Among the tests you perform on web applications, security testing is perhaps the most important, yet it's often the most neglected. The recipes in the 'Web Security Testing Cookbook' demonstrate how developers and testers can check for the most common web security issues, while conducting unit tests, regression tests, or exploratory tests. Unlike ad hoc security assessments, these recipes are repeatable, concise, and systematic-perfect for integrating into your regular test suite. Recipes cover the basics from observing messages between clients and servers to multi-phase tests that script the login and execution of web application features.
By the end of the book, you'll be able to build tests pinpointed at Ajax functions, as well as large multi-step tests for the usual suspects: cross-site scripting and injection attacks.
This book helps you: - Obtain, install, and configure useful-and free-security testing tools - Understand how your application communicates with users, so you can better simulate attacks in your tests - Choose from many different methods that simulate common attacks such as SQL injection, cross-site scripting, and manipulating hidden form fields - Make your tests repeatable by using the scripts and examples in the recipes as starting points for automated tests Don't live in dread of the midnight phone call telling you that your site has been hacked.
With 'Web Security Testing Cookbook' and the free tools used in the book's examples, you can incorporate security coverage into your test suite, and sleep in peace. Foreword Preface 1. Introduction 2. Installing some free tools 3.
Basic observation 4. Web-Oriented Data encoding 5. Tampering with input 6. Automated bulk scanning 7. Automating specifics Tasks with cURL 8. Seeking design flaws Attacking AJAX Manipulating Sessions Multifaceted Tests Index. Paco Hope is a Technical Manager with Cigital. His areas of expertise software security, security testing, and casino gaming. He specializes in analyzing the security of software, software systems, and software development processes. He conducts training on risk-based security testing, writing security requirements, and software security fundamentals.
Ben Walther is a consultant at Cigital and contributor to the Edit Cookies tool. He has a hand in both normal Quality Assurance and Software Security.technodecision.ru/wp-includes/380/2409.php
Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast by Paco Hope
Day to day, he designs and executes tests - and so he understands the need for simple recipes, in the hectic QA world. Through Cigital, he tests systems ranging from financial data processing to slot machines. Walther has a B. Neem contact met mij op over Events Sprekers Incompany. Welkom terug. Related Work Web application security analysis is an area of research that has received considerable study.
In this section, a related works to different area of detection and prevention web application vulnerabilities have discussed: 1. In , Dwen Y. They also differentiate between the current popular practices and proposed defense properties in accordance with its exposure to attack . In , Zhang.
CN102831345B - Sql注入漏洞检测中的注入点提取方法 - Google Patents
In , Kapodistria. In , Jeom G. In Atul S. In Pulei X, proposed a model-driven penetration test framework for web applications that consists of a penetration test methodology, a grey-box test architecture, a web security knowledgebase, a test campaign model, and a knowledge-based Pen Test workbench . In Alattar, M. In Vaishali M. In Vibhakti M.
In Adam L. The proposed system is shown in the Figure 1.
The subsystem is divided into three main functional models which include web crawler, injector and analyzer. Crawler Model: The web crawler provide interaction scenario between scanner system and web application through interface, user enter the URL of web to be tested, and crawler model generates a request to the web server for crawling all URLs of this web. If a request includes malicious input, WAF denied the request and redirected to another page, this proposed system consists of three stages sanitization, validation and verification as showed in the Figure 3.
Validation Stage: Another defense line proposed to justify each input data is validate stage to protect web based on regular expression in design custom functions. Verification Stage: This stage signifies the core of proposed system to protect web application, one to detect and prevent XSS vulnerability. Test SQL Injection Vvulnerability To evaluate the HBBT capability in detect SQL injection attack a comparison made between number web applications vulnerability scanners with the proposed system in scanning the developed vulnerable web application.
As shown in Table 1 , HBBT scanner detected four SQL injection vulnerabilities out of four known implemented vulnerabilities and corresponding false negative is zero vulnerabilities in addition the false positive vulnerabilities of the detected was zero. To evaluate the HBBT capability in detect XSS attack a comparison made between web applications vulnerability scanners tools that explained previously in section 3. As shown in Table 2 , HBBT scanner detected three XSS vulnerabilities out of three known implemented vulnerabilities and corresponding false negative is zero vulnerabilities in addition the false positive vulnerabilities of the detected was zero.
WAF Effectiveness This evaluation refers to measures the capability of WAF in provide the appropriate protection on different websites, and the output meets the intended or expected result as planned activities, the automatic and manual penetration testing performed; the three different cases are selected.
B Prevent XSS Attack Case one is scanned insecure web application hostile to XSS vulnerability, Firstly, when the proposed WAF was disabled and the obtained result from scanning result show there are two XSS vulnerability found Likewise, the previous experiment has accomplished; the unchanged insecure web application scanned hostile to XSS vulnerability but at what time WAF was enabled under the same condition of the previous experiment.
C Evasion WAF Attack A case three produce different experiments performed through applied new discovered style of attack against developed vulnerable web application to compare the proposed WAF with different software called mode security.
The idea of proposed style of attack based on send attack data consecutively to more than one input field at once, rather than the traditional style where it is sending only one attack and waiting for the answer. The obtained result indicate mod-security failure in fighting proposed style of attack besides prove the power of style attack for bypass this firewall because the mod-security check first attack data disjointed of the second attack data while server processing as it integrated of two attacks data which represent the same attack data that detected and prevented when sent jointed, In contrast when proposed WAF was enabled and attack applied on vulnerable web application the obtained result confirm the ability of proposed WAF to fight attack and saves web application from new harm attack.
WAF Efficiency The efficiency of the proposed system is measures when send normal query, and send malicious query, to indicate the WAF impact on the server A Normal Request In the beginning, we send a normal request, to the vulnerable webpage specifically logn. In comparison response time for the login. The overall page load time when WAF is disabled is ms compared to the page load time when WAF enabled, which is ms, so the difference is ms which, represents a short delay of response time. Php 64 1 Enabled Login. Php 64 1 Furthermore, it can be concluded that average response time for test all pages, as shown in the Table 4 , when WAF disabled, is ms while when WAF enabled, is ms and the difference between these states was ms, which indicates the affected time of WAF enabled on server response was too small.
Figure 4 : Completion Time for Send Normal Data Malicious Request The second case sent a malicious request to a vulnerable website by numbers of virtual users when WAF disabled to compare with the results of send same input data to the same vulnerable website by numbers of virtual user but when WAF is enabled. Figure 5 , explain the completion time for send malicious data.
The WAF sanitization insures input data is correct, so it counted as enrichment level, because it helps server manages data accurately, and avoid user resubmit it again. The WAF capability, increased when validation phase used because, denies any request invalidated pattern before gain access to the server.
Employing the WAF is supposed to be highest part of defenses in server hosting to protect any web application from vulnerabilities. Execute simulation of input data on WAF, before executed it on web application, be capable of prevent high vulnerability attack.