Documentation PDF

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 24

Workshop Report

Web Application Penetration Testing:


Web application penetration testing is a comprehensive security assessment
methodology focused on identifying and mitigating vulnerabilities within web-based
applications. It involves simulating real world attacks to evaluate the security posture
of web applications, aiming to discover weaknesses that could be exploited by
malicious actors. This process helps organisations safeguard sensitive data, maintain
regulatory compliance and protect the reputation from potential security breaches

OWASP Top 10 Security Risks (Open Web Application Security Project):


1.Broken Access Control:
Access control is the permissions granted that allow a user to carry out an action
within an application. Some users may only be able to access data, while others can
modify or create data

Broken access control is a critical security vulnerability in which attackers can


perform any action (access, modify, delete) outside of an application’s intended
permissions.

2.Cryptographic Failures : Cryptographic failures occur when an application does not


correctly implement cryptographic protocols or algorithms.

Sensitive data is often personal in nature, and can include personal contact details;
demographic information; data about protected classes; financial data; health data;
and other types of data.
3.Injection:
As a broad attack category, injection occurs when code that's been entrusted or even
malware is input in a way that allows attackers to alter the meaning of key
commands. These injection attacks rely on coding vulnerabilities that make it
possible for invalidated users to enter input.

4.Insecure Design:
The insecure design does not refer to a specific mistake, but rather, an overarching
way of thinking that needs to be addressed.

5.Security Misconfiguration:

Misconfigurations can arise at any level, such as application servers or network


services. Often, they occur because unnecessary features (such as ports or accounts)
are enabled. Out-of-date software is also a notable problem.

6.Vulnerable and Outdated Components:

This risk increases further as many websites continue using components with known
vulnerabilities rather than updating them.

7.Identification and Authentication Failures:

Failures related to identification and authentication can occur in a variety of


situations. In general, however, they're most likely when applications have major
flaws relating to password protection, session identifiers, or no rate limits on login
attempts.

8.Software and Data Integrity Failures:

When code and infrastructure are unable to protect against integrity violations, it
could lead to security flaws impacting everything from frameworks to client-side
machines.

9.Security Logging and Monitoring Failures:


This is a crucial strategy for mitigating attacks, as excessive login failures are
indicative of breaches. These logs must be properly backed up and stored in separate
locations to prevent unintentional losses in the event of a natural disaster or simple
hardware failure.

10.Server-Side Request Forgery:

Server-side request forgeries (SSRF) occur when flaws in web applications allow
malicious parties to access or even modify resources simply by abusing basic server
functionality.
SQL Injection:
SQL injection is a technique used to extract user data by injecting web page inputs as
statements through commands. Basically, malicious users can use these instructions
to manipulate the application’s webserver.
 SQL injection is a code injection technique that can compromise your
database.
 SQL injection is 1 of the most common websites in techniques.
 SQL injection is the injection of malicious code into SQL statements via
operation input
For this activity we use the tool of like Havij to know more about SQL Injection by
following steps:
 Paste any link in Havij target
 Click on analyse
 You can see the status at the bottom of HAvij
 Click on Tables

 Click on the Get DB’s(database).


 Click on Get Tables.
 Click on Get Columns.
 Now you will get the tables on the left hand side now click on the tables that
you want. Foreg users and password.
 Click on Get Data.
 Then you will get all the id and password of all the users.
 Then you will get all the id and password of all the users.
 Now if you want id and password of all the users.
 Click on admin.
 You will get it.
XSS-Injection:
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts
are injected into otherwise benign and trusted websites. XSS attacks occur when
an attacker uses a web application to send malicious code, generally in the form of
a browser side script, to a different end user.
For this activity we use bwapp.hackhub.net to know more about SQL Injection by
following steps:
 Login
 Select Cross-Site scripting-Reflected(Get)
 Click on “hack”

 Give the below command.


 Click Go.

HTML-Injection:
For this activity we use bwapp.hackhub.net to know more about HTML Injection by
following steps:
 Login
 Select HTML Injection-Reflected(Get)
 Click on “hack”

Give the below command.

 Click Go.

iFrame Injection:
For this activity also we use bwapp.hackhub.net to know more about iFrame
Injection by following steps:
 Login
 Select iFrame Injection-Reflected(Get)
 Click on “hack”

 The iframe is displaying robots.txt in the current page.


