Vulnerability Scanner

Size: px
Start display at page:

Download "Vulnerability Scanner"

Transcription

1 A Project Report On Vulnerability Scanner Submitted By Mr. Shubham Jain Mr. Vipul Baid Ms. Neha Jain Mr. Mausam Jain Under Guidance of Prof. S.A.Paliwal Walchand Institute Of Technology, Solapur. Dept. of Computer Science And Engineering. (Affiliated to Solapur University) D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 1

2 CERTIFICATE This is to certify the design of the project titled Vulnerability Scanner has been carried out by Following students of BE CSE. NAME ROLL NO Mr. Shubham Jain 37 Mr. Vipul Baid 08 Ms. Neha Jain 06 Mr. Mausam Jain 05 Is Hereby Approved In Partial Fulfillment For The Degree of Bachelor Of Computer Science and Engineering Prof. Dr. Mrs. S.S.Apte Head, CSE Dept. Prof. Mrs. S.A.Paliwal Project Guide Prof. Dr. S. A. Halkude (Principal) Dept. of Computer Science And Engineering. Walchand Institute Of Technology,Solapur. (Affiliated to Solapur University) D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 2

3 Acknowledgement First and foremost, we would like to take this opportunity to express our deep gratitude to our guide Prof. Mrs.S.A.Paliwal for her guidance and moral support throughout this successful completion of our project. Last but not the least, we would like to thank our HOD Dr. Mrs. S. S. Apte and Principal Prof. S. A. Halkude, in general, for extending a helping hand at every juncture of need. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 3

4 TABLE OF CONTENTS 1) AbstraCT 2) IntroductioN Web application security Web vulnerability 3) Literature Reviews 4) Problem statement 5) Proposed Work 6) Design Architecture Diagrams Use-case diagram Sequence diagram 7) Algorithm 8) Snapshots 9) Limitations and future work 10) Conclusion 11) refrences D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 4

5 ABSTRACT As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. Too many nouns web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the Internet that are vulnerable. This project implemented an automated vulnerability scanner that for the injection attacks. To this end, we implemented a system that automated scanned the injection attack vulnerabilities. Our system automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities. It is able to find many potentially vulnerable web sites. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 5

6 INTRODUCTION Web Application Security: Security is a critical part of your Web applications. Web applications by definition allow users access to a central resource the Web server and through it, to others such as database servers. By understanding and implementing proper security measures, you guard your own resources as well as provide a secure environment in which your users are comfortable working with your application. Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services. Web Security blocks web threats to reduce malware infections, decrease help desk incidents and free up valuable IT resources. It has more than 100 security and filtering categories, hundreds of web application and protocol controls, and 60-plus reports with customization and role-based access. You can easily upgrade to Web Security Gateway when desired to get social media controls, SSL inspection, data loss prevention (DLP) and inline, real-time security from Websense ACE (Advanced Classification Engine). Web Vulnerability: Vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 6

7 that rely on the application. The term "vulnerability" is often used very loosely. The Top Ten Vulnerabilities [1] that are updated by Open Web Application Security Projects are: Sql Injection: Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Example Attack Scenarios: Scenario #1: The application uses untrusted data in the construction of the following vulnerable SQL call: String query = "SELECT * FROM accounts WHERE custid='" + request.getparameter("id") + "'"; Scenario #2: Similarly, an application s blind trust in frameworks may result in queries that are still vulnerable, (e.g., Hibernate Query Language (HQL)): Query HQLQuery = session.createquery( FROM accounts WHERE custid=' + request.getparameter("id") + "'"); In both cases, the attacker modifies the id parameter value in her browser to send: ' or '1'='1. For example: or '1'='1 This changes the meaning of both queries to return all the records from the accounts table. More dangerous attacks could modify data or even invoke stored procedures. Broken Authentication and Session Management : Application function related to authentication and session management are D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 7

8 often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users identities. Example Attack Scenarios: Scenario #1: Airline reservations application supports URL rewriting, putting session IDs in the URL: 2P0OC2JSNDLPS KHCJUN2JV?dest=Hawaii An authenticated user of the site wants to let his friends know about the sale. He s the above link without knowing he is also giving away his session ID. When his friends use the link they will use his session and credit card. Scenario #2: Application s timeouts aren t set properly. User uses a public computer to access site. Instead of selecting logout the user simply closes the browser tab and walks away. Attacker uses the same browser an hour later, and that browser is still authenticated. Cross-site Scripting (XSS): XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim s browser which can hijack user sessions, deface web sites, or redirect the user to malicious activity. Example Attack Scenario: The application uses untrusted data in the construction of the following HTML snippet without validation or escaping: (String) page += "<input name='creditcard' type='text value='" + request.getparameter("cc") + "'>"; The attacker modifies the CC parameter in his browser to: D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 8

