Web Application Penetration Testing

Vaibhav Malgewar#1,Hrishikesh Somchatwar*2, Hritik Kuthe#3

#
Priyadarshini College of Engineering, Nagpur
1
[email protected]
2
[email protected]
*
Project Guide: CR Pote
Priyadarshini College of Engineering, Nagpur

They typically involve the use

Abstract A vulnerability assessment is a of automated testing tools, such
systematic review of security weaknesses in as network security scanners,
an information system. It evaluates if the whose results are listed in a
system is susceptible to any known vulnerability assessment report.
vulnerabilities, assigns severity levels to
those vulnerabilities, and recommends
remediation or mitigation, if and whenever Organizations of any
needed size, or even individuals
who face an increased
A vulnerability assessment is the process risk of cyberattacks, can
of defining, identifying, classifying and benefit from some form
prioritizing vulnerabilities in computer of vulnerability
systems, applications and network assessment, but large
infrastructures. Vulnerability assessments enterprises and other
also provide the organization doing the types of organizations
assessment with the necessary knowledge, that are subject to
awareness and risk backgrounds to understand ongoing attacks will
and react to the threats to its environment. benefit most from
vulnerability analysis.

Keywords— Vulnerability, Assessment,

severity, mitigation, Infrastructure.
Because security
I. INTRODUCTION vulnerabilities can enable
A vulnerability assessment hackers to access IT systems
is the process of defining, and applications, it is essential
identifying, classifying and for enterprises to identify and
prioritizing vulnerabilities in remediate weaknesses before
computer systems, applications they can be exploited. A
and network infrastructures. comprehensive vulnerability
Vulnerability assessments also assessment, along with a
provide the organization doing management program, can help
the assessment with the companies improve the
necessary knowledge, security of their systems.
awareness and risk
backgrounds to understand and
react to the threats to its
environment. II. Purpose
A vulnerability assessment provides an
A vulnerability assessment organization with information on the
process is intended to identify security weaknesses in its environment. It
threats and the risks they pose. also provides direction on how to assess
the risks associated with those security. “Burp,” as it is commonly
weaknesses. This process offers the known, is a proxy-based tool used to
organization a better understanding of its evaluate the security of web-based
assets, security flaws and overall risk, applications and do hands-on testing.
reducing the likelihood that a
cybercriminal will breach its systems and Burp Suite Professional is one of the
catch the business off guard most popular penetration testing and
vulnerability finder tools, and is often
Application security is important because used for checking web application
today's applications are often available security. “Burp,” as it is commonly
over various networks and connected to the known, is a proxybased tool used to
cloud, increasing vulnerabilities to security evaluate the security of web-based
threats and breaches. applications and do hands-on testing.
With more than 40,000 users, Burp Suite
Application security testing can reveal is the world’s most widely used web
weaknesses at the application level, vulnerability scanner. It has a robust and
helping to prevent these attacks. modular framework, and is packed with
optional extensions that can increase web
application testing efficiency.
III. SCOPE
The scope of Vulnerability
Assessment is usually all-encompassing,
spreading over an entire organization or,
at least over an entire critical system the
organization uses. Penetration Testing, on
the other hand, may follow a narrower
scope.
FIGURE I

IV. METHODOLOGY
V. WORKFLOW
Determining the Information Security
risks in a company is a complex and
involving task. In a dynamic and
integrated environment, locating and
assessing threats and vulnerabilities is
simply not enough. Therefore, what you
need is not only a simple vulnerability
assessment but an integrated process of
vulnerability management.

Burp Suite Professional is one of the

most popular penetration testing and
vulnerability finder tools, and is often
used for checking web application
 vulnerabilities in it that could be used
by a hacker to carry out a malicious
attack. Nessus is called a "remote
scanner" because it does not need to be
installed on a computer for it to test
that computer. Instead, you can install
it on only one computer and test as
many computers as you would like.

Nessus is a remote security scanning

tool, which scans a computer and raises
an alert if it discovers any vulnerabilities
that malicious hackers could use to gain
access to any computer you have
connected to a network.To learn how
Nessus and other port-scanning security
tools work, it is necessary to understand
different services (such as a web server,
SMTP server, FTP server, etc) are
accessed on a remote server. Most high-
level network traffic, such as email, web
pages, etc reach a server via a high-level
protocol that is transmitted reliably by a
TCP stream. To keep different streams
from interfering with each other, a
computer divides its physical connection
to the network into thousands of logical
paths, called ports. So if you want to talk
to a web server on a given machine, you
would connect to port #80 (the standard
HTTP port), but if you wanted to connect
to an SMTP server on that same machine
you would instead connect to port #25.

