Web App | GracefulSecurity

Hacking Web Applications:

by HollyGracefulNovember 27, 2016February 3, 2020

Getting Root Access to Web Servers I’ve written previously about How To Become a Penetration Tester, listing things that employers would like to see out of potential junior testers. I’ve written an awful lot about many web application vulnerabilities like Cross-site Scripting and Directory Traversal; I’ve even written about the methodology behind External Penetration Testing. However – until now I’ve not tied all of the little pieces together. Plus, one of the biggest things on the list of desirables for a junior testers CV is practise.

An Introduction to DOM XSS

by HollyGracefulFebruary 10, 2016February 3, 2020

Document Object Model Based Cross-Site Scripting (DOM Based XSS) is a type of Cross-site Scripting where instead of the payloads being stored or reflected by the remote web server and appearing in the response HTML the payload is instead stored in the DOM and processed insecurely by JavaScript. For those unfamiliar with what the DOM is, a short and fairly untechnical overview is available here. The impact, and exploitation of DOM-XSS, is essentially the same as reflected or stored however the detection is a little different, as you can’t simply check the server responses and build up a payload. For example …

Introduction to Burp Suite Pro

by HollyGracefulFebruary 6, 2016April 6, 2020

Burp Suite is, as far as I’m concerned, the de facto tool for Web Application Assessments. It’s simple to use and takes little time to get the hang of, but to make sure you’re making the most out of your toolset, I thought I’d post a quick introduction to run through the main tabs and features. Burp Suite is a man-in-the-middle proxy which can intercept HTTP/HTTPS data from web browsers and mobile applications and allow you to read, modify, and repeat requests to servers. It can detect and monitor WebSockets. It’s ideal for testing for a range of security issues within …

Web Application Defense: Filtering User Input

by HollyGracefulNovember 5, 2015January 30, 2020

Effectively filtering user input is one of the best ways to prevent an awful lot of web application vulnerabilities. There are several ways to approach this, each with their own pros and cons so I’ll run through them here an then you can think of the best way to combine them for your context. It’s important to remember though, that filters are context specific, there is not one filter that will work for a whole application and that’s what can make writing an effective filter tricky.

SQL Injection: Basics and Defence

by HollyGracefulOctober 18, 2015February 3, 2020

Structured Query Language (SQL) is used all over the web and is potentially vulnerable to an injection attack any time that user input is insecurely concatenated into a query. An injection attack allows an attacker to alter the logic of the query and the attack can lead to confidential data theft, website defacement, malware propagation and host/network compromise.

IDOR: Insecure Direct Object Reference

by HollyGracefulSeptember 27, 2015February 10, 2020

In my experience Insecure Direct Object Reference is one of the least well known vulnerabilities out there, but it’s a very simply issue to explain. It’s a vulnerability that generally leads to loss of confidential data but can result in the less of modification of data too.

XSS: What is Cross-site Scripting? Lesson 1, Basics

by HollyGracefulSeptember 27, 2015February 3, 2020

Cross-site Scripting is the third vulnerability on the OWASP Top 10 and it is a vulnerability that can allow an attacker to steal confidential data, execute functions on a vulnerable site, virtually deface a site or redirect the user to a malicious page.

XSS: Cross-site Scripting: Lesson 2, Contexts!

by HollyGracefulSeptember 27, 2015February 3, 2020

Sometimes when I’m chatting to security engineers and developers I hear them say that the only characters you need to encode (or strip) are < and >. This often comes around due to .Net’s security filter which restricts any alpha-character from appearing after a < character. This filter prevents a lot of XSS attacks but it’s definitely not complete.

CSRF: What Is Cross-Site Request Forgery?

by HollyGracefulSeptember 23, 2015February 2, 2020

Often abbreviated to CSRF and often pronounced as “Sea-Surf” is an attack against a Web Application that abuses an application’s trust in the user. An attacker’s aim is to cause a function to execute on the application using the user’s authentication credentials simply by causing the user’s browser to request that function in the normal way, but from a malicious site.

HSTS: HTTP Strict Transport Security

by HollyGracefulMay 17, 2015January 30, 2020

HSTS is a web security mechanism to prevent downgrade attacks, it’s a mechanism that allows a web server to instruct web browsers to only communicate with the server over SSL, so that all subsequent traffic is encrypted, even if a user attempts to visit an insecure link (the browser will ‘correct’ the user and request the secure site instead).