9 '><script>document.location= ' foo=' +document.cookie</script>'. This causes the victim s session ID to be sent to the attacker s website, allowing the attacker to hijack the user s current session. Insecure Indirect Reference Object: A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.. Example Attack Scenario: String query = "S ELECT * FROM accts WHERE account =?"; PreparedStatement ps tmt = connection.preparestatement(query, ); pstmt.setstring( 1, request.getparameter("acct")); ResultSet results = pstmt.executequery( ); The attacker simply modifies the acct parameter in her browser to send whatever account number she wants. If not properly verified, the attacker can access any user s account, instead of only the intended customer s account. Security Misconfiguration: Good security requires having a secure configuration configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 9

10 Example Attack Scenarios: Scenario #1: The app server admin console is automatically installed and not removed. Default accounts aren t changed. Attacker discovers the standard admin pages are on your server, logs in with default passwords, and takes over. Scenario #2: Directory listing is not disabled on your server. Attacker discovers she can simply list directories to find any file. Attacker finds and downloads all your compiled Java classes, which she decompiles and reverse engineers to get all your custom code. She then finds a serious access control flaw in your application. Scenario #3: App server configuration allows stack traces to be returned to users, potentially exposing underlying flaws. Attackers love the extra information error messages provide. Scenario #4: App server comes with sample applications that are not removed from your production server. Said sample applications have well known security flaws attackers can use to compromise your server. Sensitive Data Exposure : Many Web application do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser. Example Attack Scenarios Scenario #1: An application encrypts credit card numbers in a database using automatic database encryption. However, this means it also decrypts this data automatically when retrieved, allowing an SQL injection flaw to retrieve credit card numbers in clear text. The system should have D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 10

11 encrypted the credit card numbers using a public key, and only allowed back-end applications to decrypt them with the private key. Scenario #2: A site simply doesn t use SSL for all authenticated pages. Attacker simply monitors network traffic (like an open wireless network), and steals the user s session cookie. Attacker then replays this cookie and hijacks the user s session, accessing the user s private data. Scenario #3: The password database uses unsalted hashes to store everyone s passwords. A file upload flaw allows an attacker to retrieve the password file. All of the unsalted hashes can be exposed with a rainbow table of precalculated hashes. Missing Function Level Access Control: Most web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access functionality without proper authorization. Example Attack Scenarios Scenario #1: The attacker simply force browses to target URLs. The following URLs require authentication. Admin rights are also required for access to the admin_getappinfo page. If an unauthenticated user can access either page, that s a flaw. If an authenticated, non-admin, user is allowed to access the admin_getappinfo page, this is also a flaw, and may lead the attacker to more improperly protected admin pages. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 11

12 Scenario #2: A page provides an action parameter to specify the function being invoked, and different actions require different roles. If these roles aren t enforced, that s a flaw. Cross Site Request Forgery (CSRF): A CSRF attack forces a logged-on victim s browser to send a forged HTTP request, including the victim s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.. Example Attack Scenario The application allows a user to submit a state changing request that does not include anything secret. For example: &destinationaccount= So, the attacker constructs a request that will transfer money from the victim s account to the attacker s account, and then embeds this attack in an image request or iframe stored on various sites under the attacker s control: <img src=" amount=1500&destinationaccount=attackersacct# width="0" height="0" /> If the victim visits any of the attacker s sites while already authenticated to example.com, these forged requests will automatically include the user s session info, authorizing the attacker s request. Using Known Vulnerability Components: Component such as libraries, frameworks and other software modules, almost always run with full privileges. If a vulnerable component is D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 12

13 exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defences and enable a range of possible attacks and impacts. Example Attack Scenarios Component vulnerabilities can cause almost any type of risk imaginable, ranging from the trivial to sophisticated malware designed to target a specific organization. Components almost always run with the full privilege of the application, so flaws in any component can be serious, The following two vulnerable components were downloaded 22m times in Apache CXF Authentication Bypass By failing to provide an identity token, attackers could invoke any web service with full permission. (Apache CXF is a services framework, not to be confused with the Apache Application Server.) Spring Remote Code Execution Abuse of the Expression Language implementation in Spring allowed attackers to execute arbitrary code, effectively taking over the server. Every applicat ion using either of these vulnerable libraries is vulnerable to attack as both of these components are directly accessible by application users. Other vulnerable libraries, used deeper in an application, may be harder to exploit. Unvalidate Redirects and Forwards: Web application frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages. Example Attack Scenarios Scenario #1: The application has a page called redirect.jsp which takes a single parameter named url. The attacker crafts a malicious URL that D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 13