Each computer has thousands of

ports, all of which may or may not
have services (ie: a server for a specific
high-level protocol) listening on them.
Nessus works by testing each port on a
computer, determining what service it
is running, and then testing this service
to make sure there are no
 Directory traversal
is a vulnerability that
allows attackers to
break out of a web
server’s root directory
and access other
locations in the server's
file system. Directory
traversal, also known
as path traversal, ranks
#13 on the
VI. FINDINGS CWE/SANS Top 25
Most Dangerous
Manual findings as well
Software Errors. It is
tools finding all findings may content
an HTTP attack which
sensitive data.
allows attackers to
List of findings: access restricted
directories and execute
• Directory Transversal
commands outside of
• XSS- Cross Site the web server’s root
Scripting directory. and its
• CSRF- Cross Site variations or by using
Request Forgery absolute file paths, it
may be possible to
• Click Jacking access arbitrary files
• Backup file and directories stored
on file system
• Cookie without http including application
only flag set source code or
• Email spoofing configuration and
critical system files.
• sensitive Data Exposure.
This might include
application code and
data, credentials for
backend systems, and
VII. THREAT DESCRIPTION sensitive operating
system files. In some
cases, an
attacker might be
 Directory Traversal
able to write to
arbitrary files on the
server, allowing them
to modify application
data or behavior, and
ultimately take full
control of the server.
A directory traversal
vulnerability is the
result of insufficient
filtering/validation of
browser input from
users. Directory
traversal
vulnerabilities
 can be located in the language's tight
web server integration with most
software/files or in browsers. This
application code that is ability to exploit
executed on the server. commonly used
Directory traversal platforms makes
vulnerabilities can XSS attacks both
exist in a variety of dangerous and
programming common.
languages, including
Python, PHP, Apache, XSS occurs when an
ColdFusion, Perl and attacker tricks a web
more. Enterprises application into
commonly rely on sending data in a form
vulnerability scanning that a user’s browser
and manual can execute. Most
penetration testing commonly, this is a
techniques to detect combination of
directory traversal HTML and XSS
vulnerabilities. provided by the
Cross-site Scripting attacker, but XSS can
(XSS) is a client-side also be used to deliver
code injection attack malicious downloads,
in which malicious plugins, or media
scripts are injected content.
into websites and web An attacker is able
applications for the to trick a web
purpose of running on application this way
the end user's device. when the web
During this process, application permits
unsensitized or data from an untrusted
unvalidated inputs source — such as data
(user-entered data) are entered
used to in a form by users or
change outputs. passed to an API
An XSS attack can endpoint by client
turn a web software — to be
application or displayed to users
website into a without being properly
vector for delivering escaped.
malicious scripts to
the web browsers of
unsuspecting
victims.

XSS attacks can

exploit vulnerabilities
in a range of
programming
environments,
including VBScript,
Flash, ActiveX, and
JavaScript. Most often,
XSS targets
JavaScript because of
 VIII. CONCLUSION
Web application security is a stack of
attack surfaces and defensive mitigating
solutions. It is not enough to protect web
applications with only one technique, or
at only one layer of the stack.
Vulnerabilities in the platform, or in
protocols, such as TCP or HTTP, are just
as devastating to the security and
availability of applications as attacks
against the application itself.

A full stack of mitigating solutions is

necessary to realize a positive web
application security posture. It is
important to note that a comprehensive
approach requires collaboration across
network, security, operations and
development teams, as each has a role to
play in protecting applications and their
critical data.

Cross-Site Scripting

REFERENCES

[1] S. M. Metev and V. P. Veiko, Laser Assisted

Microtechnology, 2nd ed., R. M. Osgood, Jr.,
Ed. Berlin, Germany: Springer-Verlag, 1998.
[2] J. Breckling, Ed., The Analysis of Directional
Time Series: Applications to Wind Speed and
Direction, ser. Lecture Notes in Statistics.
Berlin, Germany: Springer, 1989, vol. 61.
[3] S. Zhang, C. Zhu, J. K. O. Sin, and P. K. T.
Mok, “A novel ultrathin elevated channel low-
temperature poly-Si TFT,” IEEE Electron
Device Lett., vol. 20, pp. 569–571, Nov. 1999.
[4] M. Wegmuller, J. P. von der Weid, P. [9] “PDCA12-70 data sheet,” Opto Speed SA,
Oberson, and N. Gisin, “High resolution fiber Mezzovico, Switzerland.
distributed measurements with coherent [10] A. Karnik, “Performance of TCP congestion
OFDR,” in Proc. ECOC’00, 2000, paper control with rate feedback: TCP/ABR and rate
11.3.4, p. 109. adaptive TCP/IP,” M. Eng. thesis, Indian
[5] R. E. Sorace, V. S. Reinhardt, and S. A. Institute of Science, Bangalore, India, Jan.
Vaughn, “High-speed digitalto-RF converter,” 1999.
U.S. Patent 5 668 842, Sept. 16, 1997. [11] J. Padhye, V. Firoiu, and D. Towsley, “A
[6] (2002) The IEEE website. [Online]. Available: stochastic model of TCP Reno congestion
http://www.ieee.org/ avoidance and control,” Univ. of
[7] M. Shell. (2002) IEEEtran homepage on Massachusetts, Amherst, MA, CMPSCI Tech.
CTAN. [Online]. Available: Rep. 99-02, 1999.
http://www.ctan.org/texarchive/macr [12] Wireless LAN Medium Access Control (MAC)
os/latex/contrib/supported/IEEEtran/ [8] and Physical Layer
FLEXChip Signal Processor
(MC68175/D), Motorola, 1996.

(PHY) Specification, IEEE Std. 802.11, 1997.