In today's digital world, web applications are the gateways to our data. But are they truly secure? This cyber security project presentation delves into the ever-present threat of web application vulnerabilities. Explore common vulnerabilities like SQL injection and Cross-Site Scripting (XSS). Learn how attackers exploit these weaknesses and discover effective strategies to identify, prevent, and mitigate them. Whether you're a developer, security professional, or website owner, this presentation equips you with the knowledge to safeguard your web applications and protect user data. visit us for more cyber security project presentation, https://bostoninstituteofanalytics.org/cyber-security-and-ethical-hacking/
Artificial intelligence in the post-deep learning era
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security Project Presentation
1.
2. Title: Tackling Web Application
Vulnerabilities
• Subtitle: SQL Injection, CSRF Attack
• Name - Pritesh Sangare
• Date – 30-03-2024
3. Introduction
• Web application vulnerabilities refer to
weaknesses or flaws in the design,
development, or implementation of web-based
software that could be exploited by attackers to
compromise the security or integrity of the
application or the data it handles. These
vulnerabilities can exist at various layers of the
web application stack and can result from
coding errors, misconfigurations, or inadequate
security measures. Some common web
application vulnerabilities include:
4. Overview of Web Application Vulnerabilities:
1. SQL Injection (SQLi): Attackers exploit SQL injection vulnerabilities to
manipulate or access the database backend of a web application by
injecting malicious SQL queries through user input fields.
2. Cross-Site Scripting (XSS): XSS vulnerabilities allow attackers to inject
malicious scripts into web pages viewed by other users, potentially
leading to data theft, session hijacking, or website defacement.
3. Cross-Site Request Forgery (CSRF): CSRF vulnerabilities enable
attackers to trick authenticated users into unknowingly performing actions
on a web application without their consent or awareness
4. Authentication and Session Management Flaws: Weaknesses in
authentication mechanisms or session management can lead to
unauthorized access, session hijacking, or privilege escalation attacks.
5. Security Misconfigurations: Improperly configured web servers,
databases, or application frameworks can create security gaps that
attackers can exploit to gain unauthorized access or execute malicious
actions.
5. Importance of Understanding and
Mitigating These Vulnerabilities:
• Protecting Sensitive Information: Web applications often handle
sensitive data, including personal information, financial data, and login
credentials. Mitigating vulnerabilities helps safeguard this information
from unauthorized access or disclosure.
• Protecting Business Assets: Web applications are valuable assets for
businesses, and their security is critical to maintaining operations,
intellectual property, and competitive advantage. Mitigating vulnerabilities
helps protect these assets from exploitation and compromise.
• Preventing Financial Loss: Security breaches can result in significant
financial losses due to data theft, service disruptions, legal penalties, and
remediation costs. Mitigating vulnerabilities reduces the risk of financial
harm to organizations.
• Maintaining Trust and Reputation: Security breaches can damage an
organization's reputation and erode customer trust. Proactively
addressing vulnerabilities demonstrates a commitment to security and
helps preserve trust with users and stakeholders.
6. Purpose of the Presentation:
• Increase awareness and understanding of common web application
vulnerabilities among stakeholders, including developers, administrators,
and management.
• Highlight the risks and potential consequences associated with these
vulnerabilities.
• Provide guidance on best practices and strategies for mitigating web
application vulnerabilities, including secure coding practices, vulnerability
scanning, and penetration testing.
• Demonstrate the importance of integrating security into the software
development lifecycle and adopting a proactive approach to web
application security.
• Empower organizations to enhance their security posture and mitigate the
risks posed by web application vulnerabilities effectively.
7. DVWA (Damn Vulnerable Web Application)
• DVWA, or Damn Vulnerable Web Application, is a purposely
crafted web application designed to be vulnerable to various
security threats. It's an invaluable tool for both learning about
web security vulnerabilities and for testing the effectiveness of
security solutions.
Purpose
• DVWA serves a dual purpose: education and testing. It provides a
safe environment for individuals to explore and understand
common web vulnerabilities without the risk of compromising
real-world systems. By simulating these vulnerabilities in a
controlled environment, users can gain practical experience in
identifying, exploiting, and mitigating security issues.
8. Why DVWA?
• Real-world Scenarios: DVWA replicates scenarios that mimic real-
world web applications, offering a hands-on experience with
vulnerabilities like SQL injection, XSS (Cross-Site Scripting), and,
pertinent to our discussion, CSRF (Cross-Site Request Forgery).