14 redirects users to a malicious site that performs phishing and installs malware. Scenario #2: The application uses forwards to route requests between different parts of the site. To facilitate this, some pages use a parameter to indicate where the user should be sent if a transaction is successful. In this case, the attacker crafts a URL that will pass the application s access control check and then forwards the attacker to administrative functionality for which the attacker isn t authorized. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 14

15 Literature Reviews: The rapid and tremendous growth of Information and Communication Technology (ICT) has increased access to web applications. This increased access has paved the way for disadvantageous security and vulnerable threats in the form of attacks in web applications. Various detection and prevention techniques have been proposed by researchers in the field of web applications and technologies development. Through relevant literature and existing research presents a viewpoint of different web application vulnerabilities and security threats and also outlines some open research issues in accordance to the state-of-the-art. The following diagram depicts these security layers as a holistic outlook that looks at security as hardened measures taken to minimize intrusion risks and maximize the protection around the key asset of any organization, its data[2]. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 15

16 Figures pointed out during various research: Vulnerabilities distributed per type: Figure presents the final distribution of vulnerabilities per type including the doubtful cases (i.e., optimistic evaluation of the scanners). As the doubtful cases only affect the SQL Injection, it means that the number of SQL injection vulnerabilities could be overestimated. Scanners have found 177 different vulnerabilities in 25 different services, which represent approximately 8.33% of the tested services. As mentioned before, the predominant vulnerability is SQL Injection, representing 84.18% of the vulnerabilities found. This is a very important observation due to the high number of cases found and the high severity of this vulnerability [3]. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 16

17 Web Application Vulnerability Statistics [4] Over the 3 years the following trends have been observed: A steady decline in input validation weaknesses has been observed. For example, Cross-Site Scripting affected 69% of applications in 2010, 66% in 2011, and 56% in Similarly, SQL Injection affected around 17% of applications in 2010 and 2011 and 15% of applications in Context believes that our clients are becoming more aware of the risks posed by these issues, and are implementing more robust data validation controls within applications and integrating these controls into the development lifecycle. Topping the average number of OWASP Top 10 issues in 2012 is once again Broken Authentication and Session Management. This generic category includes a large number of the issues we identify; however, these sometimes overlooked issues are fundamental to the security of web applications. Server misconfiguration and information-leakage vulnerabilities have been the most prevalent Context methodology category of issues identified in 2010, 2011 and This observation underlines a possible disconnect between robust application development and secure deployment of applications into production environments. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 17

18 In general, the proportion of issues identified during 2010, 2011 and 2012 remained roughly consistent throughout the period of study. In 2012 there has been a slight decline on the 2011 peak average numbers. However, a statistical analysis of these changes suggests that they may not be significant enough to represent an overall trend. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 18

19 Sector Analysis Between 2010 and 2012 Context performed penetration tests for companies operating across a broad range of business sectors. For the purposes of trying to discover whether any particular industry used web applications that were more susceptible than others to security issues, we have used the following industry groupings: Media and Advertising, UK Government (the dataset does not include classified government findings), Healthcare, Technology and Telecommunications, Insurance and Law, Financial Services (Europe); and Other (a group including organisations in the charity, not-for-profit, education, extraction, gambling, recruitment, and services sectors). Overview by Year D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 19

20 In 2010, most sectors had an average issue count between 11 and 14 issues per application. The notable exception was the Media and Advertising sector, which had roughly 40% more issues per application than the sector with the next highest count. Additionally, for most sectors, the vulnerability categories which accounted for the highest proportion of the total issues found were the Information Leakage, Authentication, and Server Configuration categories. Overall, slightly more issues were seen in 2011 than in 2010, with most sectors experiencing 11 to 16 issues detected per application, while the organisations in the Other grouping experienced an average of 17. Again, Information Leakage, Authentication, and Server Configuration issues accounted for the largest proportion of vulnerabilities found per application in most sector groupings. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 20

21 The average numbers of issues seen in 2012 as per the Jon Tudor [4] stayed in the 11 to 16 vulnerabilities per application range, apart from in Healthcare, where the figure dropped to 10. The same three vulnerability categor1ies made up the largest proportion of the overall total as in the previous two year. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 21

22 ProBLEM STATEMENT Development of Scanner for detecting vulnerabilities to protect the website from web-based attacks. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 22

