tag:blogger.com,1999:blog-341925372011-07-12T02:18:11.477-11:00Web Application Security & Learn to find & fix SQL injection, Cross site & web security issuesn0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.comBlogger151100tag:blogger.com,1999:blog-34192537.post-1157956210605485302006-09-10T19:29:00.001-11:002006-09-10T19:30:10.676-11:00

Conclusion Attacking web applications is the easiest way to compromise hosts, networks and users. Generally nobody notices web application penetration, until serious damage has been done. Web application vulnerability can be eliminated to a great extent ensuring proper design specifications and coding practices as well as implementing

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157956180916372362006-09-10T19:29:00.000-11:002006-09-10T19:29:40.990-11:00

Cookie Structure (domain) The website domain that created and that can read the variable. (flag) A TRUE/FALSE value indicating whether all machines within a given domain can access the variable. (path) The path attribute supplies a URL range for which the cookie is valid. If path is set to /reference, the cookie will

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157956140563261332006-09-10T19:28:00.000-11:002006-09-10T19:29:00.673-11:00

Secure vs. Non-Secure Cookies can be set using two main methods, HTTP headers and JavaScript. JavaScript is becoming a popular way to set and read cookies as some proxies will filter cookies set as part of an HTTP response header. Cookies enable a server and browser to pass information among themselves between sessions.

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157956086466679492006-09-10T19:27:00.001-11:002006-09-10T19:28:20.816-11:00

Persistent vs. Non-Persistent Persistent cookies are stored in a text file (cookies.txt under Netscape and multiple *.txt files for Internet Explorer) on the client and are valid for as long as the expiry date is set for (see below). Non-Persistent cookies are stored in RAM on the client and are destroyed when the browser is

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157956046332876072006-09-10T19:27:00.000-11:002006-09-10T19:27:35.530-11:00

Page Sequencing Page sequencing is the term given to the vulnerability that arises as a result of poor session management, thereby allowing the user to take an out of turn action and bypass the defined sequence of web pages. This can be something like moving ahead to a later stage of a financial transaction. This arises

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157956010823232952006-09-10T19:25:00.000-11:002006-09-10T19:26:50.830-11:00

Session Management (Brute Force) Brute Forcing involves performing an exhaustive key search of a web application authentication token's key space in order to find a legitimate token that can be used to gain access. According to rfc-2617, the Basic Access Authentication scheme of HTTP is not considered to be a secure

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157955784380791762006-09-10T19:22:00.001-11:002006-09-12T17:12:10.406-11:00

XSS A Web application vulnerable to XSS allows a user without knowledge to send malicious data to them self through that application. Attackers often perform XSS exploitation by making malicious URLs and tricking into clicking on them. These links cause client side scripting languages like VBScript, JavaScript of the attackers choice

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157955749035849312006-09-10T19:22:00.000-11:002006-09-10T19:22:29.036-11:00

Input Hacking In web server attacks the attacker will first try to probe and manipulate the input fields to gain access into the web server. They can be broadly categorized as given below. (URL Manipulation CGI Parameter Tampering): This is perhaps the easiest of the lot. By inserting unacceptable or unexpected

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157955720670063112006-09-10T19:21:00.000-11:002006-09-10T19:22:00.676-11:00

Hidden Field Hacking Web applications rely on HTML forms to receive input from the user. However, users can choose to save the form to a file, edit it and then use the edited form to submit data back to the server. Herein lies the vulnerability, as this is a "stateless" interaction with the web application. HTTP transactions

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com1tag:blogger.com,1999:blog-34192537.post-1157955687676662552006-09-10T19:20:00.000-11:002006-09-10T19:21:27.686-11:00

Web Application SecurityHere I will exaplain about some of the vulnerabilities in web applications. The objective is to show the need to secure the applications as they allow attackers to compromise a web server or network over the legitimate port of entry and buffer overflows. Web based application security is

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com1tag:blogger.com,1999:blog-34192537.post-1157949844091889252006-09-10T17:43:00.000-11:002006-09-10T17:44:04.096-11:00

About Unicode ASCII characters for the dots are replaced with hexadecimal equivalent (%2E). ASCII characters for the slashes are replaced with Unicode equivalent (%co%af). Unicode 2.0 allows multiple encoding possibilities for each characters. Unicode for"/": 2f, c0af, e080af, f08080af, f8808080af,..... Overlong Unicode are NOT malformed

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157949786225860792006-09-10T17:42:00.000-11:002006-09-10T17:43:18.453-11:00

Exploiting IIS The main security functions of a web server is to restrict user requests so they can only access files within the web folders. Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended Unicode character representations are used in substitution for "/" and "\". This vulnerability

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157949737572164542006-09-10T17:41:00.001-11:002006-09-10T17:42:17.573-11:00

IIS Risks IIS is one of the most widely used Web server platforms on the Internet, with more exploits to it. Dynamic capabilities were added by using Common Gateway Interface (CGI) applications. These applications run on the server and generate dynamic content different for each request. This capability to process input and generate pages in real time

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157949709688071022006-09-10T17:41:00.000-11:002006-09-10T17:41:49.690-11:00

Apache Risks Apache vulnerability are commonly found and if not patched, this can cause major security-risks. For example an old vulnerability was found in the Win32 port of Apache, it was when client submitting a very long URI could cause a directory listing to be returned rather than the default index page. A URL with a large number of trailing slashes: /

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0tag:blogger.com,1999:blog-34192537.post-1157949648128756472006-09-10T17:07:00.000-11:002006-09-10T17:40:48.146-11:00

We will start taking closer look first to web server. For new readers, Web servers are the heart of Web Sites, The Web Server is the system that holds and broadcasts the web-site, like right now, so you can view, read, write, ect. The browser dissasembles the URL into three parts: 1.

n0h4thttp://www.blogger.com/profile/17095865690471307978noreply@blogger.com0