Typical Web Application Security Vulnerabilities Pentesting

We must thank IT virtualization as it led us to cloud technology. Today's IT infrastructures are already running their mission critical business applications on virtual machines. Like the physical infrastructure, virtualization is also cursed with cyber security challenges. This article talks about a typical open source virtualization solution and depicts the steps to secure its.


WEB APPLICATION VULNERABILITY

Web Application Vulnerabilities are some of the most common flaws leading to modern data breaches, These are not limited to only XSS(Cross Site Scripting) and SQL INJECTION.

Application Vulnerability

Software system flaws or weaknesses in an application that could be exploited to compromise the security of the application.

Buffer Overflow

Buffer Overflows occur when there is more data in a buffer than it can handle, causing data to overflow into adjacent storage.

CRLF INJECTION

CRLF Injection attacks refer to the special character elements "Carriage Return" and "Line Feed." Exploits occur when an attacker is able to inject a CRLF sequence into an HTTP stream.

CROSS SITE REQUEST FORGERY

Cross-Site Request Forgery (CSRF) is a malicious attack that tricks the user’s web browser to perform undesired actions so that they appear as if an authorized user is performing those actions.

CROSS SITE SCRIPTING

XSS vulnerabilities target scripts embedded in a page that are executed on the client-side (in the user’s web browser) rather than on the server-side.

DIRECTORY TRAVERSAL

Encapsulation refers to a programming approach that revolves around data and functions contained, or encapsulated, within a set of operating instructions.

ENCAPSULATION

Cross-Site Request Forgery (CSRF) is a malicious attack that tricks the user’s web browser to perform undesired actions so that they appear as if an authorized user is performing those actions.

FAILRE TO RESTRICT URL ACCESS

One of the common vulnerabilities listed on the Open Web Application Security Project’s (OWASP) Top 10. The OWASP Top 10 details the most critical vulnerabilities in web applications.

FORMAT STRING

Format String attacks occur when an application interprets data as a command and allows an attacker to access the underlying code base.

INSECURE CRYPTOGRAPHIC STORAGE

Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive data is not stored securely from internal users.

INSUFFICIENT TRANSPORT LAYER PROTECTION

Insufficient transport layer protection is a security weakness caused by applications not taking any measures to protect network traffic.

LDAP INJECTION

ILDAP injection is the technique of exploiting web applications that use client-supplied data in LDAP statements without first stripping potentially harmful characters from the request.

MALICIOUS CODE

Analysis tools are designed to uncover any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.

OS COMMAND INJECTION 

Command injection refers to a class of critical application vulnerabilities involving dynamically generated content. Attackers execute arbitrary commands on a host operating system using a vulnerable application. 

SQL INJECTION

SQL injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command, which is executed by a web application, exposing the back-end database.