Files
G4G0-2/Penetration Testing/Week 20/Week 20 - Web Attacks.md
2025-01-30 09:27:31 +00:00

80 lines
3.5 KiB
Markdown

Subtopics: Malicious Software, Attacks on Web Applications, Secure System Development
# How Computers Get Compromised:
- Accessing malicious or infected websites
- Downloading and installing malware from websites
- Executing attachments to emails containing exploits and malware
- Plugging in external devices infected with malware
- Installing malware/infected software from media
- Direct attacks from the internet exploiting vulnerabilities in OS or applications
- Through delivery chain, during assembly or shipment
## Malware Types:
- Backdoor/Trapdoor
- Logic bomb
- Trojan horse
- Worm
- Virus (polymorphic, metamorphic)
- Stealth virus
- Exploit
## Exploits:
- Exploit software/hardware vulnerability
- Carried in common data formats like PDF, office documents, media files
- Contains corrupt data types
- Causes unintended behavior on computers
## Backdoor/Trapdoor:
- Provides remote control capabilities
- Can reside on the system for long periods before being used
- Installed by exploit or user (tricked into installing malicious program)
- Can be installed during design for testing purposes, posing a threat if left in production software
# The Cyber Kill Chain (Hutchins Et Al., 2011):
- Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, Command & Control (C&C), Action/Exfiltration
- Timescale for each phase varies from days, months, hours to seconds.
- Recon; Weaponisation; Delivery; Exploitation; Installation; Command & Control; Action/Exfil
## Web Application Security Challenge:
- Firewall, App Server, Web Server, Hardened OS, Databases, Legacy Systems, Web Services, Directories, Human Resources, Billing, Custom-Developed Application Code
- Network layer and application layer security are crucial
# Application Attacks
- Application attacks bypass traditional network security measures like firewalls
## SQL (Structured Query Language):
- Interface to relational databases
- Used for inserting, updating, deleting, and retrieving data in a database
### SQL Injection:
- Databases system misinterpretation of input data
- Attacker disguises SQL commands as data input
- Vulnerability exists when web application fails to sanitise data input before sending it to the database
- Preventing SQL Injection and XSS: Validate all user-entered parameters, escape questionable characters, hide information about error handling
## Broken Authentication and Session Management:
- User authentication does not necessarily provide continuous assurance
- Insecure implementation of session control with a static session ID passed in the URL
- Recommendations for session IDs (OWASP)
## OWASP Top-10 Web Application Risks (as of 2017):
- Injection, Broken Authentication, Sensitive Data Exposure, XML External Entity (XXE), Security Misconfiguration, Cross-Site Scripting (XSS), Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging & Monitoring, Underprotected APIs
## Waterfall SDLC vs. Agile Software Development vs. Secure Agile:
- Waterfall SDLC: Sequential phases (Design, Requirements, Implementation, Verification, Maintenance)
- Agile Software Development: Iterative sprint cycles based on user stories
- Secure Agile: Includes additional security steps during project startup, each sprint cycle, and final test and validation
- Threat modeling in Secure Agile: Identify, analyze, and describe relevant threats using STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)