Perform some security reconnaissance to find out as much information as you can

Question

Perform some security reconnaissance to find out as much information as you can about the website. Things to consider could include:

- HTML/scripting languages used

- Are there any submission forms where perhaps a SQL injection attack could be attempted?

- What web server software is the site using? (Hint: try using a website such as www.netcraft.com to determine the technologies powering that website).

- Utilize whois style searches to garner footprint and potential information for attack.

use the information that you obtain to discuss how an attack or potential intruder could use this information for a potential website attack.

Explanation / Answer

HTML/scripting languages:

1. Do not pass un encrypted looged in user details

2. Do validate all the inputs from the web page

3. Storing important parameters to be passed to backend in JavaScript code, this can be easily modified using developer tools. Should specify alength, types of inputs data, blocks and data format and ignoreanything else.

4. Cookies should be set with HTTPOnly flag

5. A configurationof vulnerability can be found by miss configure service (by programmer). This configuration if occur will make theaccount of user ( for example ) unsecure, easily predict password and more miss configure.

6. XSS attack can embedded in HTML/JavaScript code and can be appear as URL link, thenthe users must be carefully about the links especially thatlooks contains an HTML code and don not clicking it beforechecking.

7. SQL injection means how to include a SQL statementsinto data entered through get method, or post method. It is avery simple concept, but has a great effect on the systemsecurity.

SQL injection usually happens when there is a web formwith input box and button to submit that, that simple example.When the user access this form the expected input is his namefor instance. Instead of insert the name, this user ( or let behacker) insert an SQL statement that unknown on thedatabase. [19] Consider the below script code is a samplestring of result of Two users. The form asked from both itslogin information which will running by using of SELECTstatement. One of them tried to enter an SQL injection but thesecond user logged in normally.

8. Use Free Software “The Zed Attack Proxy (ZAP) “.

Its easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ZAP provides automated scanners as well as a set of tools that allow you to findsecurity vulnerabilities manually

9. Secure page browsercache: Secure page can be cached in browser. Cache control is notset in HTTP header nor HTML header. Sensitive content canbe recovered from browser storage.

The best way is to set HTTP header with: 'Pragma: No-cache'and 'Cache-control: No-cache'.Alternatively, this can be set in the HTML header using meta data tags

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.