The project aims for a wide spread of goals, ranging from network analysis, stress tests,. We tested it with a range. Cybersecurity has emerged as a dedicated discipline in the digital world; many professionals are working their way to acquiring particular certifications to enhance their chance at success and transform their careers. Networking specialists, pentesti. Not only was there egregious product placement for a certain fizzy beverage with red and white branding, but it helped reinforce the notion that hacking was all good-looking edgy types breaking into com.
Te film Hackers has a lot to answer for. Not only was there egregious product placement for a certain fizzy beverage with red and white branding, but it helped reinforce the notion that hacking was all good-looking edgy types breaking into other.
More details available on Hawa. Updates often. Find it packed with beautiful inspiration t. For new subs. NORTHERN has assured customers that no personal or payment information was compromised after a suspected cyber attack that led to some of its self-service ticket machines being out of use for five weeks. The issue was first identified in July, just t. When does justified concern become paranoia? Experts say federal agencies have taken steps to secure networks, but they remain vulnerable.
A growing crop of businesses is set on helping consumers and companies navigate the maze of threats. Entering your passcode on a blank display can be difficult. Try going to the lock screen, wiping the display clean and entering your passcode in the hope that you will leave fingerprints. Or place paper over the screen, mark where the keypad is locat. The movie Hackers has a lot to answer for. Along with being faster than we can handle, the set looks.
Find it packed with beautiful inspiration that. All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied.
Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information. Prakhar Prasad is a web application security researcher and penetration tester from India. He has been a successful participant in various bug bounty programs and has discovered security flaws on websites such as Google, Facebook, Twitter, PayPal, Slack, and many more.
He secured the tenth position worldwide in the year at HackerOne's platform. He occasionally performs training and security assessment for various government, non-government, and educational organizations. I am thankful from the bottom of my heart to the editors of this book, Kajal Thapar, Amrita Noronha, and Manthan Raja, for helping and assisting me at various stages of this book.
The kick starter behind this book is my dear friend Rafay Baloch, a known name in the ethical-hacking community; he has been a constant source of encouragement and motivation. The last chapter of this book on API testing is written entirely by Pranav Hivarekar, a renowned researcher in the domain of web application security, who is a very good friend of mine and a down-to-earth human being. I'm immensely thankful to him for coming up with and authoring a guest chapter for this book. I'll do injustice if I don't mention my family, friends, and loved ones, who have always worked behind the scenes to keep me pumped up and motivated at different stages of this book.
This book wouldn't be possible without their efforts. Kubilay Onur Gungor has been working in the cyber security field for more than 8 years. He started his professional career with crypt analysis of encrypted images using chaotic logistic maps.
After working as a QA tester in the Netsparker project, he continued his career in the penetration testing field. He performed many penetration tests and consultancies for the IT infrastructure of many large clients, such as banks, government institutions, and telecommunication companies. After pen testing activities, he worked as a web application security expert and incident management and response expert in Sony Europe and Global Sony Electronics.
He believes in multidisciplinary approach on cyber security and defines it as a struggle. With this approach, he has developed his own unique certification and training program, including penetration testing, malware analysis, incident management and response, cyber terrorism, criminal profiling, unorthodox methods, perception management, and international relations. Besides security, he holds certificates in foreign policy, brand management, surviving in extreme conditions, international cyber conflicts, anti-terrorism accreditation board, terrorism and counter-terrorism comparing studies.
You can upgrade to the eBook version at www. Get in touch with us at for more details. At www. Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career. The World Wide Web, or what we generally refer to as the Web, has become a vital part of our everyday lives. The usage of the Web, ranging from a simple webmail to a complex and sensitive banking web application, has made our lives easier.
The Web was initially designed as a means of sharing information among users of the Internet using a combination of web pages and a browser.
The era has passed now, and it's no longer a place limited to sharing information. Instead, our day-to-day work is getting automated and put into web applications; this has definitely revolutionized communication and empowered us.
The mere idea of your or my banking application being offline is a nightmare; the same is the case with cloud services, such as like Dropbox, Gmail, or even iCloud.