23 Proposed Work: Vulnerabilities Scanner basically software designed in java platform that aims to scan the Website s and finding out vulnerabilities that sustains in the websites and providing report to the client. Scanner is going to take the URL of the website as an input, to test for vulnerabilities as per the selected vulnerability. It will check whether the website exists in the domain or not. If not, it will ask the user to enter a valid website. It checks whether the website really exists or not by checking its status code. If status code is 404 the URL does not exist. For a valid URL, it will crawl the Website with the help of our own developed Crawler basic_crawler basically made in Java. The Crawler will parse the website. The output of this phase is multiple frameworks, form details and platform used in developing web pages of respective website. After parsing the website, Scanner will test all the forms and links of the website for the vulnerabilities. The Scanner is scanning for two top most vulnerabilities [1] i.e. SQL Injection and Cross Site Scripting. It has different criteria s for both SQL Injection and Cross Site Scripting. SQL INJECTION: To check for SQL injection the scanner creates two test cases. Automatic Insertion of 1 in every textbox available in the web form. Modifying the URL by replacing = = D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 23

24 After preparing the test cases, cases are passed to every links and web forms of inputted website. With these test cases, the test will be performed on the website. Scanner will build the HTTP request to send it to the respective URL and in response URL will give HTTP response. The response will contain all the details and the test will be performed on these details. If any kind of syntax error is found as per a database server in response text or any internal error in a webform is found then that particular webform or link is vulnerable to SQL Injection. To check for the syntax error the scanner has all the patterns of syntax error in the pattern.xml file. If any of the pattern found in response text is matched with the patterns in pattern.xml file then the particular webform is vulnerable to SQL Injection. The list of patterns in pattern.xml file are[5]: ^.*\s(\d\d\d)\s ^(.*)$ ^Location: (.*)$ (?i)(incorrect\ssyntax\snear\s'[^']*') (?i)(pg_query\(\)[:]*\squery\sfailed:\serror:\s) (?i)('[^']*'\sis\snull\sor\snot\san\sobject) (ORA-\d{4,5}:\s) (?i)(microsoft\sjet\sdatabase\sengine\s\([^\)]*\)<br>syntax\serror(.*)\sin\s query\sexpression\s'.*\.<br><b>.*,\sline\s\d+</b><br>) (?i)(<h2>\s<i>syntax\serror\s(\([^\)]*\))?(in\sstring)?\sin\squery\sexpression \s'[^\.]*\.</i>\s</h2></span>) (?i)(<font\sface=\"arial\"\ssize=2>syntax\serror\s(.*)?in\squery\sexpression \s'(.*)\.</font>) (?i)(<b>warning</b>:\s\spg_exec\(\)\s\[\<a\shref='function.pg\- exec\'\>function\.pg-exec\</a>\]\:\squery failed:\serror:\s\ssyntax error at or near &quot\;\\\" at character \d+ in\s<b>.*</b>) D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 24

25 (?)(System\.Data\.OleDb\.OleDbException\:\sSyntax\serror\s\([^)]*?\)\sin\sq uery\sexpression\s.*) (?i)(system\.data\.oledb\.oledbexception\:\ssyntax\serror\sin\sstring\sin\s query\sexpression\s) (?i)(data type mismatch in criteria expression Could not update; currently locked by user '.*?' on machine '.*?') (<font style="color: black; FONT: 8pt/11pt verdana">\s+(\[macromedia\]\[sqlserver\sjdbc\sdriver\]\[sqlserver\] S yntax\serror\sin\sstring\sin\squery\sexpression\s)) (?i)(unclosed\squotation\smark\safter\sthe\scharacter\sstring\s'[^']*') <b>warning</b>:\s+(?:mysql_fetch_array mysql_fetch_row mysql_fetch_o bject mysql_fetch_field mysql_fetch_lengths mysql_num_rows)\(\): supplied argument is not a valid MySQL result resource in <b>.*?</b> on line <b>.*?</b> <b>warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>warning</b>: mysql_num_row(): supplied argument is not a valid MySQL result resource in <b>warning</b>: mysql_fetch_field(): supplied argument is not a valid MySQL result resource in <b>warning</b>: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in <b>warning</b>: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in <b>warning</b>: mysql_fetch_length(): supplied argument is not a valid MySQL result resource in You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near <b>warning</b>: mysql_fetch_array() System.Data.SqlClient.SqlException: Incorrect syntax near UnknownError:java.net.UnknownHostException: D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 25

