In this presentation I have tried to figure out common loop holes through which web applications may fall prey to the attackers, common tools used in the trade and some preventive security measures to put us on a safer side.

2. Web
Web
Application
Application
Hacking
Setup
Objectives
Web Anatomy
Application of an
Threats Attack
Countermeasures

3. A client/server software application that
interacts with users or other systems using
HTTP.
Modern applications are typically written
in Java (or similar languages) and run on
distributed application server, connecting
to multiple data sources.
 Examples of Web Applications :
i) webmail
ii)Online retail sales
iii)wikis

4.  Defacing websites
Stealing credit card Information
Exploiting server-side scripting
Exploiting buffer overflows
Employ malicious code
Dos attack
Destruction of Data

5. SCANNING
INFORMATION GATHERING
TESTING
PLANNING THE ATTACK
LAUNCHING THE ATTACK

6.  Cross-site scripting
 SQL injection
 Buffer overflow
 Zero day attack
 Directory Traversal/Forceful
Browsing
 Cookie/session poisoning
 Parameter/form tampering
 Error Message Interception

7.  Cross-site scripting (XSS) is a type of computer security vulnerability
typically found in web applications which allow code injection by web
users into the web pages viewed by other users.
 Examples of such code include JavaScript code.
Stored Attack Reflected Attack

8. XSS
www.mailprovider.com
 Hacker finds out www. mailprovider.com
suffers from XSS.
Mail
Users get mail asking to click a hyperlink
for getting a free gift Click here
For free gift
When the user click
malicious script gets executed.
www.mailprovider.com/default.asp?name=<script>evilScript()</script>
Your browser correctly interprets this as
Vulnerable
Web browser
script and runs the script
site
If this script instructs the browser to send a cookie ,
to the hacker's computer, it quickly complies.
May take the user to a fake web page
of his online banking site.

10.  It is basically a security exploit in which
attacker injects SQL code through a web
form input box, address barto gain access to
resources and makes changes to data.
 SQL Injection attacks can often be executed from
address bar, from within application fields,
and through queries and searches

11. var sql = quot;select * from users where username = ' username ' and
password = ' password ' quot; ;
Username: anything‘ or 1=1--
Password:
quot; select * from users where username = 'anything' or 1=1--'and
password ='' quot;;

13.  Mechanism
 When the amount of data sought to be added to a buffer exceeds the
size of the buffer; generally resulting in a catastrophic error.
 Occurs
when boundary checks are not done fully or skipped.
Error in programming.
 After successful execution
 Gain super user privilege.
 Installation of backdoor.
 Put a server down

14.  Zero-day attacks take place between
the time a vulnerability is discovered
by a researcher or attacker, and the time
that the vendor issues a corrective patch.
 Most zero-day attacks are only available as hand-crafted
exploit code, but zero-day worms have caused rapid panic.
 Zero-day vulnerability is the launching point for further
exploitation of the web application and environment.
 Lack of a firewall and enable heuristics scanning.

15.  Cookies are used to maintain session
state in the otherwise stateless HTTP
protocol.
 Poisoning allows an attacker to inject malicious
content, modify the user's on-line experience, and
obtain unauthorized information
 It can be used for rewriting the session data, displaying
the cookie data, and/or specifying a new User ID or
other session identifiers in the cookie.

16.  Takes advantage of the hidden field that work as the
only security measure in some applications.
 Modifying this hidden field value will cause the web
application to change according tothe new data
incorporated
 Can cause
 theft of services
 escalation of access
 session hijacking

18.  Attack occurs when the attacker
is able to browse directories and
files outside normal application
access.
 Attack exposes the directory structure of the application,
and often the underlying web server and operating system
 Attacker can enumerate contents, access secure or
restricted pages, and gain confidential information, locate
source code and so on.
 No provision of access right for protected areas of site.

19.  Information in error messages is
often rich with web site-specific
information which can be used to ::
 Determine technologies used in the
web applications.
 Determine whether attack attempt was successful or
not.
 Receive hints for attack methods to try next.

21.  Validation of query strings, form fields and hidden fields
against a rigorous specification.
 Filtering script output .
 Structuring request such that all supplied parameters are
treated as data ,rather than potentially executable content.
 Validating input length in forms and carrying out bounds
checking.
 Defining access right to protected areas of website.
 Applying checks/hot fixes.
 Updating web server with security patches in timely manner.
 Digitally signed and stamped logs.
 Separate log for system event and transaction log for
application event.

22. Presented By
Preetish Panda
preetish88@gmail.com