Hello friends how are you ? So from today i am going to start a new series of Web Application penetration testing in which we will be using a demo Lab for our practice for different kind of vulnerabilities and how to exploit them it consists of vulnerabilities like the following :-
- Cross Site Scripting
- Sql Injection
- Directory Traversal
- File Include
- Code Injection
- Command Injection
The Vulnerable Lab is created by Pentesterlab and the course name is Web for Pentester [PentesterLab] .
Introduction Web for Pentester [PentesterLab]:-
This course is for using your previous knowledge into a practical use and test you skills on a practice lab for understanding more. The community at PentesterLab tried there best to put together all the basics of web penetration testing and there summary of for most common vulnerabilities present in the most of the web application.
The lab is created on a LiveCD of Linux OS so you will have to set it up in a Virtual Environment like Virtual Box or VMWare. I will be covering the steps of setting the testing Lab in next post with video instructions.
You can download the lab files from here Download .
The Web Applications:-
If we talk about the most exposed services of the companies or institutions over the internet then the most exposed services are the website on the internet, Further more now a day there is a web version of the old web applications. This is a massive transformation and make the web application security an important part of network security.
Security Model For a Web Application:-
The most important and basic security model for any web application should be really simple : Don’t trust the user of the application. Most of the information that is received to the server can be spoofed by the user. So there is a great saying about this that is :-
Better to be safe then Sorry.
It is better to place filters and escape everything than to realize later on that a value you think was not user-control.
Risk Of weak Security:-
If you are not serious about the web application security for your product then there are great number of security risks involved in it.
- Information Leak
- Reputation Loss
- Information Loss
- Money Loss
Most of the web application consist of 3 main things.
- The client: a web browser
- The server: that receive requests from the client. An application server can be involved to process the requests, in that case the web server will simply forward the requests to the application server.
- The storage backend to retrieve and save the information : Database.
All these may have different behaviors that will impact different areas of the web application and the existence of the exploit ability of the vulnerability. And these can also be prevented form these issue.
Client side technologies
Server side technologies
On the server side a lot of technologies can be used and even if all can be vulnerable to any web issue, some issues are more likely to happen for a given technology.
The server side can be divided into more sub-categories:
- Web servers like Apache, lighttpd, Nginx, IIS…
- Application servers like Tomcat, Jboss, Oracle Application server…
- The programming language used: PHP, Java, Ruby, Python, ASP, C#, … This programming language can also be used as part of a framework like Ruby-on-Rails, .Net MVC, Django.
The storage backend can be located on the same server as the web server or on a different one. This can explain weird behaviour during the exploitation of some vulnerabilities.
A few examples of backends are:
- Simple files.
- Relational databases like Mysql, Oracle, SQL Server, PostgreSQL.
- Other databases like MongoDB, CouchDB.
- Directories like openLDAP or Active Directory.
An application can use more than one storage backend. For example, some applications use LDAP to store users and their credentials and use Oracle to store information.
This was bit over view of some of the terms and things you should know about web applications and if you want to read more about this course and all the details about what is in this course that we will cover so you can see it on PentesterLab . They have it all well covered and i will also attach the PDF document you can also read it offline.