Domain 5 of CEH: Web Application Hacking
This is Domain 5 of the CEH exam, it plays a very important part in the exam, so let's find out what this domain has to offer and why it is so important.
What is a Web Application?
A web application is a computer program that utilizes web browsers and web technologies to perform tasks over the internet. The demands of web apps are increasing because they don’t even require download. All you need to do is, access a web app from any web browser such as google chrome, internet explorer. The evolution of websites has led to the advancement of the web development process as well. There are three components of web application:
- Web server: Any request that come from client is managed by the web server.
- Application server: The application server completes the tasks and requests send by client.
- Database: Database is the backend that stores and retrieves the needed information.
Domain 5 of CEH: Types of attacks on web applications.
In this technique, the hacker injects specially-crafted SQL statements to exploit improper input sanitization on the back end of a website. SQL is responsible for performing operations on a database like inserting values updating values and deleting values from a database table. Most of the time, SQL deals with the data that is given by the user. To prevent these attacks, the user input must be first sanitized before performing any SQL operations
Serializing is the process of transforming data from one form to another in such a way that both the sender and the receiver can understand it. When the webserver transmits data to the browser, it serializes it first. Similarly, when a browser transmits serialized data to a web server, the webserver must deserialize the data it receives. If the server does not perform adequate checks before deserializing data received from the browser, a significant vulnerability such as remote code execution or privilege escalation can occur. This vulnerability can also be prevented by sanitizing everything that arrives from the browser before it is handled.
Cross-site request forgery:
The hacker exploits this flaw by sending fraudulent requests to her domain from another website. This alternate website is frequently one that is hosted by the hacker himself. Consider a web page that allows the user to change his or her password. A post request is made to the URL with the new password when the user enters in the new password and clicks change. The password of that particular user is then changed by the webserver. A hacker, on the other hand, can develop a web page that sends a post request to the same URL on the site but with a hard-coded password of his choosing. He simply sends the victim a link. When the victim clicks on it, the post request is delivered to the target website automatically. Since the victim is already authenticated on the target website the password is successfully changed to the one that the hacker wanted. This loophole can be prevented by implementing CSRF tokens.
Web sites are created by programmers. They are also humans and humans make mistakes. Improper web server configuration is one of these mistakes. When a website is hosted, for example, the developers may completely neglect to change the server's admin panel's default passwords or delete the server's admin console. In this instance, a hacker can entirely take control of the website by simply logging into the server's admin console with a default password such as admin, password, or root. So always remember to update the default passwords on a regular basis.
How to Secure your Web Applications:
Application security is business security. Protecting your apps from attack is a highly complex never-ending job because apps are everywhere. They're the number one gateway to your data and your customer's data. The sheer number of applications deployed in multi-cloud environments significantly increases the threat surface and the risk to your apps and data. The vast majority of undergraduate programs and computer science do not focus on application security rather the focus is almost entirely on the functionality and design of the applications. Responding to today's threat landscape can be overwhelming but there's are steps to handle app security that's easy and effective.
- Implement a secure SDLC framework for software development.
- Gain the knowledge and appreciation for OWASP TOP 10 threats (a globally recognized list of the top threats which are updated annually).
- Capture security requirements of the application right at the start of a software development lifecycle.
- Define, maintain and enforce industry application security best practices which evolve pretty quickly.
- Implement secure application design and architecture.
- Ensure secure coding practices for input validation, authentication and authorization.
- Ensure well-rounded security of your application for the coding cycle itself. It's important to inculcate a culture of secure coding cryptography, session management and error handling at the stage of the secure SDLC.
- If some vulnerabilities persist, rate the severity of defects and publish comprehensive reports detailing the associated risks and mitigations of the vulnerabilities.
- Scan your application with popular tools like AppScan, Fortify to conduct various tests such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Single Sign-on and encryption.
- Post deployment and maintenance (ensures security at various levels with millions of software developers employed across the world)