1

CW 1: Security Audit

Name

University

Date
 2

Executive Summary

A data security audit seems to be a review of an institution's degree of data integrity. There

are several sorts of audits, various objectives for different audits, and so on inside this broad

field of data security auditing. Such measures of been audited are typically classified as

technical, physical, or managerial. Assessing data security covers issues ranging from

assessing the physical safety of data facilities to inspecting the logical security underlying

databases, highlighting critical elements to look for something and various auditing

approaches. In this project, we run a security assessment on a collection of virtual machine

hosts.
 3

List of Abbreviations

SQL: Structured Query Language

IT: Information Technology

WAScan: Web Application Scanner

XSS: Cross-Site Scripting

HTML: Hyper Text Markup Language

API: Application Programming Interface

SSTI: Server-Side Template Injection

QWASP: Open Worldwide Application Security Project 

CSS: Cascading Style Sheets

Recon: Reconnaissance
 4

Table of Contents

Executive Summary...................................................................................................................2

List of Abbreviations.................................................................................................................3

Introduction................................................................................................................................4

Results of the Security Audit.....................................................................................................5

OWASP Discussion.................................................................................................................15

Summary..................................................................................................................................17

References................................................................................................................................19
 5

Introduction

Every company experiences stress whenever it involves a security audit. The security of

information technology audits cover a variety of topics related to technology inside a

business, including technical assessments, configurations monitoring, platforms, and

infrastructures. To make computer technology more user-friendly and secure, security audits

include putting to light all of the tools and tactics accessible for fending off contemporary

threats. Internal and/or external audits are two distinct examinations that are both a part of IT

security audits (Varghese, 2020). After conducting employee interviews, reviewing access

controls, examining physical hardware access, and running security testing like Directory

Scanning Cross Site Scripting SQL Injection, an inside or outside IT security auditor will

complete the manual evaluation.

Results of the Security Audit

Recon

In the recon stage, the subject of the security audit is looked up in open sources. Security

breaches, IP addresses, domains and sub-domain identities, varieties and editions of the

systems being utilized, and technological expertise disclosed on social networking sites and

forums are just a few examples of the information that could be captured and used by an

attacker. Identifying every component that perhaps the software interacts with which

necessary for vulnerability is scanning during web application recon (ONAPSIS DEBUTS

FREE SAP RECON SCANNING TOOL,” 2020). We must locate quite so many assets as we

can because only those found throughout recon will be examined.

Exploitation
 6

WAScan is an abbreviation for Web Application Scanner. This is a free and open-source

vulnerability detector for online applications. The program uses the black-box method for

identifying security flaws. This approach, like a fuzzer, would not examine the entire source

code of such a web app. That is, it scans all of the sections of a website or web platform. This

program pulls custom application URLs and types and examines them individually to identify

weaknesses.

Scanning website

Wascan offers an excellent platform for conducting open source web-based recon and

gathering all of the target's data.

 7

Using the VEGA tool to scan for vulnerabilities

 8

An XSS attack involves client-side code injection. If an application modifies current web

page containing user-supplied information that used a browsers API which can generate

HTML or JavaScript, or puts malicious files together in new web page lacking sufficient

validation or encoding, XSS issues might result (Alsaffar et al., 2022).

Exploitation

There seem to be probably millions of queries that can be searched:

 9

SQLi

Whenever application sends unsecured data input toward a processor as part of a query or

lookup, injection vulnerabilities happen. These errors are frequently caused by inadequate

input validation (Karamanian et al., 2016). An existing SQL injection flaw was found during

a penetration test of the Foo Mega Host webpage. It allows potential for an intruder to install

malware Sql query. In order to access the full database's contents, comprising users' identities

(password hashes) including private information like personally identifiable details, property

rights, and financial data, an intruder must circumvent identification and controls on access.

Exploitation

On demand, to be used in exploitation

 10

Launching a vulnerable website with the sqlmap tool

It shouldn't cause any trouble and appears to be yellow gold, so who wonders what a "'" can

do to that gold. (These are both, however, yellow)

As a result, we classified it lamely as a vulnerable location. Much has been said up until this

point. It is now time to take action.

 11

Hence, by having user input apart from backend operations as well as queries, SQL injection

problems can be prevented. Adding positive or "whitelist" server-side data validation is

indeed a useful feature. Special characters must be prevented using the interpreter-specific

escaping syntax for any remaining variable searches. After unsuccessful attempts to log in to

the www.foomegahost.com page, a different behavior of the web application appears. The

home page is displayed when customers can switch tries to log on with the wrong password.

