Module 9 (Web Application Attacks)

Web Application Enumeration

  • Programming language and Frameworks

    • PHP - ASP.net - JSP - PYTHON - JAVA and More

    • Wappalyzer - inspecting URLs - whatweb - Error

  • Web Server Software

    • Apache - Nginx - IIS

    • Wappalyzer - whatweb - Error

  • Database software

    • MySQL - MariaDB - MongoDB - Oracle - SQL Server

    • Wappalyzer - Error

  • Server OS

    • Linux - Windows

    • Wappalyzer - NSE (Nmap Script Engine)

Web Application Assessment Tools

  • Fuzz Directories

    • Drip - gobuster - dirsearsh - fuff - wfuzz

Wfuzz

Fuzzing Dir

wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hc 404,302,301 http://192.168.2.5/bWAPP/FUZZ

Fuzzing Files

.bak, .php, .zip . xml , .json ...etc

wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hc 404,302,301 http://192.168.2.5/bWAPP/FUZZ.php

Dirbuaster

Fuzzing Parameters In URLs

wfuzz -z range,0-10 --hl 97 http://testphp.vulnweb.com/listproducts.php?cat=FUZZ

Fuzzing Cookies

wfuzz -z file,wordlist/general/common.txt -b cookie=value1 -b cookie2=value2 http://testphp.vulnweb.com/FUZZ

Fuzzing POST Requests

 wfuzz -z file,wordlist/others/common_pass.txt -d "uname=FUZZ&pass=FUZZ"  --hc 302 http://testphp.vulnweb.com/userinfo.php

  • Test Vulnerabilities

    • Nikto - Nessus - acunetix - netsparker - burp and zap proxy

OWASP Top Ten

  1. A01:2021-Broken Access Control

  2. A02:2021-Cryptographic Failures

  3. A03:2021-Injection

  4. A04:2021-Insecure Design

  5. A05:2021-Security Misconfiguration

  6. A06:2021-Vulnerable and Outdated Components

  7. A07:2021-Identification and Authentication Failures

  8. A08:2021-Software and Data Integrity Failures

  9. A09:2021-Security Logging and Monitoring Failures

  10. A10:2021-Server-Side Request Forgery

PreviousModule 8 (Vulnerability Scanning)NextCross Site Scripting (XSS)

Last updated