Web Application Security Testing (VAPT)

Features

A typical website penetration testing service comprises of simulation of real life hacking methodologies. It encompasees various security attack vectors and exploitation of potential vulnerabilities. Web application security testing performed by Valency Networks is an entirely manual approach. This service basically answers questions such as "What is Web VAPT", "How web pentesting is carried out?". While we do use automated tools, in order to mimic the real life hackers, we perform testing manually using pre-validated and highly technical test cases, that follow OWASP Top 10 standard.

Exploit Categories

  • Web server exploits

  • Web service exploits

  • Authentication problems

  • Configuration problems

  • Database related problems

  • Scripting related problems

Vulnerabilities Detected

  • SQL Injection

  • Cross Site Scripting (XSS)

  • Cross Site Request Forgery (CSRF)

  • Forms Input Forgery

  • Code Inection

  • Cookie Poisioning

  • 400+ other vulnerabilities

Standards Followed

  • OWASP Top 10 - 2014

  • NIST - CWE Standard

Test Approaches

  • Black Box

  • Gray Box

What Is A Layer 7 Attack?

Layer 7 is the topmost layer of OSI model. It is known as the Application Layer. It helps application interact with network. Examples include: HTTP, FTP and Telnet among few Layer 7 DDOS attacks take advantages of weaknesses in the application layer to craft multiple DDOS requests against an application with the aim of making it unavailable to the user.
HTTP flooding is one common type of DDOS attack where in multiple GET/POST requests are sent to the server either from one source or multiple sources. Server gets confused with the sudden flow of requests and crashes or slows down completely.

What Is SIRT Security?

Security Incident Response Team is responsible for assessing and handling security breaches and incidents in an organization. Their responsibilities include from handling the incident to doing root cause analysis to documenting its findings in a report.

What Are The Steps For Web Vulnerability Analysis?

With growing number of attacks every day, it has become important to implement and deploy strategies that would make application immune to this kind of attacks. It is only possible if we think like a hacker would and conduct a security assessment of application periodically.
Vulnerability Assessment and Penetration Testing is one such part of security assessment which helps us find out loopholes in the application and exploit it to see how much further damage can be done. This testing if done efficiently and prominently would save a lot amount of money and reputation that would otherwise be exploited in case of major breach or attack.
Any Vulnerability Analysis starts with the deep understanding of an application or network one is trying to protect. Once we know the underlying architecture it becomes easy to find out weaknesses pertaining to OS, Coding language (Server and Client side), Server Software, Database Architecture, Network details etc.
This is often termed as footprinting. Once we have enough info about the application, we can use vulnerability assessment tools in the market to detect the loopholes. Once we have gathered all the details about vulnerabilities, we can craft specific attacks either manually or using automated tools against the machines to gauge the impact. This is termed as penetration testing.
It is important to collate all the findings in terms of a report with the action plan for each item based on the severity of the vulnerability and its impact.
More info can be found on:
Steps of Penetration Testing

What Kind Of Security Is Needed For Web Services?

Web service is a medium by which a client can connect to the server on internet. The following must be implemented to secure the web services.

  • Confidentiality

  • Authentication

  • Authorization

  • Network Security

  • Non Repudiation

  • Data protection

Detailed info can be found on:
Top 10 Web service security requirements

What Are The Advantages Of Https Over Http?

HTTP is a hypertext transfer protocol. IT is a means by which a web client can interact with web server for transfer or access of resources which are spread across web.
HTTP does not encrypt the web requests and corresponding responses while they are travelling from client to server or vice versa. Hence, anyone monitoring the session can see the data in plain text and exploit it for further damage.
HTTPS stands for hypertext transfer protocol secure. IT is same as HTTP but with more security as it uses Transport Layer Security, a protocol to encrypt the communication between a server and client. Thus, it becomes difficult for an attacker to interpret the session and exploit it.

What Are The Strategies To Secure Web Applications?

With growing number of websites and easy access to internet, hacker's attack vector is also expanding. Hackers are becoming very advanced with their strategies and finding new ways of destruction. Hence, introducing web application security during early stages of development is important.
Following strategies can be adopted to ensure web security.

  • Perform risk analysis during early stages of product development. This helps finding out loopholes related to a particular component, be it web service, coding language, server etc and can be treated then and then.

  • Use secure coding practices while writing code. This reduces the chances of attacks due to use of wrong functions or wrong logic.

  • Do code review frequently. Ask your peers to assess your code. Also, opt for automated source code review tools in the market for more detailed analysis.

  • Perform VAPT for your application. Opt for manual and automated methods. This will give you an idea of all the vulnerabilities present in your application while it is actually running.

What Are The Primary Security Issues In Web Service?

Confidentiality, Authentication, Validation, Sanitization and insecure communication are the primary security issues that all web services need to look into before making their products/services live.

  • Confidentiality:


    Includes using encryption mechanism to keep sensitive data secure. This is strongly recommended for applications having payment services as the data to be transmitted are critical data that can be misused by hackers. Also for the purpose of customer satisfaction and privacy, confidentially is a must.

  • Authentication:


    Authentication bypass is a prevalent attack these days by simply implementing brute force attacks and SQL injection attacks. Therefore secure your login and authentication mechanisms are very essential.

  • Validation & Sanitization:


    Many applications perform Validation & Sanitization only on the client side and forget to consider doing the same on their server-side which is equivalent to using a head umbrella during heavy rains.

  • Insecure Communication:


    While dealing with sensitive data such as customer details, payment card details, social security numbers, emails, and more every SysAdmin must ensure their application is using a secure mode of communication.
More information can be found here:
Typical Web Application Security Vulnerabilities Pentesting

How To Check Website Security Online?

