All in all, we came so far with our lessons. This is the last one that will talk about the different kinds of the attacks connected to the web applications. We provided you with a good level of assurance that you will know to probe all the necessity regions of the app’s attack surface. Also, you will know how to find as many issues as possible through the given resources which are available to you at the moment. But don’t forget, the reality is sometimes much different and complicated than theory. Nevertheless, we learned so much, and we also have so much more to learn, so let’s go further.
General Guidelines
It is a good thing to always remember some of the general considerations when carrying out the detailed tasks which are involved in the attacking a web app. We will now list them, and they are applicable to all the different areas you will or need to examine and the techniques you need to carry out. So, let’s see:
1.Always remember that several characters have some special meaning in the different parts of the HTTP requests. So, when you modify the data within the request, you should also URL-encode those characters for ensuring that they are interpreted in the way you intended.
-& is used to separate the parameters in the URL query string and message body. Encoding the several characters we mentioned, such as this one, can be the example of how it should look like. This character is encoded in this form %26.
-= is used for separating the name and the value of each of the parameters in the URL query string and message body.
-? is used to mark the start of the URL query string.
It is important to learn as much several characters with special meanings, and they often change, so it would be highly recommended for you to keep in touch with the tech’s most relevant news.
2.You need to note that entering URL-encoded data into a form often causes your browser to perform the another layer of encoding.
3.Most of the tests for common web app vulnerabilities involve sending various crafted input strings and monitoring the app’s responses for anomalies. That is what indicates the present vulnerability.
Analyze The Application
When analyzing the app, first of all, we need to identify functionality. Identifying the core functionality that the app created for some reason and also the actions that each function was designed for. Second thing is to know how they work. A need for understating the key mechanisms which handle authentication, session management, access controls…
After that, we want to identify the data entry points. In that way, we can introduce ourselves with the user input of the app’s processing, including URLs, query string parameters, POST data, cookies and much more.
Then, we come to the point when we examine any customized data transmission or encoding mechanisms which are used by the app. For an example, a non-standard query string format.
The third part is identifying the technologies which are used. Taking a closer look which technologies are used on the client-side server, like Java applets, Flash objects, cookies, ActiveX controls etc.
After that, establishing which technologies are being used on the server side. Here, we are including the scripting languages, app platforms, interaction with back-end components and much more.
Test Access Controls
First of all, how to understand the access controls requirements? You need to understand them in the terms of the vertical segregation and the horizontal segregation. You need to review your app mapping results for identifying the areas of the functionality and the types of data resources which represent the most fruitful targets for privilege escalation attacks.
So, how to perform the most effective testing for the access controls vulnerabilities? You need to ideally obtain a number of the different accounts with the different vertical and horizontal privileges. You can also probably obtain the latter directly from the app if the self-registration is possible.
Besides that, you will probably need the cooperation of the application owner (or you will have to exploit some vulnerability for gaining the access for a high-privileged account).
Test for Input-Based Vulnerabilities
There are plenty of important categories of vulnerabilities which are triggered by the unexpected user input and may appear anywhere within the app. So, the effective way to probe the app for these vulnerabilities is to fuzz every parameter for every request with a set of the attack strings.
You will do that step by step, by fuzzing all the request’s parameters:
-XSS and response injection;
-OS command injection;
-Path traversal;
-Script injection;
-File inclusion.
These two testings we talked about are the most important for you to know. Either you are a newbie, or you are some kind of a professional, the things that are the most important are the same for everyone. And as we have said earlier, you just need some practice knowledge, and also time. Always stay informed with the latest news which is coming from the cyber and network world, and also, be aware of plenty of resources which offer you so many information which is sometimes even not valid. You need to find your best source, and I am pretty sure that you have enjoyed with us and learned so much. And there is so much ahead of us to see, learn and implement in our knowledge and both the practice. Until the next lesson, remind yourself about the best internet security tips and cyber security tips.