Whenever a user with administrator credentials enters the wrong password, an error.php page
 12

with the message that the administrator section can indeed be located elsewhere is presented.

This output enables the listing of users who have the administrator position.

SSTI

Whenever an application uses a structure to showcase the way it's displayed to the user, SSTI,

a weakness, develops. Such templates serve as inputs, and if they aren't properly checked,

they could alter the behavior. Although not all occurrences of these flaws differ from one

another due to the system adopted by the programmers to design the program, it is your

responsibility as a pentester to recognize these variations and their implications for how flaws

are exploited (Silva, 2018).

Exploitation

Tplmap seems to be a data security program that can look for and mitigate SSTI

vulnerabilities.

Installing the Tplmap:

 13

We have entered the tplmap directory. We must now execute the command that follows to

setup a tplmap requirement.

Let us begin by looking for SSTI Vulnerabilities upon that particular domain.

The tool is checking every form of plugin one at a time.

 14

Engine Jinja2 possesses one of the weaknesses.

 15

OWASP Discussion

Introduction

In client-side code injection (XSS), the hacker inserts malicious code together into simple

html page to make the victim's website run dangerous programs (Mahmoud et al., 2017). The

attack actually occurs whenever the victim hits the internet website or web-based program

that runs the malicious content. The infected payload is delivered to the user's web page via

the internet browser. Cross-site scripting attacks usually target discussions, forums, and

websites that allow comments as their top goals. A company's website or web-based program

is vulnerable to XSS whenever it uses user input which has not been filtered until being

produced. Relevant user input shall subsequently be parsed by the user's web browser. XSS

hacks can be carried out via ActiveX, Flash, Scripting languages, and on occasion, CSS.

Until now, as Jquery is used for majority web interactions, JavaScript features predominate.

Discussion

If an application delivers unrecognized data to web browsers without performing the

necessary verification or escaping, an XSS vulnerability results. Via the use of cross-site

scripting, hackers can run scripts throughout the victim's browser that really can hijack user

activities, sabotage websites, or drive consumers to click on harmful websites (Mahmoud et

al., 2017). If you don't make sure that certain user-supplied information is correctly escaped

or if you don't utilize input validation to make sure it's secure by including it onto the output

site, then are exposed. That input will be interpreted as participating in physical activities in

the browser even without required output escape or verification.

The security of such a weak website or unprotected web platform, as well as the users who

use it, has indeed been breached when an intruder can take advantage of a Vulnerability on
 16

such a website page and perform random JavaScript together in browser. In contrast to any

other security flaw, XSS does not constitute the user's problem. You are affected if it has an

impact on your users. The XSS attacks could include controlling the user's session, executing

malicious script, and using phishing techniques. Attackers have control over the application's

operations and can transmit data that is disguised as a legal program's request for commands

via the standard access routes, such as codes, URLs, and framework (Rodríguez et al., 2020).

This attack can impact any web page or internet program despite the fact that It occurs inside

the browser tab. For illustration, an attacker might take advantage of it to steal a user's login

information and use that user's credentials to enter the site. The attacker assumes control of

your webpage regardless of whether they have administrative rights.

Considerations for mitigating the problem

Although it may be difficult to spot XSS attacks, sorting through the data received based on

appearance is an important step. When customer input is received, one must direct as

precisely as is practical base on what is customary or on the reliable information sources.

Other methods for preventing XSS attacks include using suitable counter headers, for

instance in HTTP responses which aren't supposed to contain Java or HTML, to make sure

that perhaps the applications interpreted the right responses in line with your assumptions

(Rodríguez et al., 2020). From this point forward, one should implement component policies

that relate to lessen the severity of the XSS vulnerabilities which are likely to occur. Also,

clients must make sure everything is encrypted on the produce so that it cannot be mistaken

for voluminous content. In HTTP, the yield seems to be the clients' configurable data.

Social, Legal and Ethical considerations

 17

If not handled appropriately, issues including protecting user privacy, addressing incidental

results, evaluating technology products, minimizing biases, etc., may have adverse effects on

people in many ways. Following a brief overview of web security, where XSS attacks were

explained, the legal and ethical considerations surrounding penetration testing are addressed.

