Friday, February 3, 2012

Application Penetration Testing

1:30 PM  Hack Security  No comments


Cyber security works penetration testing service provides an in-depth understanding of how an input, changes data inside the software. We use a proprietary framework (Websploit™) to discover multiple attack vectors by passing or inputting data to user interfaces, network interfaces, application programming interfaces (API's), and other places where inputs are processed.
Our tests (external and internal) replicates actions of an attacker to gain unauthorized access and/or gain greater level of access to web applications, e-commerce, ERP, and databases. Main goal of this test is to gain unauthorized access through privilege escalation to enterprise’s applications by passing maliciously crafted inputs through potential field manipulation and cookie poisoning, which allows a more focused test of web applications by exposing vulnerabilities that pose potential threats of which traditional network penetration testing is unaware.
To ensure complete and comprehensive analysis the test is performed on all the applications (applications, web based applications, databases, all direct and indirect user inputs, and all interfaces that accept inputs). Our test passes specially crafted input data to web services, user interfaces (logon screens, web front ends), scripts (XML, HTML, etc.), communication paths (network protocols and sockets), DCOM objects, and remote procedure calls (RPCs) to discover all potential attack vectors.
We generate a detailed report outlining successful attacks (code injection, canonicalization, HTML manipulation, buffer overflows, insecure communications, and misconfigurations); characterizing specific vulnerabilities, communication channel used, and exploit code. We also map the attacks to OWASP top 10 and Dsheild’s top 10 reports to distinguish between a global attack vs target attack. Open Web Application Security Project (OWASP) lists the most serious web application vulnerabilities and Dshield is a global cooperative cyber threat / internet security monitor and alert system.
Application penetration testing attack modules consist of payloads that belong to one or more of the four major attack taxonomies (interruption, interception, modification, and fabrication). Attack payloads that exploit common categories of application vulnerabilities are listed below.

Injection Flaws:

Injection flaw is the exploitation of a vulnerability that is caused when code is injected into a program/script from an external source for execution. The results of code injection can be disastrous; as it can compromise the entire security posture of an enterprise by affecting the security of web applications that can be extended to critical servers. Code injection is actively used by automated attacks and computer worms to propagate. List of most common injection attacks is listed below.
  • SQL Injection
  • PHP Injection
  • ASP Injection
  • Malicious File Execution
  • Eval Injection
  • Include File Injection
  • Shell Injection
  • OS Command Injection
  • HTML/Script Injection (Cross Site Scripting)
  • Comment Injection
  • LDAP Injection
  • Xpath Injection
  • XSLT Injection
  • XML Injection


Cross Site Scripting (XSS):

Cross Site Scripting (XSS) is a vulnerability that occurs whenever an application takes data that is originated from a user or program and sends it to the browser without validating or encoding the data. An exploited XSS vulnerability can be used by adversaries to bypass access controls, hijack user sessions, deface web sites, insert hostile content, and conduct phishing attacks. XSS attacks are written in a markup language (HTML or XHTML) or client-side scripting language (Java script, Jscript, ActiveX, VB script, flash, and Action script). Most of the document security incidents in 2007 occurred because of the presence of XSS vulnerabilities.
  • Document Object Model XSS (DOM based) Vulnerabilities
  • Non-Persistent Vulnerabilities
  • Persistent Vulnerabilities

Insecure Direct Object Reference:

Insecure Direct Object Reference direct object reference is a file that contains a reference to another object such as a file, directory, database record, and URL or form parameter. Insecure direct object reference occurs when a developer exposes to an internal implementation object and provides access without checking for proper authentication credentials.
  • Null Byte Injection

Cross Site Request Forgery:

Cross Site Request Forgery is a web based exploit that occurs when malicious or unauthorized commands or data is sent to a web application on behalf of a trusted user without the trusted user’s knowledge or consent. Cross site forgery exploits the trust that a web application has for a particular user.
  • Automatic HTTP Request Execution
  • Web Application Performing Security Sensitive Operations without User Validation

Canonicalization:

Gaining access to restricted portions of a web application by overcoming its weak canonical rules, insufficient security validation and sanitization of user-supplied inputs.
  • Directory Traversal
  • Access to Restricted Pages
Apart from (Injection Flaws, Cross Site Scripting (XSS), Insecure Direct Object Reference, Cross Site Request Forgery, and Canonicalization) we also test the following exploitable vulnerabilities:
  • Information Leakage and Improper Error Handling
  • Broken Authentications and Session Management
  • Insecure Cryptographic Storage and Weak Ciphers and Session Keys
  • Insecure Communications (clear text protocols like Telnet and FTP for sensitive data)
  • URL Access
  • Regular Expression Checks
  • Tainted Parameters
  • Header Integrity
  • Path Manipulation
  • Thread Safety
  • Hidden Form Field Manipulation
  • Fail Open Authentication
  • Weak Session Cookies
  • Misconfigurations
  • Weak Passwords

Posted in: ,

0 komentar:

Post a Comment