26 As per the output of these test will decide whether the site is vulnerable or not to a respective vulnerability. CROSS SITE SCRIPTING: To check for cross site scripting (XSS) the scanner creates a test case: Automatic Insertion of <script>document. write( css attack )</script> in every textbox available in the web form. After preparing the test cases, cases are passed to every links and web forms of inputted website. With these test cases, the test will be performed on the website. Scanner will build the HTTP request to send it to the respective URL and in response URL will give HTTP response. The response will contain all the details and the test will be performed on these details. If the same inputted content <script>document. write( css attack )</script> is found in response text then that particular webform or link is vulnerable to cross site scripting. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 26

27 Architecture DATA FLOW DIAGRAM (DFD): DESIGN: Level 0 : Context Level 0 shows the over view of the software. The client will provide url of the website to be tested and what kind of test to be performed on it.the system will build the crafted request with the help of test criterias. The build crafted request is send to the server and scanner analyzes the response return by the web server and report will be send to client. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 27

28 Level 1: System Architecture Level 1 is basically the architectur e of the system i.e software.it has three module i.e. GUI Module, Vulnerability Test Module, Website Client Module. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 28

29 Level 2: GUI Module Graphical User Interface Module is basically a user interface of the software where user will input the url of the website and test to be performed on it. After the test is completed the result is shown here. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 29

30 Vulnerability Test Module Vulnerability Test Module is a module in which crawling of the website, preparing test cases and analyzing the response that is sent by the web server is done. For eg. To check whether SQL injection attacks are possible, the vulnerability scanners send modified requests and analyze the responses returned by the server. A server may respond with a rejection page or with an execution page. A rejection page corresponds to the detection of syntactically incorrect or invalid inputs. An execution page is returned by the server as a consequence of a successful execution of the request. This page may correspond to the normal scenario, i.e., in the case of a legitimate use of the web site, but may also result from a successful exploitation of an injection attack D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 30

31 Web-Client Module In this module, the scanner will build the crafted HttpRequest with the help of test cases and it is sent to web server and in return web server sends response to Web-Client Module and it than parses the response and sends the parse response to the Vulnerability Test Module where the response is analysed. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 31

32 DIAGRAM 1. Use-Case level Diagram: D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 32

33 2. Sequence Diagram D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 33

34 1. Start Algorithm 2. Enter the URL. 3. Select the type of vulnerability you want to scan for: Default: checks for sql injection and cross site scripting both. Sql Injection: checks for sql injection. XSS: checks for cross site scripting. 4. Start scanning. 5. Check for the given conditions according to the selected vulnerability scan. 6. After observing the conditions of the selected vulnerability prepare a report. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 34

35 Snapshots Output: D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 35

36 Report: DemO: Actual Site: D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 36

37 Modifying the url by : For XSS: D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 37

38 LIMITATIONS AND Future Work While our initial evaluation demonstrate the promise of a context - aware approach to vulnerability scanning, it does highlight several limitations which form the foundation for future work in this area. First, we are not providing the patch for the detected vulnerable URL. To overcome this, we are planning to generate the patches and providing solutions in future. Second, rich area for future work is exploration of many more vulnerabilities, detecting them and providing solutions. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 38

39 CONCLUSION In this report, we presented a Vulnerability scanner that aimed at detecting web application vulnerabilities. We have introduced our own crawler name basic_crawler and described how the website is vulnerable to SQL Injection and XSS based on automatically generation of specially crafted request allowing the successful exploitation of detected vulnerabilities. D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 39

40 References: [1] [2] Kevin J Vella, The True Nature of Web Application Security: The Role and Function of Black Box Scanners 21 Feb ; [3] Vieira, Using Web Security Scanners to Detect Vulnerabilities in Web Services ; IEEE/IFIP Intl Conf. on Dependable Systems and Networks, DSN 2009, Lisbon, Portugal, June 2009; [4] Jan Tudor, Web Application Vulnerability Statistics 2013 ; June2013; whitepapers@contextis.co.uk [5] Accunetix Tools D E P A R T M E N T O F C O M P U T E R S C I E N C E B E C S E Page 40

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP

More information

Magento Security and Vulnerabilities. Roman Stepanov

Magento Security and Vulnerabilities. Roman Stepanov Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not

More information

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

More information

Members of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems

Members of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems Soteria Health Check A Cyber Security Health Check for SAP systems Soteria Cyber Security are staffed by SAP certified consultants. We are CISSP qualified, and members of the UK Cyber Security Forum. Security