 In this challenge the iframe which has GET parameter in the URL such as
ParamUrl, ParamWidth and ParamHeigh. We can easily change the robots.txt to
any other URL for example I changed it
to https://jaiguptanick.github.io/Blog/blog/Overpass_TryHackMe/ , it displayed the
requested webpage.

Denial of Service(DoS)Using BURPSUITE:


When a Denial of service (DOS) attacks curse a computer on network user is unable
to access resources like email and the Internet. An attack can be directed at an
operating system or at the network.
A denial-of-service (DoS) attack is a malicious attempt to overwhelm a web property
or network
resource,
rendering it
unavailable to its
intended users by
disrupting its
normal
functioning. These attacks can take various forms, but their common goal is to disrupt
services and prevent legitimate users from accessing expected resources.
Now we can observe the use of a repeater in Burp Suite, to create a weaker version of
a DoS attack. With the repeater tool, We can repeatedly send a single interceptor
request back to the server, and the boost memory, and disk can be observed from the
task manager by using below steps:
 On the intercept.
 Go to HTTP history and click on the send to repeater.

 With just 2pings we can observe the changes in memory.

Trojan:
A Trojan Horse Virus is a type of malware that downloads onto a computer disguised
as a legitimate program. The delivery method typically sees an attacker use social
engineering to hide malicious code within legitimate software to try and gain users'
system access with their software.
This trojan can prevented by Firewalls. This attack may occur by some Remote Access
Tojans(RATs). They are:
 ActivTrak
 ProRat
 DarkComet
In order to
prevent
from this Trojan,
we can use
some
Trojan removers:
 TotalAV
 Norton
 SurfShark
 Bitdifender

Also we can make changes in our windows defender firewalls. First, type Firewall
Defender in our windows search bar then
 Go to Inbound Rules-These are to do with other things accessing your
computer. If you are running a Web Server on your computer then you will
have to tell the Firewall that outsiders are allowed to connect to it.
Now go to Outbound Rules-These are so that you can let some programs use
the Internet, and Block others. You will want to let your Web Browser (Internet
Explorer )

Firewall:
A firewall in a computer network provides security at the perimeter by monitoring
incoming and outgoing data packets in network traffic for malware and anomalies

A firewall is designed to follow a predefined set of security rules to determine what


to allow on your network and what to block.

Types:

Basically, there are two types of delivery methods for firewalls:


 Software - a software firewall protects the host it runs on such as a computer
or device, and a hardware firewall protects the network.
 Hardware- It runs software installed on the hardware appliance, while a
software firewall in a computer network uses a computer as the hardware
device on which to run.

Software Firewall Types:


 Packet Filtering Firewall
 Stateful Inspection
 Firewall Proxy Firewall
 Next Generation Firewall (NGFW)
 Unified Threat Management (UTM)
 Cloud Firewall
 Web Application Firewall (WAF)
 Intrusion Detection System/Intrusion Prevention System (IDS/IPS)

How to secure INSTAGRAM account(Secure Guide):


1.
 Inside the Instagram app, tap the profile tab in the bottom-right corner
 Tap the menu bar in the top-right corner, then select Settings
 Select Security and type security checkup

2. Enable two-factor authentication:

Two-factor authentication or "2FA" adds an extra layer of security to your Instagram


account by requiring you to enter a unique code, as well as your username and password,
when logging into the app.
3.Revoke access to third-party apps:

Over the years, you may have linked your Instagram account to third-party apps and
services. These may be completely safe, but it's possible that some of them — especially if
they're old and no longer active.

4.Check login activity:

If you're worried your Instagram account may have already been compromised, you can
check your login activity to find out when and how it was accessed.

