Penentration test

Background:

Web servers and web applications starting from simple website, web portal or complex cloud distribution system are vulnerable to various attacks. The attacker can simply deface the pages, steal data or disrupt website operations. Web security is especially important in case of e-commerce based portals, where the entire business relies on website and its data contents. It’s important to understand that having only firewalls are not enough because those cannot detect code level vulnerabilities, so a detailed code security review is highly recommended.

Solution:

In order to mitigate risk and ensure the highest level of security, our security team delivers the support you need to properly fix the holes in yours information system.

Our main focus is web based application security. Our team has expertise in identifying and exploiting vulnerabilities across different application types that reside in cloud following security testing methodologies based on OWASP Top-10 model.

We will provide you with detailed reports of all tasks performed during the engagement by our testers including final recommendations in preventing potential vulnerabilities in application or server misconfiguration.

SQL Injection Attacks68%

XSS Attacks97%

CSRF Attacks80%

Code Injection87%

Session Hijacks75%

SQL INJECTIONXSS VULNERABILITYCSRF VULNERABILITYFILE UPLOAD VULNSSESSION VULNERABILITY
SQL injection vulnerabilities remain a headache for Web app developers, security professionals and database administrators . In a recent survey of 800 IT security pros and developers by the Ponemon Institute and app security firm Security Innovation, 42% of developers and 46% of security practitioners admitted SQL injection at the application layer had been exploited in a recent breach against their organizations. The responses made SQL injection the most-cited attack vector on a list that included cross-site scripting and privilege escalation. SQL injection attacks exploit nonvalidated user input to issue commands through an application to a back-end database. Finding the holes through which these attacks can be launched isn’t all that difficult. One of the first things attackers like to do is to see how an application handles errors. Another way to search for vulnerable sites is through Google hacking. Google hacking uses search engines to find security gaps by leveraging the mountains of data they index. An attacker might start by entering a search query—called a Google Dork— designed to locate results that could offer a clue about sites that might be vulnerable. There are a number of Google Dorks that can be useful for a hacker searching for a SQL injection vulnerability to exploit. Fortunately, SQL injection vulnerabilities are relatively easy to prevent. One strategy is to sanitize user input. Another is to use parameterized queries and stored procedures. According to the Open Web Application Security Project (OWASP), developers should consider using parameterized queries (prepared statements) that use placeholders for parameters whose values are ultimately supplied at execution time. Though taking this approach can negatively impact performance, it can help block attacks.
Cross site Scripting (XSS) attacks are a type of script injection in which malicious scripts are injected into web sites forms. XSS vulnerability is the most common flaw in web applications. Cross site scripting attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. Attackers frequently use a variety of methods to encode the malicious portion of the tag, such as using Unicode, so the request is less suspicious looking to the user. There are multiple ways these attacks could be initiated. but the most common XSS attacks usually are in the form of embedded JavaScript. XSS issues can also be present in the underlying web and application servers as well. Most web and application servers generate simple web pages to display in the case of various errors, such as a 404 ‘page not found’ or a 500 ‘internal server error.’ If these pages reflect back any information from the user’s request, such as the URL they were trying to access, they may be vulnerable to a reflected XSS attack. The likelihood that a site contains XSS vulnerabilities is extremely high. There are a wide variety of ways to trick web applications into relaying malicious scripts. Finding these flaws is a tricky situation and thats where a detailed and manual penetration testing comes handy
CSRF vulnerabilities occur when a website allows an authenticated user to perform a sensitive action but does not verify that the user herself is invoking that action. The key to understanding CSRF attacks is to recognize that websites typically don’t verify that a request came from an authorized user. Instead they verify only that the request came from the browser of an authorized user. Because browsers run code sent by multiple sites, there is a danger that one site will send a request to a second site, and the second site will mistakenly think that the user authorized the request. That’s the key element to understanding XSRF. Attackers are gambling that users have a validated login cookie for your website already stored in their browser. All they need to do is get that browser to make a request to your website on their behalf.
A file upload vulnerability is when an application does not accept uploads directly from site visitors. Instead, a visitor can provide a URL on the web that the application will use to fetch a file. That file will be saved to disk in a publicly accessible directory. An attacker may then access that file, execute it and gain access to the site. Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. While file upload problems are found typically in php code and frameworks, other platforms exhibit those too. The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement. It depends on what the application does with the uploaded file and especially where it is stored.
Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn’t assign a new session ID, making it possible to use an existent session ID. The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a valid session ID and try to make the victim’s browser use it. The session fixation attack helps attacker steal an established session between the client and the server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim’s browser, so the attack starts before the user logs in.