Domain 5 of CEH: Web Application Hacking

This is Domain 5 of CEH, Which is web application hacking, It plays a very important part in the exam, so let's find out what this domain has to offer and why it is so important.

What is a Web Application?

A web application is a computer program that utilizes web browsers and web technologies to perform tasks over the internet. The demand for web apps is increasing because they don’t even require download. All you need to do is, access a web app from any web browser such as google chrome, internet explorer. The evolution of websites has led to the advancement of the web development process as well. There are three components of web application:

• Web server: Any request that comes from the client is managed by the webserver.
• Application server: The application server completes the tasks and requests sent by the client.
• Database: The database is the backend that stores and retrieves the needed information.

Domain 5 of CEH: Types of Web Application Hacking

SQL injection

In this technique, the hacker injects specially-crafted SQL statements to exploit improper input sanitization on the back end of a website. SQL is responsible for performing operations on a database like inserting values updating values and deleting values from a database table.

Most of the time, SQL deals with the data that is given by the user. To prevent these attacks, the user input must be first sanitized before performing any SQL operations

Cross-Site-Scripting

This flaw also exists as a result of erroneous input sanitization. They can use this Cross-Site Scripting technique to insert malicious scripts on the client-side. A hacker injects malicious JavaScript into the server with the intent of saving it to the server database.

The server does not validate the user input and saves it into the database without checking it. Any user that requests the same web page receives the injected script, which is executed by the user's browser because it comes from a website they trust. By doing so, a hacker can take a user's cookies and cause a lot of additional harm.

Insecure deserialization

Serializing is the process of transforming data from one form to another in such a way that both the sender and the receiver can understand it. When the webserver transmits data to the browser, it serializes it first. Similarly, when a browser transmits serialized data to a web server, the webserver must deserialize the data it receives.

If the server does not perform adequate checks before deserializing data received from the browser, a significant vulnerability such as remote code execution or privilege escalation can occur. This vulnerability can also be prevented by sanitizing everything that arrives from the browser before it is handled.

Cross-site request forgery

The hacker exploits this flaw by sending fraudulent requests to her domain from another website. This alternate website is frequently one that is hosted by the hacker himself. Consider a web page that allows the user to change his or her password. A post request is made to the URL with the new password when the user enters in the new password and clicks change. The password of that particular user is then changed by the webserver.

A hacker, on the other hand, can develop a web page that sends a post request to the same URL on the site but with a hard-coded password of his choosing. He simply sends the victim a link. When the victim clicks on it, the post request is delivered to the target website automatically. Since the victim is already authenticated on the target website the password is successfully changed to the one that the hacker wanted. This loophole can be prevented by implementing CSRF tokens.

Improper-security configuration

Web sites are created by programmers. They are also humans and humans make mistakes. Improper web server configuration is one of these mistakes. When a website is hosted, for example, the developers may completely neglect to change the server's admin panel's default passwords or delete the server's admin console.

In this instance, a hacker can entirely take control of the website by simply logging into the server's admin console with a default password such as admin, password, or root. So always remember to update the default passwords on a regular basis.

How to Secure Web Application Hacking

Application security is business security. Protecting your apps from attack is a highly complex never-ending job because apps are everywhere. They're the number one gateway to your data and your customer's data. The sheer number of applications deployed in multi-cloud environments significantly increases the threat surface and the risk to your apps and data.

The vast majority of undergraduate programs and computer science do not focus on application security rather the focus is almost entirely on the functionality and design of the applications. Responding to today's threat landscape can be overwhelming but there are steps to handle app security that are easy and effective.

• Implement a secure SDLC framework for software development.
• Gain the knowledge and appreciation for OWASP TOP 10 threats (a globally recognized list of the top threats which are updated annually).
• Capture the security requirements of the application right at the start of a software development lifecycle.
• Define, maintain and enforce industry application security best practices which evolve pretty quickly.
• Implement secure application design and architecture.
• Ensure secure coding practices for input validation, authentication, and authorization.
• Ensure the well-rounded security of your application for the coding cycle itself. It's important to inculcate a culture of secure coding cryptography, session management, and error handling at the stage of the secure SDLC.
• If some vulnerabilities persist, rate the severity of defects and publish comprehensive reports detailing the associated risks and mitigations of the vulnerabilities.
• Scan your application with popular tools like AppScan, and Fortify to conduct various tests such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Single Sign-on, and encryption.
• Post-deployment and maintenance (ensures security at various levels with millions of software developers employed across the world)

Related Blog:
CEH v11 Domain 4: Network And Perimeter Hacking

Securium Solutions Offers CEHv11 Training

Securium Solutions is a top training provider with a reasonable price tag. We encourage you to join us on an exciting trip with industry professionals to learn more about the Certified Ethical Hacker course. Courses can be taken as live instructor-led sessions or as self-paced courses, allowing you to finish your training journey whenever it is convenient for you.

Watch CEH v11 Training Videos