5. Block or report suspicious accounts:

It's important to not only block but also report these accounts to Instagram, so that they
can be investigated and removed.
Mobile Security:

 Lock Your Device for Maximum Security

1. Set Up a Strong Password or PIN


2. Utilize Biometric
Authentication
3. Enable Auto-Lock
and Timeout
4. Keep Your Software
Up to Date
5. Update Your
Operating System
Regularly
6. Update Your Apps
7. Protect Your Data with Backups

8.Protect Your Device on Public Networks


9.Avoid Unsecured Wi-Fi Networks
10.Educate Yourself and Practice Safe Habits
AES(Advanced
Encryption
Standard):

Advanced encryption
standard(AES) is a
specification for the
encryption of
electronic data
established by the
U.S National Institute of
Standards and Technology(NIST) in 2001. AES is widely used today as it is a much stronger
than DES and triple DES despite being harder to implement.
Points to remember:
1. AES is a block cipher.
2. The key size can be 128/192/256 bytes
3. Encrypts data in blocks of 128 bits each.
AES Encryption:
JavaInUse is an online tool for both AES and DES encryption. It provides both CBC
and ECB modes of encryption and decryption.

AES Decryption: By using the encrypted data and the secret key, we can perform
decryption.
Breaking Windows password:
Windows is the most common desktop platform currently in use. As a result, it is not
uncommon for hackers to encounter a Windows password that they need to crack in
order to gain access to a specific account on a machine or move laterally throughout
the network.
Now a days, Hackers using many tools to crack the windows passwords. Some of
them are:
1. Password Cracker
2. Rainbow Crack
3. Cain and Abel
4. John The Ripper
5. WFuzz
Password Cracker:
Password Cracker is a desktop tool that will let you view hidden passwords in
Windows applications. Some applications hide passwords by asterisks for security
purposes when creating an account. Using the tool, you don’t have to note down the
passwords on a piece of paper. When enabled, you only have to hover the mouse to
the Test field to see the password.
Cain and Abel:
Cain and Abel is a free password cracking tool that was developed for forensics staff,
security professionals, and network professionals. The application can act as a sniffer
for monitoring network data. Additionally, the application can recover passwords by
recording VoIP conversations, analysing routing protocols, decoding scrambled
passwords, and reveal cached passwords.
John The Ripper:
John The Ripper is a free tool that can be used for remote and local password
recovery. The software can be used by security experts to find out the strength of the
password. This tool uses Brute Force attack and Dictionary Attack features to detect
passwords.

BitLocker is a security feature built into Microsoft Windows that encrypts all hard
drives, including the operating system, system files, and user data. The encryption
process is designed to protect sensitive data on a computer from unauthorized
access, theft, or hacking attempts.

When you turn on BitLocker, it uses encryption to protect all the files stored on
the hard drives. It does this by converting the data into unreadable code, which can
only be unlocked with a specific key. The encryption key can be unlocked by
BitLocker using either the user's password or a smart card.

Base64 Encoding and Decoding: Base64 is used because some systems


are restricted to ASCII characters but are actually used for all kinds of data. Base64
can "camouflage" this data as ASCII and thus help this data pass validation.

We use Base64 Encode and Decode - Online tool to encrypt and decrypt.
Decoding: By using above code, we can decode the data

Hashing(SHA-256):

Hashing i
s a one-
way

mathematical function that turns data into a string of nondescript text that
cannot be reversed or decoded.

In the context of cybersecurity, hashing is a way to keep sensitive information


and data including passwords, messages, and documents — secure. Once this
content is converted via a hashing algorithm, the resulting value (or hash code) is
unreadable to humans and extremely difficult to decrypt, even with the help of
advanced technology.

Hashing has become an important cybersecurity tool for organizations, especially


given the rise in remote work and use of personal devices.

SHA-256 is one of the cryptographic hashing algorithm used for message file and
data integrity verification.
CIA
Triad:
The CIA Triad
refers to

confidentiality, integrity and availability, describing a model designed to guide policies


for information security (Infosec) within an organization. Confidentiality: Roughly
equivalent to privacy confidentiality measures are designed to prevent sensitive
information from unauthorized access attempts. Its common for data to be classified
according to the amount and type of damage that could be done if it fell into the
wrong hands.
1. Integrity: The consistency, accuracy and trustworthiness of data must be
maintained over its entire life cycle. For example, in data breaches.
2. Availability: Information should be consistently and readily accessible for
unauthorized parties. This involves properly maintaining hardware and
technical infrastructure and systems that hold and display the information.

