithms.
● Improper verification of cryptographic signatures.
● Verbose error message or business design
Cryptographic Failures: DEMO
● Try to decrypt the secret message. (bwapp.hakhub.net)
Robots.txt File
● The file robots.txt is used to give instructions to web robots, such as
search engine crawlers, about locations within the web site that
robots are allowed, or not allowed, to crawl and index.
● The presence of the robots.txt does not in itself present any kind of
security vulnerability. However, it is often used to identify restricted
or private areas of a site's contents.
● The information in the file may therefore help an attacker to map
out the site's contents, especially if some of the locations identified
are not linked from elsewhere in the site.
● If the application relies on robots.txt to protect access to these
areas, and does not enforce proper access control over them, then
this presents a serious vulnerability.
Robots.txt File
Live Lab: Easy Message
(is.gd/lab1_ta2)
Live Lab: Easy Message
(is.gd/lab1_ta2)
1. We start by checking the elements nothing special there same as in BurpSuite.
2. We can try to check an important subdomain which is robots.txt.
3. Adding this subdomain to the URL we get User-agent:* Disallow: /?source.
4. Replacing robots.txt with /?source we get a PHP code.
5. There is an if statement which consist of user=specific username and password that are
encoded in base64.
6. By decoding these credentials, we get username=Cyber-Talent and password=Cyber-Talent
7. We get a morse code that we decrypt and get the FLAG!
Hands-On 1: Who Am I?
(is.gd/lab1_1)
Hands-On 1: Who Am I?
1. Viewing the source will give us the following code segment: (is.gd/lab1_1)
<!-- Guest Account: -=-=-=-=-=-=-=- Username:Guest Password:Guest -->
2. We will login with these credentials.
3. Going to Developer Tools > Application > Cookies gives us "Authentication" token value:
bG9naW49R3Vlc3Q%3D
4. Now, let's try base64 decode using online tool, such as: base64decode.org. It'll give the
following string: login=Guest7.
5. Let's overwrite our login as 'admin'. So, we need to base64 encode this string: login=admin.
6. Base64 encoding it gives us the following: bG9naW49YWRtaW4=. Let's save it in the cookie
value and reload the page.
7. We get the flag: FLag{B@D_4uTh1Nt1C4Ti0n}
Hands-On 2: Encrypted Database
(Extra)
(is.gd/lab1_2)
QUESTIONS?
THANK YOU