OWASP Top 10 Vulnerabilities & Exploitation
Once upon a time there was no Internet and there was no concept of the Web. But time has passed and today we have a technology called the Internet.
In earlier versions of the Internet there were only static web pages with limited ability to interact with users. Today every business has its own identity on the Internet and there is advance commerce taking place online. Businesses depend on the Internet because of its high flexibility and speed. The main point I want to discuss is the importance of web applications. The era of static web pages is over and now we have user-friendly web pages that built from multiple types of scripts (Perl, PHP, ASP, etc.).
So the importance of web applications is not a hidden truth and the security of web application is necessary to protect information from strangers (black-hat hackers). Web applications are on the hit list of hackers because they are easy to access, and the risk is high for both system and user. From the systems point of view we need to protect the integrity and reputation of the system. From the user’s perspective we need to care about identity, privacy, money and other things.
Open Web Application Security Project (OWASP) is an open source community for application level security projects and OWASP has defined or created a list of the top vulnerabilities and security risks for web applications. This list is commonly known as the OWASP Top 10. The top ten vulnerabilities for web applications as defined by OWASP are not the only risks because there are hundreds of other issues and vulnerabilities that may occur on a web application.
The OWASP Top 10 are the most critical and common vulnerabilities that can cause a system to compromise the user information.
OWASP Top 10
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
In this article we will discuss the security risks and their effect on a web application. This is a good way to create security awareness among web application developers, web masters and users. In this article we will also cover the best open source tools that can be helpful while doing penetration testing on a web application; it is a good practice to conduct a penetration testing on web applications to protect both the system and the users.
Dynamic web applications are based on bi-directional communication where users are allowed to send data to web application. So in this case a user (internally or externally) might act as a threat agent and they can send simple syntax, query, command and arguments to a web application. Injection flaws are very common and dangerous. They can be discovered by evaluating code, via automatic scanners and the use of fuzzers.
Injection, or code injection, is too general a term. I categorize the different types like this:
- Command injection
- SQL injection
- Blind SQL injection
- LDAP injection
- and others (as I said above, there might be hundreds of vulnerabilities that may occur but we will discuss the most dangerous)
SQL (Structured Query Language) injection is treated as a the most dangerous and common web application vulnerability because SQL is a language that is used to manage the data (information) on a database. Due to SQL injection vulnerability an attacker can control the database (that means all the information, including administrator and users’ confidential information) and can execute commands on the server (that means they have full access).
Open Source Tools to Find Injection Vulnerability in Web Applications
As I said earlier, I will discuss only open source tools (or tools that are available free of cost) while there are some commercial tools that are also available and can be helpful. It is not a hard and fast rule to use the tools that are mentioned here, you can use whatever you want to use.
- w3af (Web Application Attack and Audit Framework)
- OWASP ZAP (I prefer and use)
- HackBar and SQL Inject Me (Firefox add-ons)
To exploit the SQL injection vulnerability an attacker can use automatic tools or manual techniques. The most common tools are:
Cross-Site Scripting (XSS)
XSS or Cross-Site Scripting is another dangerous and common web application vulnerability and can be categorized under the heading of an injection attack because in XSS a malicious script or syntax is injected into a web server. In simple words, cross-site scripting is an attack in which an attacker injects malicious code into a web application and the server sends this page to the browser (other users) without any validation of content. The common method or way to execute the syntax is via the guest book, contact form, search bar and other forms that allows user to enter some information.
There are mainly three types of cross-site scripting:
- DOM based XSS
In stored XSS the malicious code is permanently stored on a web server (database) via comment and forum message. In reflected XSS the malicious code or script reflects back from the web server in an error window, search result and many other ways. DOM XSS or type-0 XSS is an attack in which the malicious script or payload modifies the DOM environment on the victim (other user) side by using a client side attack vector.
The risk factor of XSS is high because user information can be stolen via XSS vulnerability. Session hijacking, cookies stealing, phishing (redirecting users to another malicious website), website defacement and an attacker can control the victim’s web browser and then their operating system.
Open Source Tools to Find Cross-Site Scripting Vulnerability in Web Applications
- OWASP ZAP
- DOMinator (A Firefox based plugin for DOM XSS)
- XSSer (Cross Site “Scripter” is an automatic framework used to detect, exploit and report XSS vulnerabilities in web-based applications.)
There are different ways and techniques to exploit the XSS vulnerability, like phishing and others discussed above. Besides manual technique, these common tools can be helpful:
- XSS Shell
- BeEF XSS Framework
OWASP Top 10 Vulnerabilities & Exploitation Reviewed by Ethical Hacking on 6:53 AM Rating: