Web Application Hacking - The Art of Exploiting Vulnerable Web Application
•
1 like•490 views
Presented at Informatics Seminar at Universitas Pelita Bangsa, Cikarang.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Similar to Web Application Hacking - The Art of Exploiting Vulnerable Web Application (20)
More from Eryk Budi Pratama
More from Eryk Budi Pratama (20)
Recently uploaded
Recently uploaded (20)
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
- 1. Web Application Hacking The Art of Exploiting Vulnerable Web Application Eryk Budi Pratama Seminar Prodi Informatika | 24 Agustus 2019
- 2. WHO AM I? • Cyber Security & Community Enthusiast • Cyber Security Professional, Global Consulting Firm • Cyber Security Strategy & Governance, Technical Assessment, Cloud Security, Emerging Technology, DevSecOps • IT Advisory, Audit, Governance, Risk, & Compliance • Knowledge Hunter • @proferyk
- 3. Overview
- 4. Survey Source: https://www.f5.com/content/dam/f5-labs-v2/article/pdfs/F5Labs_2018_Application_Protection_Report.pdf Application breaches by initial attack type Breaches by root cause
- 5. Common Web Application Vulnerabilities (1/2) Source: https://www.edgescan.com/wp-content/uploads/2019/02/edgescan-Vulnerability-Stats-Report-2019.pdf
- 6. Common Web Application Vulnerabilities (2/2) Source: https://www.edgescan.com/wp-content/uploads/2019/02/edgescan-Vulnerability-Stats-Report-2019.pdf
- 7. Case Studies - Indonesia
- 9. Vulnerability Stack User – Login Form Internet Firewall Web Server Web Application DBMS OS System Call DB Output
- 10. Application Sub-Tiers and Components App source code Internal code External code Server-side infrastructure Web server CDN Data storage Server-side frameworks Authentication Authorization Identity Federation Encryption Certificate authorities DNS servers Registrars Global ISPs Last mile Internet routing Data flow within the application Services Access Control Transport Domain Name Network
- 11. Application Threats at Each Tier API attacks Injection Malware DDoS Cross-site scripting Cross-site request forgery Man-in-the-middle Abuse of functionality Credential theft Credential stuffing Session hijacking Brute force Phishing DDoS Key disclosure Protocol abuse Session hijacking Certificate spoofing Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS Eavesdropping Protocol abuse Man-in-the-middle Services Access Control Transport Domain Name Network Client Cross-site request forgery Cross-site scripting Man-in-the-middle Session hijacking Malware Social Engineering
- 12. Sample Attack via Transport Layer Source: https://www.f5.com/content/dam/f5-labs-v2/article/pdfs/F5Labs_2018_Application_Protection_Report.pdf
- 13. Sample Attack via Compromised Digital Certificate Source: https://www.f5.com/content/dam/f5-labs-v2/article/pdfs/F5Labs_2018_Application_Protection_Report.pdf
- 14. Sample Attack via DNS Source: https://www.f5.com/content/dam/f5-labs-v2/article/pdfs/F5Labs_2018_Application_Protection_Report.pdf
- 15. Web Hacking Tools Source: https://www.statista.com/statistics/800916/worldwide-useful-software-hacking/
- 16. How to Prevent Web Application Attack
- 17. Primary Application Protection Steps Understand your environment Reduce your attack surface Prioritize defenses based on RISK Select flexible and integrated defense tools Integrate security into development 1 2 3 4 5
- 18. Earn Money from Ethical Hacking
- 19. Bug Bounty Program – Crowd sourced
- 20. Bug Bounty Program – Individual
- 21. Bug Bounty Flow - Sample Source: https://bugbounty.linecorp.com/en/faq/ Find Bug(s) Report Bug Bug Validation Bug Rating Bug Fixing Rewards
- 22. Bug Bounty Rewards - Sample
- 23. Live Demo