More information

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration

More information

OWASP AND APPLICATION SECURITY

OWASP AND APPLICATION SECURITY SECURING THE 3DEXPERIENCE PLATFORM OWASP AND APPLICATION SECURITY Milan Bruchter/Shutterstock.com WHITE PAPER EXECUTIVE SUMMARY As part of Dassault Systèmes efforts to counter threats of hacking, particularly

More information

OWASP Top Ten Tools and Tactics

OWASP Top Ten Tools and Tactics OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),

More information

Annex B - Content Management System (CMS) Qualifying Procedure

Annex B - Content Management System (CMS) Qualifying Procedure Page 1 DEPARTMENT OF Version: 1.5 Effective: December 18, 2014 Annex B - Content Management System (CMS) Qualifying Procedure This document is an annex to the Government Web Hosting Service (GWHS) Memorandum

More information

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org

More information

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business 6 Six Essential Elements of Web Application Security Cost Effective Strategies for Defending Your Business An Introduction to Defending Your Business Against Today s Most Common Cyber Attacks When web

More information

OWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp.

OWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp. and Top 10 (2007 Update) Dave Wichers The Foundation Conferences Chair dave.wichers@owasp.org COO, Aspect Security dave.wichers@aspectsecurity.com Copyright 2007 - The Foundation This work is available

More information

Implementation of Web Application Security Solution using Open Source Gaurav Gupta 1, B. K. Murthy 2, P. N. Barwal 3

Implementation of Web Application Security Solution using Open Source Gaurav Gupta 1, B. K. Murthy 2, P. N. Barwal 3 Implementation of Web Application Security Solution using Open Source Gaurav Gupta 1, B. K. Murthy 2, P. N. Barwal 3 ABSTRACT 1 Project Engineer, CDACC-56/1, Sector-62, Noida, 2 Executive Director, CDACC-56/1,

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction

More information

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6 WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL Ensuring Compliance for PCI DSS 6.5 and 6.6 CONTENTS 04 04 06 08 11 12 13 Overview Payment Card Industry Data Security Standard PCI Compliance for Web Applications

More information

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com

More information

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences

More information

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6 WHITE PAPER FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6 Ensuring compliance for PCI DSS 6.5 and 6.6 Page 2 Overview Web applications and the elements surrounding them

More information

Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3

Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3 Table of Contents Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3 Information Gathering... 3 Vulnerability Testing... 7 OWASP TOP 10 Vulnerabilities:... 8 Injection

More information

Nuclear Regulatory Commission Computer Security Office Computer Security Standard

Nuclear Regulatory Commission Computer Security Office Computer Security Standard Nuclear Regulatory Commission Computer Security Office Computer Security Standard Office Instruction: Office Instruction Title: CSO-STD-1108 Web Application Standard Revision Number: 1.0 Effective Date:

More information

Web application security

Web application security Web application security Sebastian Lopienski CERN Computer Security Team openlab and summer lectures 2010 (non-web question) Is this OK? int set_non_root_uid(int uid) { // making sure that uid is not 0

More information

Integrating Security Testing into Quality Control

Integrating Security Testing into Quality Control Integrating Security Testing into Quality Control Executive Summary At a time when 82% of all application vulnerabilities are found in web applications 1, CIOs are looking for traditional and non-traditional

More information

Sitefinity Security and Best Practices

Sitefinity Security and Best Practices Sitefinity Security and Best Practices Table of Contents Overview The Ten Most Critical Web Application Security Risks Injection Cross-Site-Scripting (XSS) Broken Authentication and Session Management

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research National Information Security Group The Top Web Application Hack Attacks Danny Allan Director, Security Research 1 Agenda Web Application Security Background What are the Top 10 Web Application Attacks?

More information

Adobe Systems Incorporated

Adobe Systems Incorporated Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...

More information

Columbia University Web Security Standards and Practices. Objective and Scope

Columbia University Web Security Standards and Practices. Objective and Scope Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2 Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation

More information

Statistics Whitepaper

Statistics Whitepaper White paper Statistics Whitepaper Web Application Vulnerability Statistics 2010-2011 Alex Hopkins whitepapers@contextis.com February 2012 Context Information Security 30 Marsh Wall, London, E14 9TP +44

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

Web Application Security

Web Application Security Web Engineering Web Application Security Copyright 2013 Srdjan Komazec and Davide Cerri 1 Overview Motivation Technical Solution Basic Techniques Channel Security Web Application Authentication Methods

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Overview of the Penetration Test Implementation and Service. Peter Kanters

