Monday, 2 November 2009

Network Security Part 7 Web Application Scanner.

Web Application Scanner:

web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security weaknesses in the web application.

It performs a black-box test. Unlike source code scanners, web application scanners don't have access to the source code and therefore detect vulnerabilities by actually performing attacks.

A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Web application scanners can look for a wide variety of vulnerabilities, including:
  • Input/Output validation: (Cross-site scripting, SQL Injection)
  • Specific application problems
  • Server configuration mistakes/errors/version

Web Applications Issues :
  • Scripting issues
  • Sources of input: forms, text boxes, dialog windows, etc.
  • Multiple Charset Encodings (UTF-8, ISO-8859-15, UTF-7, etc.)
  • Regular expression checks
  • Header integrity (e.g. Multiple HTTP Content Length, HTTP Response Splitting)
  • Session handling/fixation
  • Cookies
  • Framework vulnerabities(Java Server Pages, .NET, Ruby On Rails, Django, etc.)
  • Success control: front door, back door vulnerability assessment
  • Penetration attempts versus failures

Technical vulnerabilities :
  • Unvalidated input:
  •     Tainted parameters - Parameters users in URLs, HTTP headers, and forms are often used to control and validate access to sentitive information.
  •     Tainted data
  • Cross-Site Scripting flaws:
  • XSS takes advantage of a vulnerable web site to attack clients who visit that web site. The most frequent goal is to steal the credentials of users who visit the site.
  • Content Injection flaws:
  • Data injection
  • SQL injection - SQL injection allows commands to be executed directly against the database, allowing disclosure and modification of data in the database
  • XPath injection - XPath injection allows attacker to manipulate the data in the XML database
  • Command injection - OS and platform commands can often be used to give attackers access to data and escalate privileges on backend servers.
  • Process injection
  • Cross-site Request Forgeries

Security Vulnerabilities :
  • Denial of Service
  • Broken access control
  • Path manipulation
  • Broken session management (synchronization timing problems)
  • Weak cryptographic functions, Non salt hash

Architectural/Logical Vulnerabilities :
  • Information leakage
  • Insufficient authentification
  • Password change form disclosing detailed errors
  • Session-idle deconstruction not consistent with policies
  • Spend deposit before deposit funds are validated

Other vulnerabilities :
  • Debug mode
  • Thread Safety
  • Hidden Form Field Manipulation
  • Weak Session Cookies: Cookies are often used to transit sensitive credentials, and are often easily modified to escalate access or assume another user's identify.
  • Fail Open Authentication
  • Dangers of HTML Comments

Web Scanner in network.

No comments:

Post a Comment