• Gradual Difficulty: DVWA offers varying levels of difficulty for each
vulnerability, allowing users to progress from basic concepts to
more advanced exploitation techniques. This gradual learning
curve is beneficial for individuals at all skill levels.
• Safe Environment: Since DVWA is isolated and intended for
educational purposes, users can freely experiment with different
attack vectors and security controls without risking harm to live
systems.
9. Definition of SQL Injection
• SQL injection is a type of cyber-attack that
occurs when an attacker inserts or manipulates
malicious SQL (Structured Query Language)
code into input fields or parameters used by an
application. The goal of SQL injection is to
manipulate the database queries executed by
the application, allowing the attacker to perform
unauthorized actions or gain access to
sensitive data.
11. Risks Associated with SQL Injection
Attacks
1.Unauthorized Data Access: Attackers can exploit SQL Injection
vulnerabilities to retrieve sensitive information from the database,
such as usernames, passwords, credit card numbers, or personal
data.
2.Data Manipulation: SQL Injection attacks can be used to modify
or delete database records, alter application functionality, or
tamper with critical data, leading to data loss or corruption.
3.Server Compromise: In severe cases, SQL Injection
vulnerabilities may allow attackers to execute arbitrary commands
on the database server, potentially leading to full compromise of
the underlying infrastructure.
4.Data Leakage: SQL Injection attacks can result in the leakage of
sensitive information, such as intellectual property, proprietary
data, or confidential business records, which can have serious
consequences for organizations.
12. Exploit the
SQLI
Vulnerability
In my project, I conducted a
SQL injection attack on the
Damn Vulnerable Web
Application (DVWA) using Burp
Suite. After logging into DVWA,
I deployed various payloads to
exploit SQL injection
vulnerabilities across all levels.
I retrieved hash values from
the database, which I
subsequently decoded using
Crackstation.in. By capturing
and modifying requests
through Burp Suite's repeater, I
successfully obtained
usernames and passwords of
users, showcasing the critical
security implications of SQL
injection vulnerabilities in web
applications.
13. • Here in Burp Suit I Injected the SQLI Script in the id field and it worked '1
or 1=1 UNION SELECT user, password FROM users#’ this is the payload
injected for Level “Medium”.
14. I conducted a high-level
vulnerability assessment of a
web application by manually
inspecting its source code.
During my analysis, I
identified a critical SQL
injection vulnerability.
Through careful examination
and experimentation, I crafted
specialized payloads to
exploit this weakness. These
payloads were designed to
manipulate SQL queries,
ultimately granting
unauthorized access to the
application's database. By
leveraging this vulnerability, I
demonstrated the severe
security risks associated with
inadequate input validation
and showcased the potential
consequences for the
application's integrity and
15. Subsequently, I extracted hashed passwords from the compromised database.
Employing tools like John the Ripper or Hashcat in my Kali Linux environment, I
successfully decoded these hash values. This process revealed plaintext passwords,
underscoring the gravity of the vulnerability and highlighting the urgency for robust
security measures in web applications."
16. Safeguarding Web Applications Against SQL Injection Attacks
• Input Validation: Implement rigorous input validation techniques to prevent malicious actors from
injecting SQL code into web application fields.
• Secure Coding Practices: Adhere to secure coding practices such as using prepared statements and stored
procedures to mitigate the risk of SQL injection vulnerabilities.
• Sanitization and Escaping: Properly sanitize and escape user input before incorporating it into SQL
queries to neutralize potential injection attempts.
• Least Privilege Principle: Limit access rights to database users and application components following the
least privilege principle to minimize the impact of SQL injection attacks.
• Regular Security Audits: Conduct regular security audits and penetration testing exercises to proactively
identify and address SQL injection vulnerabilities.
• Web Application Firewalls (WAFs): Implement WAFs to provide an additional layer of defense against SQL
injection attacks by monitoring and filtering incoming traffic for malicious SQL queries.
17. Definition of CSRF
(Cross-Site Request Forgery)
• CSRF (Cross-Site Request Forgery) is a type
of web security vulnerability that allows an
attacker to trick a user into unintentionally
performing actions on a web application in
which the user is authenticated. The attacker
crafts a malicious request and persuades the
victim to execute it, often by embedding the
request within a legitimate-looking webpage or
email. Since the victim is already
authenticated, the web application processes
the malicious request as if it were initiated by
the legitimate user.
18. Explanation of How CSRF Attacks Work
1.Authentication: The victim user logs into a web application (e.g.,
online banking, social media) and establishes a valid session.