Overview of the Penetration Test Implementation and Service. Peter Kanters Penetration Test Service @ ABN AMRO Overview of the Penetration Test Implementation and Service. Peter Kanters ABN AMRO / ISO April 2010 Contents 1. Introduction. 2. The history of Penetration Testing

More information

Essential IT Security Testing

Essential IT Security Testing Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04

More information

Check list for web developers

Check list for web developers Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation

More information

The Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA

The Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA January 25, 2007 Contents Executive Summary...3 Introduction...4 Target Audience...4

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

Web Engineering Web Application Security Issues

Web Engineering Web Application Security Issues Security Issues Dec 14 2009 Katharina Siorpaes Copyright 2009 STI - INNSBRUCK www.sti-innsbruck.at It is NOT Network Security It is securing: Custom Code that drives a web application Libraries Backend

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP) Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage

More information

(WAPT) Web Application Penetration Testing

(WAPT) Web Application Penetration Testing (WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:

More information

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Barracuda Web Site Firewall Ensures PCI DSS Compliance Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online

More information

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security

More information

Web Application Security

Web Application Security Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching

More information

Penetration Test Report

Penetration Test Report Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System

More information

FortiWeb Web Application Firewall. Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE

FortiWeb Web Application Firewall. Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE Overview Web applications and the elements surrounding them have not only become a key part of every company

More information

WEB APPLICATION SECURITY

WEB APPLICATION SECURITY WEB APPLICATION SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

Web Application Security

Web Application Security Web Application Security Security Mitigations Halito 26 juni 2014 Content Content... 2 Scope of this document... 3 OWASP Top 10... 4 A1 - Injection... 4... 4... 4 A2 - Broken Authentication and Session

More information

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications

More information

Web Application Firewall on SonicWALL SSL VPN

Web Application Firewall on SonicWALL SSL VPN Web Application Firewall on SonicWALL SSL VPN Document Scope This document describes how to configure and use the Web Application Firewall feature in SonicWALL SSL VPN 5.0. This document contains the following

More information

Web Vulnerability Scanner by Using HTTP Method

Web Vulnerability Scanner by Using HTTP Method Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 9, September 2015,

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Web Application Security Assessment and Vulnerability Mitigation Tests

Web Application Security Assessment and Vulnerability Mitigation Tests White paper BMC Remedy Action Request System 7.6.04 Web Application Security Assessment and Vulnerability Mitigation Tests January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software

More information

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance

More information

Quality Assurance version 1

Quality Assurance version 1 Quality Assurance version 1 Introduction Quality assurance (QA) is a standardised method that ensures that everything works as it was intended to work and looks as it was intended to look. It should force

More information

Web application testing

Web application testing CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration

More information

A Survey on Security and Vulnerabilities of Web Application

A Survey on Security and Vulnerabilities of Web Application A Survey on Security and Vulnerabilities of Web Application Gopal R. Chaudhari, Prof. Madhav V. Vaidya Department of Information Technology, SGGS IE & T, Nanded, Maharashtra, India-431606 Abstract Web

More information

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London

More information

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development

More information

Web Application Attacks And WAF Evasion

Web Application Attacks And WAF Evasion Web Application Attacks And WAF Evasion Ahmed ALaa (EG-CERT) 19 March 2013 What Are We Going To Talk About? - introduction to web attacks - OWASP organization - OWASP frameworks - Crawling & info. gathering

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

Reducing Application Vulnerabilities by Security Engineering

Reducing Application Vulnerabilities by Security Engineering Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information

More information

Web Application Security

Web Application Security E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary

More information

Web Application Security

Web Application Security Web Application Security Ng Wee Kai Senior Security Consultant PulseSecure Pte Ltd About PulseSecure IT Security Consulting Company Part of Consortium in IDA (T) 606 Term Tender Cover most of the IT Security

More information

Architectural Design Patterns. Design and Use Cases for OWASP. Wei Zhang & Marco Morana OWASP Cincinnati, U.S.A. http://www.owasp.

Architectural Design Patterns. Design and Use Cases for OWASP. Wei Zhang & Marco Morana OWASP Cincinnati, U.S.A. http://www.owasp. Architectural Design Patterns for SSO (Single Sign On) Design and Use Cases for Financial i Web Applications Wei Zhang & Marco Morana OWASP Cincinnati, U.S.A. OWASP Copyright The OWASP Foundation Permission

More information

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011 Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing

More information

Enterprise Application Security Workshop Series

Enterprise Application Security Workshop Series Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants

More information

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current

More information

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two

More information

Interactive Application Security Testing (IAST)

Interactive Application Security Testing (IAST) WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,

