Edit something through inspect element= >
Ø document.body.contentEditable=true
<. true
OWASP Top 10 Application Security Risks - 2017
Injection flaws, such as SQL, NoSQL, OS, and
LDAP injection, occur when untrusted data is sent to an interpreter as part of
a command or query. The attacker's hostile data can trick the interpreter into
executing unintended commands or accessing data without proper authorization.
Application functions related to
authentication and session management are often implemented incorrectly,
allowing attackers to compromise passwords, keys, or session tokens, or to
exploit other implementation flaws to assume other users' identities
temporarily or permanently.
Many web applications and APIs do not properly
protect sensitive data, such as financial, healthcare, and PII. Attackers may
steal or modify such weakly protected data to conduct credit card fraud,
identity theft, or other crimes. Sensitive data may be compromised without
extra protection, such as encryption at rest or in transit, and requires
special precautions when exchanged with the browser.
Many older or poorly configured XML processors
evaluate external entity references within XML documents. External entities can
be used to disclose internal files using the file URI handler, internal file
shares, internal port scanning, remote code execution, and denial of service
attacks.
Restrictions on what authenticated users are
allowed to do are often not properly enforced. Attackers can exploit these
flaws to access unauthorized functionality and/or data, such as access other
users' accounts, view sensitive files, modify other users' data, change access
rights, etc.
Security misconfiguration is the most commonly
seen issue. This is commonly a result of insecure default configurations,
incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP
headers, and verbose error messages containing sensitive information. Not only
must all operating systems, frameworks, libraries, and applications be securely
configured, but they must be patched/upgraded in a timely fashion.
XSS flaws occur whenever an application
includes untrusted data in a new web page without proper validation or
escaping, or updates an existing web page with user-supplied data using a
browser API that can create HTML or JavaScript. XSS allows attackers to execute
scripts in the victim's browser which can hijack user sessions, deface web
sites, or redirect the user to malicious sites.
Insecure deserialization often leads to remote
code execution. Even if deserialization flaws do not result in remote code
execution, they can be used to perform attacks, including replay attacks,
injection attacks, and privilege escalation attacks.
Components, such as libraries, frameworks, and
other software modules, run with the same privileges as the application. If a
vulnerable component is exploited, such an attack can facilitate serious data
loss or server takeover. Applications and APIs using components with known
vulnerabilities may undermine application defenses and enable various attacks
and impacts.
Insufficient logging and monitoring, coupled
with missing or ineffective integration with incident response, allows
attackers to further attack systems, maintain persistence, pivot to more
systems, and tamper, extract, or destroy data. Most breach studies show time to
detect a breach is over 200 days, typically detected by external parties rather
than internal processes or monitoring.
Linux Commands:
Check os version in Linux:
·
$
cat /etc/os-release - Sample output:
NAME="Ubuntu"
VERSION="17.10 (Artful
Aardvark)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu
17.10"
VERSION_ID="17.10"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=artful
UBUNTU_CODENAME=artful
·
$
lsb_release –a :- The
lsb_release command gives LSB (Linux Standard Base) and distribution-specific
information on the CLI.
·
$
hostnamectl :- Use hostnamectl command to query and change the
system hostname and related settings. Just type the this command to check OS
name and Linux kernel version.
·
$
uname –r :- Just print Linux kernel version. Can print other info like:
-s, --kernel-name
|
|
-n, --nodename
|
|
-r, --kernel-release
|
|
-v, --kernel-version
|
Print the
kernel version.
|
-m, --machine
|
|
-p, --processor
|
|
-i, --hardware-platform
|
Print the
hardware platform, or "unknown".
|
-o, --operating-system
|
|
--help
|
Display a
help message, and exit.
|
--version
|
Display
version information, and exit.
|
Wappalyzer - a tool used with the browser (chrome/Mozilla)
to show the technologies used in the website.
Defense in Depth: From
Udemy - >
States security should be at every layer.
Host Header:
Tools
to detect and show this header:
Browser
plugins -> Live HTTP headers, HTTP Fox
Browser
Developer Tools
Proxy
Tools -> Fiddler, Charles, Burp,
Wireshark
HTTP 1.1 also allows you to have
persistent connections which means that you can have more than one
request/response on the same HTTP connection.
In HTTP 1.0 you had
to open a new connection for each request/response pair. And after each
response, the connection would be closed. This leads to some big efficiency
problems because of TCP
Slow Start.
GET / HTTP/1.1
Host: www.blahblahblahblah.com
This header is useful because it allows you to
route a message through proxy servers, and also because your web server can
distinguish between different sites on the same server.
·
Automated testing : Nettacker in Kali
*Reference - contents are taken from multiple locations(will try to list later)