AAA Framework:
Authentication authorization and accounting(AAA) is a security framework for
controlling and tracking user access within a computer network. AAA intelligently
controls access to computer resources, enforces policies, audits usage and provides
the information necessary to build for services.
Authentication: Authentication provides a way of identifying a user typically by
having them enter a valid user name and password before access is granted. Other
authentication processes can be used instead, such as biometrics or a smart card.
Authorization:
The user must be authorized to perform certain tasks. After logging into a system, for
instance, they might try to issue commands. The authorization process determines
whether the user has the authority to issue such commands.
Accounting:
Accounting measures the resources
the user consumes during access.
This can include the amount of system
time or data the user has sent and
received during a session.

NonRepudiation(Digital Signatures):
Non-repudiation is a security mechanism used to ensure that a party involved in a
transaction or communication cannot deny their involvement in the activity.
Digital Signatures for Nonrepudiation:

 Digital signatures play a crucial role in achieving nonrepudiation.


 A digital signature ensures non-repudiation by providing a verifiable and tamper-
proof way to sign digital data.
 Here’s how it works:
o Public Key Cryptography: Digital signatures rely on public key
cryptography, which involves two mathematically related keys: a public
key and a private key.
o Signing Process:
 The sender uses their private key to create a digital signature for a
document.
 This signature proves that the document was electronically signed
by the holder of that private key.
o Verification Process: The recipient verifies the signature using the
corresponding public key.

VAPT(Vulnerability Assessment & Penetration Testing):


Vulnerability Assessment and Penetration Testing (VAPT) is a security testing method
used by organizations to test their applications and IT networks.
How does VAPT defend against Data Breaches?

Data breaches are a huge problem and not just for companies and organizations that
get hacked. Data breaches can result in identity theft, stolen funds, and damaged trust
from a user’s perspective. The most vulnerable asset in any organization is its data.

Types of VAPT:
 Network penetration testing.

 Web application penetration testing.

 Mobile penetration testing.

 API penetration testing.

 Cloud penetration testing.

Let’s understand the benefits of VAPT testing:

1. Uncover security vulnerability


2. Avoid data breaches
3. Protect customer data and trust
4. Maintain the reputation of the company
5. Achieve compliance
6. Detailed VAPT reports

What are VAPT Tools?

VAPT tools are a group of software tools used to test the security of a system,
network, or application. Here are some of the top open-source tools that can perform
VAPT:

1.Wireshark:

Wireshark is a network traffic analyzer, monitoring software that allows you to see
what traffic flows through your system network. It is open-source and is the most
popular network analyzer in the world.

2.Nmap:

Nmap is an open-source network administration tool for monitoring network


connections. It is used to scan large networks and helps for auditing hosts and services
and intrusion detection. It is used for both packet-level and scan-level analysis of
network hosts. Nmap is free of cost and available to download.

3.Metasploit:
Metasploit is a framework for developing and executing exploit code against a remote
target machine. It was initially released in 2003 by H.D. Moore as an open-source
project. Penetration

VAPT(Nmap):
Nmap is one of the tools that can be slotted into the Metasploit Framework. It is a
command line system that detects all devices connected to a network. Network
professionals will find the GUI front end for Nmap easier to use – that is called
Zenmap. Both Nmap and Zenmap are available for free.

With this utility, you can understand the different attributes of any objective
network, including the hosts accessible on the network, the kind of framework
running, and the type of bundled channels or firewalls that are set up.

Key Features:

 Robust Network Mapping: Efficiently identifies devices and services on a


network.
 Command-Line Interface: Allows for scriptable, automated scanning
processes.
 Free and Open Source: Accessible to all users without cost barriers.

Vulnerability Scanning:

Vulnerability scanning is the process of identifying security weaknesses and flaws in


systems and software running on them. It's part of a vulnerability
management program that protects organizations from data breaches.
IT departments or third-party security service providers scan for vulnerabilities using
vulnerability scanning tools. Doing so helps predict how effective countermeasures
are in case of a threat or attack . vulnerability scanning is also a great tool for
achieving cybersecurity compliance required by regulations like NIST, PCI DSS, and
HIPAA.