Well, if this wasn't enough, imagine these services were hacked and all the sensitive data stored in them fell into the hands of hackers—this is even scarier, right?
They can sell the data, distribute it in the public domain, or even blackmail individual users. All of this has happened in the past—recall the celebrity photo leaks in , when Apple's iCloud service API was breached by hackers and sensitive photos were leaked on the Internet. Similarly, Ashley Madison, a controversial dating website, was breached in , and its users received blackmail letters. The Web, although charismatic, is not a safe place for anybody; the previously mentioned cases clearly prove the point.
However, we can beef up security to an extent that it becomes really hard to break into. It's a well-known fact that nothing can be a hundred per cent secure, but improving security never hurt anybody. In a classic penetration test of web applications, different types of attacking techniques are used to find vulnerabilities and use them to break into systems.
However, the Web is a growing field, and newer technologies are added every now and then. Any penetration tester conducting a test on a web application needs to be aware of newer techniques in the domain so that the latest classes of issues don't remain unpatched; at the same time, the old techniques must be extrapolated for better outcomes.
This book is an attempt to achieve both in order to impart newer techniques, such as XML attack vectors, which include the recently popular XXE attack. Then we have OAuth 2. The content I have added here in this book will help augment the already understood concepts in depth. This book is a means of sharing my knowledge of web applications with the community.
I truly believe you will find this book beneficial in one way or another. As an author, I wish you good luck exploring this book. Chapter 1, Common Security Protocols , focuses on different basic concepts of the Web and security in general, which you will find beneficial when conducting tests in real life. Topics such as same-origin policy are very important if someone wants to understand the enforcement done by a browser in the context of a web application; then, there are different encoding techniques, one of them being Base64, which is quite popular.
Chapter 2, Information Gathering , deals with various reconnaissance or enumeration techniques to discover surfaces that can be attacked. The more someone enumerates a particular web target, the better the chances are of finding a vulnerability inside it. The famous quote by Abraham Lincoln sums this chapter up well: If I had eight hours to chop down a tree, I would spend 6 of those hours sharpening my axe. Chapter 3, Cross-Site Scripting , is a refresher on one of the most exploited flaws on the Web: cross-site scripting.
Chapter 6, File Upload Vulnerabilities , deals with security flaws plaguing file upload functionality, which is very common in any web application.
Methods to create and use different kinds of web shells, some techniques of DoS, and bypasses on certain types of filters have been covered here. Chapter 7, Metasploit and Web , explains the Metasploit Framework and its relevance to web application security. It covers how to generate a web backdoor payload through MSF and different modules, with direct or indirect relation to the Web.
Chapter 10, OAuth 2. It starts with the relevant basics of OAuth and goes on to explain possible attacks. Chapter 11, API Testing Methodology , is the last chapter of this book and a guest chapter by security researcher and my friend Pranav Hivarekar.
It covers the basics of REST APIs and then goes on to explain fundamental issues and mistakes made by developers while implementing them. Various case studies have also been covered in this chapter to provide real-life examples. Open navigation menu. Close suggestions Search Search. User Settings. Skip carousel. Carousel Previous. Carousel Next. What is Scribd? Explore Ebooks. Bestsellers Editors' Picks All Ebooks. Explore Audiobooks. Bestsellers Editors' Picks All audiobooks. Explore Magazines.
Editors' Picks All magazines. Reserved characters have special meanings in the context of URLs and must be encoded into another form, which is the percent-encoded form to avoid any sort of ambiguity. The following characters are not encoded as part of the URL encoding technique:. The following characters are encoded as part of the URL encoding technique:.
The following is a list of characters with their encoded form:. Double percent encoding is the same as percent encoding with a twist that each character is encoded twice instead of once. This technique comes in pretty handy when attempting to evade filters which attempt to blacklist certain encoded characters, so we can double encode instead and let the filter decode to the original form.
This technique only works where recursive decoding is done. It is the same technique that was used in the infamous IIS 5. We can utilize the double technique to evade this. Normally, this should be decoded only once but there are scenarios where the developer makes the mistake of decoding it multiple times or situations in which this happens by design.
