WHAT IS WEB APP SECURITY

 Web application security encompasses the protection of web applications from

vulnerabilities, threats, and attacks that can compromise their confidentiality , integrity,
and availability. It involves implementing security measures and best practices to ensure
the safety of the application itself, the data it handles, and the users who interact with it.
 Web applications are dynamic and interactive platforms that facilitate various functions like
online forms, user registrations, e-commerce transactions, and data processing. However,
they can also be susceptible to security risks if not appropriately safeguarded.
HOW DOES APPLICATION SECURITY TESTING REDUCE
YOUR ORGANIZATION’S RISK?

 Majority of Web Application Attacks

 SQL Injection
 XSS (Cross Site Scripting)
 Remote Command Execution
 Path Traversal
HOW DOES APPLICATION SECURITY TESTING REDUCE
YOUR ORGANIZATION’S RISK?

 Attack Results
 Access to restricted content
 Compromised user accounts
 Installation of malicious code
 Lost sales revenue
 Loss of trust with customers
 Damaged brand reputation
 And much more
HOW WEBSITES WORK

 When you visit a website, your browser (like Safari or Google Chrome) makes a request to
a web server asking for information about the page you're visiting. It will respond with data
that your browser uses to show you the page; a web server is just a dedicated computer
somewhere else in the world that handles your requests.
 There are two major components that make up a website:

1. Front End (Client-Side) - the way your browser renders a website.

2. Back End (Server-Side) - a server that processes your request and returns a response.
HOW WEBSITES WORK
HOW WEBSITES WORK

Websites are primarily created using:

 HTML, to build websites and define
their structure
 CSS, to make websites look pretty
by adding styling options
 JavaScript, implement complex
features on pages using
interactivity
WEBSITE VULNERABILITY
 Sensitive Data Exposure occurs when a website doesn't properly protect (or remove)
sensitive clear-text information to the end-user; usually found in a site's frontend source
code.
 HTML Injection is a vulnerability that occurs when unfiltered user input is displayed on
the page. If a website fails to sanitise user input (filter any "malicious" text that a user
inputs into a website), and that input is used on the page, an attacker can inject HTML
code into a vulnerable website.
 Input sanitisation is very important in keeping a website secure, as information a user
inputs into a website is often used in other frontend and backend functionality. A
vulnerability you'll explore in another lab is database injection, where you can manipulate
a database lookup query to log in as another user by controlling the input that's directly
used in the query - but for now, let's focus on HTML injection (which is client-side).
OTHER COMPONENTS

 Load Balancers: When a website's traffic starts getting quite large or is running an application
that needs to have high availability, one web server might no longer do the job. Load balancers
provide two main features, ensuring high traffic websites can handle the load and providing a
failover if a server becomes unresponsive. When you request a website with a load balancer,
the load balancer will receive your request first and then forward it to one of the multiple
servers behind it. The load balancer uses different algorithms to help it decide which server is
best to deal with the request. A couple of examples of these algorithms are round-robin, which
sends it to each server in turn, or weighted, which checks how many requests a server is
currently dealing with and sends it to the least busy server.
 Load balancers also perform periodic checks with each server to ensure they are running
correctly; this is called a health check. If a server doesn't respond appropriately or doesn't
respond, the load balancer will stop sending traffic until it responds appropriately again.
OTHER COMPONENTS

 CDN (Content Delivery Networks): A CDN can be an excellent resource for cutting
down traffic to a busy website. It allows you to host static files from your website, such a
JavaScript, CSS, Images, Videos, and host them across thousands of servers all over the
world. When a user requests one of the hosted files, the CDN works out where the nearest
server is physically located and sends the request there instead of potentially the other
side of the world.

 Databases: Often websites will need a way of storing information for their users.
Webservers can communicate with databases to store and recall data from them.
Databases can range from just a simple plain text file up to complex clusters of multiple
servers providing speed and resilience. You'll come across some common databases:
MySQL, MSSQL, MongoDB, GraphQL, Postgres, and more; each has its specific features.
 OTHER COMPONENTS

 WAF (Web Application Firewall): A WAF sits between your web request and the web
server; its primary purpose is to protect the webserver from hacking or denial of service
attacks. It analyses the web requests for common attack techniques, whether the request is
from a real browser rather than a bot.

 It also checks if an excessive amount of web requests are being sent by utilising something
called rate limiting, which will only allow a certain amount of requests from an IP per second.
If a request is deemed a potential attack, it will be dropped and never sent to the webserver.
HOW WEB SERVERS WORK

 What is a Web Server: A web server is a software that listens for incoming connections
and then utilises the HTTP protocol to deliver web content to its clients. The most common
web server software you'll come across is Apache, Nginx, IIS and NodeJS. A Web server
delivers files from what's called its root directory, which is defined in the software settings.
For example, Nginx and Apache share the same default location of /var/www/html in Linux
operating systems, and IIS uses C:\inetpub\wwwroot for the Windows operating systems.
So, for example, if you requested the file http://www.example.com/picture.jpg, it would
send the file /var/www/html/picture.jpg from its local hard drive.
HOW WEB SERVERS WORK

 Virtual Hosts: Web servers can host multiple websites with different domain names; to
achieve this, they use virtual hosts. The web server software checks the hostname being
requested from the HTTP headers and matches that against its virtual hosts (virtual hosts
are just text-based configuration files). If it finds a match, the correct website will be
provided. If no match is found, the default website will be provided instead.
 Virtual Hosts can have their root directory mapped to different locations on the hard drive.
For example, one.com being mapped to /var/www/website_one, and two.com being
mapped to /var/www/website_two
 There's no limit to the number of different websites you can host on a web server.
HOW WEB SERVERS WORK

Static Vs Dynamic Content

 Static content, as the name suggests, is content that never changes. Common examples of this are
pictures, javascript, CSS, etc., but can also include HTML that never changes. Furthermore, these are
files that are directly served from the webserver with no changes made to them.
 Dynamic content, on the other hand, is content that could change with different requests. Take, for
example, a blog. On the homepage of the blog, it will show you the latest entries. If a new entry is
created, the home page is then updated with the latest entry, or a second example might be a
search page on a blog. Depending on what word you search, different results will be displayed.
 These changes to what you end up seeing are done in what is called the Backend with the use of
programming and scripting languages. It's called the Backend because what is being done is all done
behind the scenes. You can't view the websites' HTML source and see what's happening in the
Backend, while the HTML is the result of the processing from the Backend. Everything you see in your
browser is called the Frontend.
HOW WEB SERVERS WORK

Scripting and Backend Languages

 There's not much of a limit to what a backend language can achieve, and these are what
make a website interactive to the user. Some examples of these languages (in no particular
order :p) are PHP, Python, Ruby, NodeJS, Perl and many more. These languages can
interact with databases, call external services, process data from the user, and so much
more. A very basic PHP example of this would be if you requested the website
http://example.com/index.php?name=adam