There are many tools to perform online automated testing. Also there are Firefox and Chrome extensions using which we can perform both manual and automated testing. Few of them are as follows: Security Headers, Nmap, Pentest tools, Shodan, Cookie Editors, Wapplyzer, Acunitix, siteguard, sucuri, etc.

How Do I Scan A Website For Virus?

There are various automated tools that help in scanning a website for virus/malware. Listed below are few of them: URL Scanner, Quttera, SUCURI, SiteGuarding, Astra Security, VirusTotal, MalCare, ReScan, SiteGuard.

How Can You Check If A Website Is Legit?

Internet is now filled with numerous types of websites that are being visited by millions of people in just one second. But little do we know whether what we see is legit or fake. Visiting an insecure/fake website is similar to visiting a haunted house that can lead to getting affected by malwares, sensitive data leakage, spam, and many more such deadly ghost.
Here are 8 simple ways to identify a fake website:

  • Verify Website's Trust Seal:


    Trust seal ensures site visitors that the website is they are landed on is secure.

  • Verify secure communication (http or https):


    HTTPS ensures the communication channel is encrypted secure. However this does not do much as a fake site can have a https connection too. For this reason we also need to do the next check.

  • Verify the certificate:


    The digital certificate is issued by CA (Certificate Authorities) that contains a digital signature which confirms that the ABC Company owns this website and is trusted by internet browsers.

  • Verify Certificate Issuer:


    Check if the certificate issuer is in the CA trust list.

  • Verify Certificate Validity Date:


    Ensure the website certificate validity ate is not expired.

  • Verify Contact Information:


    Check if the website has contact details of the company like physical location, company email id, mobile number, etc.

  • Verify Social Media Platforms Of The Website:


    Visit the company's social media accounts to ensure their presence. Read reviews on those platforms to get better understanding on the company profile.

  • Verify If The Website Has A Privacy Policy:


    Most legit sites have privacy policies mentioned and written on their websites. When it comes to e-commerce sites look for shipping and return policies if it's not present consider it to be fake.

  • Observe if the website has Over-Abundance of Ads. Beware of following types of Ads:


    • Ads that take up the whole page
    • Ads that require you to take a survey (or complete some other action) before continuing
    • Ads that redirect you to another page
    • Explicit or suggestive ads

  • Run a whois scan:


    Whois displays the domain registration information of the website.

Penetration Testing Services

WHAT IS AUTH BYPASS?

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place. This refers to an attacker gaining access equivalent to an authenticated user without ever going through an authentication procedure. This is usually the result of the attacker using an unexpected access procedure that does not go through the proper checkpoints where authentication should occur.

As a best pentesting company we witness multiple scenarios while performing vulnerability assessment for our customers. For example, a web site might assume that all users will click through a given link in order to get to secure material and simply authenticate everyone that clicks the link. However, an attacker might be able to reach secured web content by explicitly entering the path to the content rather than clicking through the authentication link, thereby avoiding the check entirely. This attack pattern differs from other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than faking authentication by exploiting flaws or by stealing credentials from legitimate users.

WHAT IS CODE INJECTION?

Code Injection, or Remote Code Execution (RCE) refers to an attack where in an attacker is able to execute malicious code as a result of an injection attack. Code Injection differs from Command Injection since an attacker is confined to the limitations of the language executing the injected code. While its possible for an attacker to escalate an attack from Code Injection to execute arbitrary shell commands, its not always the case.

Typically, Code Injection occurs when an application evaluates code without validating it first. Code Injection refers to any means which allows an attacker to inject source code into a web application such that it is interpreted and executed. This does not apply to code injected into a client of the application, e.g. Javascript, which instead falls under the domain of Cross-Site Scripting (XSS).

WHAT IS PRIVILEDGE ESCALATION?

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. Typically a non-admin user would try to become an admin user, to gain more access than required.

Privilege escalation has 2 types:

Vertical privilege escalation, also known as privilege elevation, where a lower privilege user or application accesses functions or content reserved for higher privilege users or applications (e.g. Internet Banking users can access site administrative functions or the password for a smartphone can be bypassed.)

Horizontal privilege escalation, where a normal user accesses functions or content reserved for other normal users (e.g. Internet Banking User A accesses the Internet bank account of User B)

WHAT IS SERVER MISCONFIG?

It is typically and wrongly assumed that an application is always hacked at application layer. Considering the mentality of a hacker, they always want to gain maximum control. This can be achieved by infiltrating or compromising the hosting server itself. This can lead the attacker to gain direct access to the code and databases.

Server Misconfiguration attacks exploit configuration weaknesses found in web servers and application servers. Many servers come with unnecessary default and sample files, including applications, configuration files, scripts, and web pages. They may also have unnecessary services enabled, such as content management and remote administration functionality. Debugging functions may be enabled or administrative functions may be accessible to anonymous users. Website security testing services features basically provide a means for a hacker to bypass authentication methods and gain access to sensitive information, perhaps with elevated privileges.

WHAT IS COOKIE INJECTION?



Cookies are an important feature of Web Applications and penetration testers must have a good understanding of Cookies from Security Point Of View . Once the tester has an understanding of how cookies are set, when they are set, what they are used for, why they are used, and their importance, the penetration tester must know how to test if they are secure.

If an attacker were able to acquire a session token by attacks such as cross site scripting or by sniffing an unencrypted session, then they could use this cookie to hijack a valid session.


Our Culture

Valency Networks is a very agile, friendly and fun loving atmosphere and yet we maintain a cutting edge technical vibrant work environment.