This effectively results in bypasses of filters depending on the scenario:. In , a directory traversal vulnerability in Microsoft's popular IIS 5.
The vulnerability was critical because it was a zero authentication code execution vulnerability. The vulnerability was due to double decoding of a URL passed into the request.
Microsoft issued security bulletin MS to address this flaw and also described the vulnerability in their own words. I'll quote the technical advisory published at Microsoft's website:. A vulnerability that could enable an attacker to run operating system commands on an affected server.
When IIS receives a user request to run a script or other server-side program, it performs a decoding pass to render the request in a canonical form, then performs security checks on the decoded request. A vulnerability results because a second, superfluous decoding pass is performed after the security checks are completed. If an attacker submitted a specially constructed request, it could be possible for the request to pass the security checks, but then be mapped via the second decoding pass into one that should have been blocked -- specifically, it could enable the request to execute operating system commands or programs outside the virtual folder structure.
This excerpt mentions specifically that a vulnerability results because a second, superfluous decoding pass is performed after the security checks are completed. This clearly speaks by itself that double decoding is done by mistake in the IIS server that allows someone to traverse path names and execute commands by communicating with the cmd. Assuming that the root directory is a Windows folder, if we send the following request, it will be blocked as it contains..
Then using the superfluous second decoding, as Microsoft likes to call it. We can perform path traversal and execute commands by hitting the command-line parser of Windows. We have covered a directory traversal security check bypass through the double encoding technique. In this section, I'll cover how we can evade some XSS filters or checks that perform double decoding of the input.
Before I end this topic, I must say the double encoding technique to bypass countermeasures is very powerful provided that our requirements such as recursive decoding. It can be applied to other attack techniques such as SQL injections. Double encoding can be further extrapolated into triple encoding and so on.
Base64 is an encoding mechanism which was originally made for encoding binary data into textual format.
First used in e-mail system that required binary attachments such as images and rich-text documents to be sent in ASCII format. Base64 is commonly used in websites as well, not for encoding binary data but for obscuring things such as request parameter values, sessions, and so on. You might be aware that security through obscurity is not at all beneficial in any way.
In this case, developers are not generally aware of the fact that even a slightly skilled person can decode the hidden value disguised as a Base64 string. Base64 encoding is used to encode media such as images, fonts, and so on through data URIs. The following set of characters is used to encode binary to text:. The following table is used for indexing the values to their respective Base64 encoding alternatives:.
Now each 6-bit group is converted into the Baseencoded format using the previous lookup table. Let us take the word God. We'll make a table to demonstrate the process more easily:. Therefore, the Base64 equivalent for God becomes R29k. However, a problem arises when the character groups are do not exactly form the bit pattern.
Let me illustrate this. We cannot divide this word into bit groups equally. This is the place where the padding mechanism of Base64 kicks in.
I'll explain that in the next section. In this chapter, we've learnt about the same-origin policy, CORS and different types of encoding mechanism that are prevalent on the Web. The things discussed here will be required in later chapters as per the requirement. You can fiddle around with other encoding techniques such as Base32, ROT13, and so on for your own understanding. In the next chapter, we will learn different reconnaissance techniques, which will enable us to learn more about our target so that we can increase our attack surface.
Prakhar Prasad is a web application security researcher and penetration tester from India. He has been a successful participant in various bug bounty programs and has discovered security flaws on websites such as Google, Facebook, Twitter, PayPal, Slack, and many more. He secured the tenth position worldwide in the year at HackerOne's platform.
He occasionally performs training and security assessment for various government, non-government, and educational organizations. About this book Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. Publication date: October Publisher Packt. Pages ISBN Download code from GitHub. Chapter 1. Common Security Protocols. Demonstration of the same-origin policy in Google Chrome.
Switching origins. Quirks with Internet Explorer. Cross-domain messaging. AJAX and the same-origin policy. CORS headers. Pre-flight request. Simple request. URL encoding — percent encoding. Unrestricted characters. Restricted characters.
Encoding table. Encoding unrestricted characters. Double encoding. Introducing double encoding.
0コメント