OWASP has categorized the top 10 vulnerability for web application, website hacking is very common now a days so the security testing on a web application is very important because it seems to be very difficult to recover a data after a hacking attack. OWASP top 10 is a standard to conduct a penetration testing on a web server, we have discussed the first part of this article before and this article will discuss the remaining part.
Broken Authentication and Session Management
Authentication
is the step to know about the visitor (user) of a web application after
authentication process session management establish. But what if an
attacker steals or hijacks the session of authentication process? If a
web application authentication process is vulnerable then an external
attacker or the legitimate users may try to steal the account
information of other users. This attack may occur when the session ID is
visible or when end-to-end encryption (SSL) is not used or cracked. The
flaw can occur when the user forgets their password, changes their
password, gets an account up-grade or during other related procedures.
The
common type of attack on authentication is brute force or dictionary
based attacks on web forms by using tool like THC Hydra. So the point to
discuss is about creating a strong password because whether it is HTTP
authentication or HTML authentication – they both can be cracked.
The risk factors involved are session ID hijacking, accounts may be compromised and the user information might be at risk.
Open Source Tools
- Add N Edit Cookies (Firefox add-ons,not available for latest Firefox)
- HackBar (Firefox add-ons)
- Nikto
Common Vulnerabilities
Insecure Direct Object References
It
is a type of attack in which an authorized user changes a parameter of
the system object to refer a page, database or any system object that
they are not authorized for. The most common attack is directory
traversal (or path traversal) and refers to a file or account by
mishandling the URL.
The risk factor is bigger because if this vulnerability is compromised then all the information and data will be compromised.
Example:
http://target.com/bank?acct=#####
Open Source Tools
- Websucurify
- w3af
- Burp Suite
Common Vulnerabilities
Cross-Site Request Forgery (CSRF)
Cross-site
request forgery is also known as a session riding attack. An attacker
uses different techniques to execute or submit a request to a website by
using authorized users (the victims). There is a difference between
cross-site scripting and cross-site request forgery because the XSS
exploit will break the trust of a user for an application while on CSRF
it will break the trust of an application for the user (the victim in
this case). In CSRF an attacker may send malicious code (HTML or Java)
via email or by using the XSS flaw.
The risk factor on the victim
side is very clear because an attacker can cause a victim to change the
data and perform the desired function.
Open Source Tools
Common Vulnerabilities
Security Misconfiguration
Security
misconfiguration is a dangerous attack because it can lead to the whole
system being compromised. Security misconfiguration may occur at the
system level while the common security misconfiguration for web
applications is default accounts, default pages, unpatched software and
unprotected directories that contain relevant information. In security
misconfiguration an attacker might be a third-person or an authorized
user.
The threat level is very high, but by implementing some
simple practices an administrator may be able to protect their
application:
- Disable all unnecessary software
- Change all the default passwords
- Keep all software’ up-to-date, including the server and database software
Open Source Tools
Insecure Cryptographic Storage
As
the title suggests, insecure cryptographic storage is about storage.
Insecure cryptographic storage vulnerability occurs when an attacker
gains access to a file that contains the confidential information in
plain text. It means there is no encryption policy for the data that is
meant to be encrypted. In insecure cryptographic storage the attacker
does not break the encryption policy, but finds a way to get the desired
information. For example, an application stores credit card information
of their users in simple text (plain text) and then an attacker finds
an SQL injection vulnerability to enter into the database so the
attacker can easily get the credit card information of the users because
all the information is available in plain text.
So the key point
to fight against insecure cryptographic storage is to apply encryption
to all backup data, use strong encryption algorithms, so in the event an
attacker gets the file, he/she is not able to get the data.
Failure to Restrict URL Access
This
might count under the authentication vulnerability because the failure
to restrict URL access is a result of improper authentication. In simple
words, it is a forced browsing where an authorized user or maybe a
third-person tries to access a URL for which they are not supposed to.
http://victim.com/username_info A user supposed to use their URL
http://victim.com/admin_info What if a user try to access this URL
Path traversal is a good example of failure to restrict URL access.
http://victim.com/admin_info.php?pages=../../../../etc/passwd
The
other possibilities of this vulnerability is to call some scripts from
other website or simply use the redirection vulnerability.
http://victim.com/admin_info.php?pages=http://www.ehacking.net/malware
Open Source Tools
Common Vulnerabilities
Insufficient Transport Layer Protection
The
risk of insufficient transport layer protection is high for your user
because the user information might be monitored and sniffed. An attacker
can use different sniffers for both wired and wireless networks on the
user side to monitor and catch the confidential information of a user.
Nowadays web applications use SSL/TSL in the process of authentication
to protect the user information – but keep in mind SSL can be cracked.
So the point is to use strong SSL for authentication and session cookies
on all the important pages.
Open Source Tools
- SSLScan (An old tool)
- Calomel SSL Validation (Firefox add-ons)
- SSL Test (Bash script to find the weak cipher)
- Nikto
Unvalidated Redirects and Forwards
It
is dangerous because it can lead a user to phishing and malware
websites. An attacker can take the advantage of redirects and trick the
victim to click on a link. The user will most likely click on it because
the link seems to be valid.
http://website.com/cgi-bin/redirect.cgi?url=attack.com
http://website.com/login?url=website.com
Example:
If
a web application is vulnerable then an attacker sends an email to the
user like you have received an email to purchase something with a low
rate and a URL like:
http://www.amazon.com/Application-Development-Graph-Cookbook/dp?url=http://www.phishing.com
So an attacker can easily use phishing technique to steal the confidential information of the user.
Common Vulnerabilities
Final Thoughts
Lastly,
I just want to mention the wonderful option of w3af because it provides
the ability to conduct web application based penetration testing on
the OWASP Top 10 vulnerabilities.
OWASP
has categorized the most dangerous vulnerabilities in web applications
and it is a reference point for web developers and penetration testers
to make sure that the application does not contain these top
vulnerabilities. Besides the application level vulnerabilities we need
to take care of the system software and the vulnerabilities that can
cause all of the information to be compromised. The key tip is to remain
up-to-date.
- Update all of the software, both at the system and the application level.
- Keep engaged with the online community to learn about new vulnerabilities and application weaknesses.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places. 