The ethical conundrums that arise across the cybersecurity business are influenced by both

the participants' behavior and the regulating rules about the level of safety (Rodrguez et al.,

2020). The gravity of the dangers facing individuals must be considered, that much is certain.

Because of the quick pace of technological advancement, ethical risks related to

cybersecurity could appear in all spheres of everyday life, such business, education, mobility,

and neighborhood security. These risks could harm people to varied degrees.

The handling of private information entails some inherent hazards to individual rights. The

information could disappear, be deleted, changed illegally, provided to unauthorized people,

or processed improperly. Probably depends on the kind and extent of processing, several risks

related to handling private information may arise (Nagarjun & Shakeel, 2020). Personal risks

are larger in large-scale exploitation, especially the preparation of confidential documents.

Summary

In this paper, we've covered a variety of web application exploitation techniques, including as

XSS, SQLi, Recon, and others. There is no room for complacency when it comes to web

application security. It must be taken into account at every phase of creation, not simply at

the end, immediately before implementation. Keep in mind your software is capable of

stopping current cyberattacks. The online application would be vulnerable being accessible to

cybersecurity threats if it has poor web application protection.

To stop would-be cybercriminals from obtaining unauthorised access to company records и

data, companies could use a Web application testing service which can check for security
 18

flaws in Web-based apps. Despite extensive installation of the more well-known information

security including anti-virus technologies, web applications continue revealing that they are

the weakest point in company's overall protection. Sadly, Web applications have allowed

hackers to exploit a critical weakness in the organizational security architecture that

enterprises were actually unaware of. Web apps are 24/7 openly accessible via the web by

purpose. It gives attackers immediate access and virtually infinite opportunities to trying to

hack programs which administrators have so far not flagged as being susceptible by using a

web application assessment service.

While the adoption of Web-based technologies for conducting business has enabled

organizations to connect seamlessly with suppliers, customers and other stakeholders, it has

also exposed a multitude of previously unknown security risks. According to Pete Lindstrom,

Director of Security Strategies with the Hurwitz Group, Web applications, when not audited

regularly with the use of a web application scanner, are the most vulnerable elements of an

organization’s IT infrastructure today.

 19

References

Alsaffar, M., Aljaloud, S., Mohammed, B. A., Al-Mekhlafi, Z. G., Almurayziq, T. S.,

Alshammari, G., & Alshammari, A. (2022). Detection of Web Cross-Site Scripting

(XSS) Attacks. Electronics, 11(14), 2212.

https://doi.org/10.3390/electronics11142212

HENRY, K. M. (2012). Penetration Testing: Protecting Networks and Systems. In JSTOR. IT

Governance Publishing. https://www.jstor.org/stable/j.ctt5hh74m

Karamanian, A., Sample, C., & Kolenko, M. (2016). Hofstede’s Cultural Markers in

Successful Victim Cyber Exploitations. Journal of Information Warfare, 15(3), 7–23.

https://www.jstor.org/stable/26502740

Mahmoud, S. K., Alfonse, M., Roushdy, M. I., & Salem, A.-B. M. (2017, December 1). A

comparative analysis of Cross Site Scripting (XSS) detecting and defensive

techniques. IEEE Xplore. https://doi.org/10.1109/IN%E2%84%A1CIS.2017.8260024

Nagarjun, P., & Shakeel, S. (2020). Cross-site Scripting Research: A Review. International

Journal of Advanced Computer Science and Applications, 11(4).

https://doi.org/10.14569/ijacsa.2020.0110481

ONAPSIS DEBUTS FREE SAP RECON SCANNING TOOL. (2020). Computer Security

Update, 21(8), 2–4. https://www.jstor.org/stable/48597935

Rodríguez, G. E., Torres, J. G., Flores, P., & Benavides, D. E. (2020). Cross-site scripting

(XSS) attacks and mitigation: A survey. Computer Networks, 166, 106960.

https://doi.org/10.1016/j.comnet.2019.106960

Silva, D. (2018). ZAP-ESUP: ZAP Efficient Scanner for Server Side Template Injection

Using Polyglots. Www.semanticscholar.org.

 20

https://www.semanticscholar.org/paper/ZAP-ESUP%3A-ZAP-Efficient-Scanner-for-

Server-Side-Silva/f6a7735e4635c913a4cd5f1b14634978ce232d28

Varghese, J. (2020, March 12). IT Security Audit: Types, Importance and Methodology.

Astra Security Blog. https://www.getastra.com/blog/security-audit/it-security-audit/