2.Malicious Request: The attacker crafts a malicious request,
typically in the form of a URL or HTML form submission, that
performs an action on the web application. For example,
transferring funds, changing account settings, or submitting a
form.
3.Tricking the Victim: The attacker persuades the victim to visit a
webpage or click on a link that triggers the malicious request. This
can be accomplished through phishing emails, malicious
advertisements, or compromised websites.
4.Execution of Request: Since the victim is already authenticated
to the web application, their browser automatically includes any
cookies associated with the site in the request. The web
application processes the request, unaware that it was initiated by
the attacker rather than the legitimate user.
19. Risks Associated with CSRF Attacks
1.Unauthorized Actions: CSRF attacks can lead to unauthorized
actions being performed on behalf of the victim user without their
knowledge or consent. This can include transferring funds,
changing account settings, or deleting data.
2.Data Manipulation: Attackers can use CSRF to manipulate data
within the web application, potentially leading to data loss,
corruption, or privacy breaches.
3.Account Takeover: In severe cases, CSRF attacks can result in
full account takeover if the attacker can perform actions that grant
them additional privileges or access sensitive information.
4.Reputation Damage: Successful CSRF attacks can damage the
reputation and trustworthiness of the affected web application,
leading to loss of users and business.
20. Solving the DVWA CSRF Attack with Burp
Suite
• Step 1: Identify the CSRF Vulnerability
• Log in to the DVWA application using your credentials.
• Navigate to the vulnerable page or functionality where the
CSRF vulnerability exists. This could be a form submission,
such as changing account settings or performing a sensitive
action.
• With Burp Proxy intercept turned on, perform the action
that triggers the CSRF vulnerability in DVWA.
• In Burp Suite, review the intercepted requests and
responses to identify any CSRF tokens or lack of anti-CSRF
protections.
21. Successful
Execution of
CSRF Attack
Once the CSRF
vulnerability is identified,
craft a malicious HTML
page or script that submits
a forged request to exploit
the vulnerability.
Host the malicious page
on a web server or use
local file access,
depending on the target
application's
requirements.
Trick the victim user into
visiting the malicious page
while logged into the
DVWA application
22. The image show the Password for the admin has been
changed after the request has been modified through burp
suit to change the password of the victim unintentionally
23. • Identify Key Areas for CSRF Protection: Begin by identifying critical areas of your web
application that require CSRF protection, such as forms for sensitive actions like
changing passwords, making transactions, or updating user settings.
• Generate CSRF Tokens: Implement a mechanism to generate unique CSRF tokens for
each user session. These tokens should be cryptographically secure and stored in
session variables.
• Include CSRF Tokens in Forms and Requests: Modify your web application's forms to
include hidden fields containing the CSRF tokens. Ensure that these tokens are
automatically included in every form submission and AJAX request.
• Validate CSRF Tokens on the Server Side: Implement server-side validation to verify the
authenticity of CSRF tokens with each incoming request. If the token is missing or
invalid, reject the request and return an appropriate error message.
• Testing and Validation: Thoroughly test the CSRF protection mechanisms by simulating
CSRF attacks using tools like Burp Suite or OWASP ZAP. Verify that all sensitive actions
require valid CSRF tokens and that unauthorized requests are appropriately blocked.
Implement CSRF protection mechanisms in your web
application
24. ' or'1'='1
1' or'1'='1 UNION SELECT
1' or'1'='1 UNION SELECT * from password
UNION SELECT user , password from users#
1 or 1=1 UNION SELECT user, password FROM users#
Session ID: 1' UNION SELECT user, password FROM users#
hashcat -a 0 -m 0 hashes~/seclists/Passwords/probable-v2-top
hashcat -a 0 -m 0 hashes~/seclists/Passwords/probable-v2-top.txt
john --list=formats
john --list=formats | grep MD5
john --format=Raw-MD5 --show hashes
SQLi Payloads Used For Project:
Unveiling Web Vulnerabilities
25. Conclusion
• In conclusion, we've explored the vulnerabilities of web
applications, focusing on SQL injection and Cross-Site Request
Forgery (CSRF) attacks. By understanding SQL injection
payloads and CSRF exploitation, we've emphasized the
importance of ongoing vulnerability assessment and
mitigation.
• Continued vigilance, secure coding practices, and robust
mitigation strategies are essential for protecting web
applications against these threats. Utilize available resources
for further learning and practice to strengthen your defenses
and ensure a safer digital environment for users worldwide.
• Thank you for your attention and dedication to web
application security.