More information

Using Free Tools To Test Web Application Security

Using Free Tools To Test Web Application Security Using Free Tools To Test Web Application Security Speaker Biography Matt Neely, CISSP, CTGA, GCIH, and GCWN Manager of the Profiling Team at SecureState Areas of expertise: wireless, penetration testing,

More information

Guidelines for Web applications protection with dedicated Web Application Firewall

Guidelines for Web applications protection with dedicated Web Application Firewall Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security

More information

Web Application Vulnerability Testing with Nessus

Web Application Vulnerability Testing with Nessus The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Project 2: Web Security Pitfalls

Project 2: Web Security Pitfalls EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course

More information

Intrusion detection for web applications

Intrusion detection for web applications Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities

More information

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis

More information

Web Application Security

Web Application Security Web Application Security Prof. Sukumar Nandi Indian Institute of Technology Guwahati Agenda Web Application basics Web Network Security Web Host Security Web Application Security Best Practices Questions?

More information

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

Web Application Attacks and Countermeasures: Case Studies from Financial Systems Web Application Attacks and Countermeasures: Case Studies from Financial Systems Dr. Michael Liu, CISSP, Senior Application Security Consultant, HSBC Inc Overview Information Security Briefing Web Applications

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Auditing Web Applications

Auditing Web Applications Auditing Web Applications IT Audit strategies for web applications August 2015 ISACA Geek Week Robert Morella MBA, CISA, CGEIT, CISSP Rob.morella@gmail.com 1 About Me Been there done that: IT Systems IT

More information

Sichere Software- Entwicklung für Java Entwickler

Sichere Software- Entwicklung für Java Entwickler Sichere Software- Entwicklung für Java Entwickler Dominik Schadow Senior Consultant Trivadis GmbH 05/09/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART

More information

Web Application Security Guidelines for Hosting Dynamic Websites on NIC Servers

Web Application Security Guidelines for Hosting Dynamic Websites on NIC Servers Web Application Security Guidelines for Hosting Dynamic Websites on NIC Servers The Website can be developed under Windows or Linux Platform. Windows Development should be use: ASP, ASP.NET 1.1/ 2.0, and

More information

SQuAD: Application Security Testing

SQuAD: Application Security Testing SQuAD: Application Security Testing Terry Morreale Ben Whaley June 8, 2010 Why talk about security? There has been exponential growth of networked digital systems in the past 15 years The great things

More information

SERENA SOFTWARE Serena Service Manager Security

SERENA SOFTWARE Serena Service Manager Security SERENA SOFTWARE Serena Service Manager Security 2014-09-08 Table of Contents Who Should Read This Paper?... 3 Overview... 3 Security Aspects... 3 Reference... 6 2 Serena Software Operational Security (On-Demand

More information

Data Breaches and Web Servers: The Giant Sucking Sound

Data Breaches and Web Servers: The Giant Sucking Sound Data Breaches and Web Servers: The Giant Sucking Sound Guy Helmer CTO, Palisade Systems, Inc. Lecturer, Iowa State University @ghelmer Session ID: DAS-204 Session Classification: Intermediate The Giant

More information

Testing the OWASP Top 10 Security Issues

Testing the OWASP Top 10 Security Issues Testing the OWASP Top 10 Security Issues Andy Tinkham & Zach Bergman, Magenic Technologies Contact Us 1600 Utica Avenue South, Suite 800 St. Louis Park, MN 55416 1 (877)-277-1044 info@magenic.com Who Are

More information

Ruby on Rails Secure Coding Recommendations

Ruby on Rails Secure Coding Recommendations Introduction Altius IT s list of Ruby on Rails Secure Coding Recommendations is based upon security best practices. This list may not be complete and Altius IT recommends this list be augmented with additional

More information

The risks borne by one are shared by all: web site compromises

The risks borne by one are shared by all: web site compromises The risks borne by one are shared by all: web site compromises Having your company web site hacked or compromised can be a costly experience for your organisation. There are immediate costs in responding

More information

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked. This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out

More information

Application Security Vulnerabilities, Mitigation, and Consequences

Application Security Vulnerabilities, Mitigation, and Consequences Application Security Vulnerabilities, Mitigation, and Consequences Sean Malone, CISSP, CCNA, CEH, CHFI sean.malone@coalfiresystems.com Institute of Internal Auditors April 10, 2012 Overview Getting Technical

More information

Columbia University Web Application Security Standards and Practices. Objective and Scope

Columbia University Web Application Security Standards and Practices. Objective and Scope Columbia University Web Application Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Application Security Standards and Practices document establishes a baseline

More information