Top vulnerability scanning tools in cybersecurity:


Vulnerability scanning tools help improve your organization's security posture by
providing automated scanning capabilities, detailed reporting, and integration with
other security tools. They save time and effort for security teams.
Selecting the right tool depends on the specific requirements, budget, and
complexity of the organization's infrastructure. So here are a few top vulnerability
scanning tools in cybersecurity to help you out:

 Nessus is a versatile vulnerability scanner with an extensive database and


frequent updates.
 OpenVAS is a flexible and cost-effective open-source vulnerability scanner that
offers tests for common security issues.
 Burp Suite is a web application security testing tool that identifies common
vulnerabilities and offers interactive scanning and features like proxying and
session analysis.

Vulnerability Scanner(Acunetix):
Acunetix Web Vulnerability Scanner combines its penetration testing procedures
with its vulnerability scanner to create continuous automated threat detection for
web pages The security reports produced by the tool are compliant with HIPAA, PCI-
DSS, and ISO/IEC 27001 standards.

It is very similar to
the In victim system
in that it focuses on
discovering security
weaknesses in
websites and other
Web-based systems,
such as
microservices and
mobile apps. This
package can also be
used as a
continuous tester in
a CI/CD pipeline.
Some of the scans rely on sensors being placed within the code of a website and its
applications However, that potential vulnerability doesn’t seem to worry the very
impressive client list of Acunetix, which includes the US Air Force, AVG, and AWS.

SIEM (Security Information and Event Management):


Security information and event management, or SIEM, is a security solution that
helps organizations recognize and address potential security threats and
vulnerabilities before they have a chance to disrupt business operations.

Over the years, SIEM software has evolved to incorporate user and entity behaviour
analytics (UEBA), as well as other advanced security analytics, AI and machine
learning capabilities for identifying anomalous behaviours and indicators of advanced
threats. Today SIEM has become a staple in modern-day security operation centres
(SOCs) for security monitoring and compliance management use cases.

What is the SIEM Process?

1. Collects security data from various sources such as operating systems,


databases, applications, and proxies.
2. Aggregates and categorizes data
3. Uses analytics to detect threats
4. Applies customized rules to prioritize alerts and automated responses for
potential threats
Benefits of SIEM:

1. Real time threat recognition.


2. Ai driven automation.
3. Improved organizational efficiency.
 Fishing
 Ransomware
 Distributed Denial of Service (DDoS) attacks
 Data Exfiltration.
4. Conducting forensic investigations
5. Assessing and reporting on compliance
6. Monitoring users and applications.
SIEM Tools:
1. Manage Engine Log360
2. Log Point SIEM.
3. SolarWinds Security Event Manager
4. Datadog Security Monitoring.
5. Gray Log
6. Manage Engine Event Log Analyzer
7. Heimdal Threat Hunting and Action Centre.
8. Trellix Helix
9. Exabeam Fusion
10.Elastic Security.
11.Fortinet FortiSIEM
12.Splunk Enterprise Security
13.Rapid7 Insight IDR
14.LogRhythm NextGen SIEM Platform
15.AT&T Cybersecurity Alien Vault Unified Security Management.

SOLARWINDS:

Solar winds is a network management tool that helps companies manage networks,
systems, and other infrastructure. The products provided by SolarWinds are effective,
accessible and easy to use. It was found by Donald Yonce and David Yonce(brothers)
in the year 1999 with its headquarters in Austin, Texas. Solar winds has acquired
numerous companies that offer services from security to database management.
SolarWinds network performance monitor(NPM) is used to detect outages, diagnose
and resolve network performance issuesThe database performance emulator helps in
quickly identifying and resolving database performance problems.

Advantages of SolarWinds:

1. Speeds up the troubleshooting process.


2. Makes it easy to identify network issues.
3. Scales up very easily according to your requirement.

Features of SolarWinds NPM:

1. Fault, performance, and availability monitoring:

Proactively detect performance issues and reduces servers or devices downtime.

2. Hop-by-hop analysis:

You can view the performance and monitor devices that are on premise, in the
cloud or across hybrid environments.

3. Automatic device mapping:

Using network sonar, we can


scan and find all the devices
connected to the network. It
can automatically create or
update a network topology
map.

4. Cross stack network data


correlation:

Drag and drop network


performance metrics of a
specific device to identify the
root cause, thereby
maintaining visual correlation.
Workshop Report By:
U. Sandhya rani
21F01A4661
3rd Year Cyber Security

You might also like