29MAR
- What is the need for penetration testing?
Penetration testing helps to find security vulnerabilities in the application before an attacker could attack or a customer could find out and report it. Also, it is easier and cost effective to find bugs as early in the software development life cycle as possible. - What is a vulnerability?A vulnerability is a flaw or weakness in a system’s design, implementation, operation or management that could be exploited to compromise the system’s security objectives.
- What are most common web vulnerabilities? or what are OWASP top listed vulnerabilities?Injection flaws
Authentication Bypass and Session Management
Cross Site Scripting
Authorization Bypass
Security Configuration
Sensitive Data Exposure
Cross Site Request Forgery
Using Vulnerable Third Party Components
UnValidated redirects or forwards - What is XSS?Cross-site scripting(XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users.
XSS is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. - What are types of XSS?Reflected XSS
Stored XSS
DOM bases XSS - Which type of XSS is more dangerous?
Stored XSS is more risky as it lasts in the application and affects all users who visit the vulnerable page. - How do you test XSS vulnerability in web applications?– Identify parameters that take user input parameters that are displayed back on the browser in the same page or in another page.
– Input parameters can be in GET or POST requests.
– Hidden parameters also may be vulnerable.
– Web proxy tool like BurpSuite or Paros Proxy is required to bypass client side authentication and to test XSS in hidden parameters
– Inject XSS scripts like alert(1); in parameters to be tested and observe application response.
– If the application is executing the injected script, it could be vulnerable to XSS. - Can you say few common XSS attack vectors that are commonly used for testing?onload=’confirm(“test XSS”)’
” onload=’javascript:alert(1)’
“>
alert(1);
;alert(1) - How can we prevent XSS?Input Validation: Validate user input. Use whitelisting. Whitelisting is maintaining an accepting list of characters of each parameter and allowing only those characters in user input.
Output Encoding: This is the best technique to re-mediate XSS. Encode all special characters in user input before displaying on the browser. HTML encoding of are < and >. Encoding will prevent execution of scripts. - What is SQL injection?SQL injection is an input validation vulnerability in which an attacker injects SQL scripts in user input to gain unauthorized access to application or data.
- What are variants of SQLi?Blind SQL injection
SQLinjection using UNION based queriesSQLinjection using unhandled DB exceptions - How do you test for SQLi?– Identify user input parameters that are used in DataBase queries.
– The parameters in can be GET or POST requests and also hidden parameters.
– To test SQL injection, start by entering small SQL queries like ‘ or ‘1’=’1 and observe application response.
– If the application responds with DB error message, we can conclude the script we entered has reached DB and no input validation has been implemented to block. – We can continue testing with advanced attack vectors. - What is blind SQL injection?Blind SQL injection does not let user to obtain data upon successful attack directly.
The application behaves differently for true or false conditions in SQL injection.
Basing on this difference in behavior, we try to obtain information from database by using ascii values of each character i.e., bit by bit
It is a tedious process. But allows to extract the whole database. - How can we prevent SQLi?SQL Injection can be prevented by implementing proper input validation. Use whitelisting for parameters like usersname which expects only alphanumerics.
Use parameterised queries in application code instead of concatenated string queriesImplement proper DB user authorization to mitigate SQL injection attacks. - What is CSRF vulnerability?Cross site request forgery vulnerability occurs when a victim clicks on a crafted link sent by an attacker which contains requests to the application. So, the attacker will be able to get his intended task done by the victim without victim’ s knowledge. The attack will be successful when the user is logged into the application and then clicks on the link sent by the attacker.
The CSRF vulnerability occurs because of browser feature to send the active session cookies basing on domain name. - How can you exploit CSRF vulnerability?Cross site request forgery vulnerability occurs when a victim clicks on a crafted link sent by an attacker which contains requests to the application. So, the attacker will be able to get his intended task done by the victim without victim’ s knowledge. The attack will be successful when the user is logged into the application and then clicks on the link sent by the attacker.
Below is the same code for the attackers link.Below is a sample exploit code for the page:http://example.com/ Update_user_details.jsp”>
document.badform.submit();
</body>
</html>The HTML code above contains hidden parameters corresponding to legitimate form in the user application with attackers intended values to submit the form. - What are recommended remediation measures for CSRF?The recommended remediation for CSRF vulnerability is to implement secondary random variable in sensitive forms of the application. The server has to send a hidden random variable for each user session and should validate this variable value when the form form gets submitted.
- What is a session fixation issue?Session fixation vulnerability allows an attacker to choose victim’s session cookie. This vulnerability occurs when applications generate session cookie before authentication and does not change the cookie value after authentication.
- What are various ways to by pass authentication?SQL injection
Cookie ManipulationForceful Browsing - What is meant by horizontal privilege escalation?Horizontal Privilege escalation is being able to bypass authorization mechanism and access information of other users who have the same level of permission.
- What is meant by vertical privilege escalation?Vertical Privilege escalation is being able to bypass authorization mechanism and access information of other users who have higher privileges than current user.
For instance, a normal application user being able to access the administrator pages. - What is a buffer overflow vulnerability?Buffer overflow vulnerability allows to write onto unintended memory locations. Examples of ‘C’ buffer overflow vulnerable functions are ‘gets’, ‘puts’
References:
No comments:
Post a Comment