Web Pentesting

Web application pen testing helps identify real-world attacks that could succeed at accessing these systems. It identifies vulnerabilities. Web application pen testing identifies loopholes in applications or vulnerable routes in infrastructure—before an attacker does. It helps confirm security policies.

Insecure Direct Object Reference (IDOR) is a security vulnerability where an attacker can access or modify unauthorized data by manipulating input values, such as object identifiers in URLs or API requests. This flaw occurs when an application fails to enforce proper authorization checks, allowing direct access to restricted resources. IDOR can lead to data breaches, unauthorized modifications, and privilege escalation, making it a critical issue in web application security.

SSRF (Server Side Request Forgery) is a vulnerability where an attacker manipulates a server to send unintended requests, often leading to unauthorized access of internal services or data.

Insecure Direct Object Reference (IDOR) is a security vulnerability where an attacker can access or modify unauthorized data by manipulating input values, such as object identifiers in URLs or API requests. This flaw occurs when an application fails to enforce proper authorization checks, allowing direct access to restricted resources. IDOR can lead to data breaches, unauthorized modifications, and privilege escalation, making it a critical issue in web application security.

SQL Injection is a cyberattack where an attacker manipulates SQL queries by injecting malicious input into a web application's database query. This exploit can allow unauthorized access, data leakage, modification, or even deletion of records. It occurs when user inputs are not properly sanitized, enabling attackers to bypass authentication or execute arbitrary SQL commands. Preventing SQL Injection involves using prepared statements, input validation, and limiting database permissions to minimize potential damage.

SQL Injection is a cyberattack where an attacker manipulates SQL queries by injecting malicious input into a web application's database query. This exploit can allow unauthorized access, data leakage, modification, or even deletion of records. It occurs when user inputs are not properly sanitized, enabling attackers to bypass authentication or execute arbitrary SQL commands. Preventing SQL Injection involves using prepared statements, input validation, and limiting database permissions to minimize potential damage.

HTTP request smuggling is a web attack technique that exploits inconsistencies in the way different servers or components (like proxies and front-end/back-end servers) handle HTTP requests. By crafting malicious requests using conflicting headers (such as `Content-Length` and `Transfer-Encoding`), attackers can "smuggle" hidden requests past security controls. This can lead to various issues, including cache poisoning, session hijacking, and unauthorized access, making it a serious threat in modern web applications.

Burp Suite is a powerful web vulnerability scanner and penetration testing tool used by security professionals to identify and exploit vulnerabilities in web applications. Developed by PortSwigger, it offers features like a proxy server for intercepting traffic, an intruder for automating attacks, a repeater for manual testing, and a scanner for automated vulnerability detection. It's widely used for tasks like testing for SQL injection, XSS, and HTTP request smuggling.

XML External Entity (XXE) is a type of attack that exploits vulnerabilities in XML parsers. It occurs when an application processes XML input that includes a reference to an external entity. By exploiting this, attackers can access sensitive files, perform server-side request forgery (SSRF), or execute denial-of-service (DoS) attacks. XXE typically targets misconfigured or outdated parsers that allow external entity resolution, posing a significant threat to data confidentiality and system integrity.

Cross-Origin Resource Sharing (CORS) is a security feature implemented in web browsers that controls how web pages can make requests to a different domain than the one that served the web page. It uses HTTP headers to determine whether a request from one origin (domain) is allowed to access resources on another. Misconfigured CORS policies can lead to serious vulnerabilities, potentially allowing unauthorized websites to access sensitive data or perform actions on behalf of users.

Cross-site scripting (XSS) is a web security vulnerability that allows attackers to inject malicious scripts into webpages viewed by other users. These scripts, typically written in JavaScript, can steal cookies, session tokens, or other sensitive information, and even perform actions on behalf of users. XSS occurs when user input is improperly validated or sanitized. There are three main types: stored, reflected, and DOM-based XSS, each targeting different parts of the application.

JSON Web Token (JWT) vulnerabilities arise when tokens used for authentication and data exchange are improperly implemented or configured. Common issues include weak signing algorithms (like `none` or symmetric keys misused with asymmetric algorithms), insecure token storage, and token expiration mismanagement. Attackers can exploit these flaws to forge tokens, impersonate users, or gain unauthorized access to protected resources. Ensuring strong algorithms, proper validation, and secure storage is key to mitigating JWT vulnerabilities.

Server-Side Template Injection (SSTI) is a web security vulnerability that occurs when user input is unsafely embedded into a server-side template engine. Attackers exploit this by injecting malicious code into templates, which the server then executes. This can lead to unauthorized access, data exposure, remote code execution, or complete system compromise. SSTI affects applications using templating engines like Jinja2, Twig, or Velocity, and prevention involves proper input validation and secure coding practices.

Broken Access Control is a security vulnerability where users can access resources or perform actions outside of their intended permissions. This occurs due to improper enforcement of access restrictions, such as missing checks on user roles or insecure direct object references (IDOR). Attackers can exploit this to view, modify, or delete unauthorized data. Preventing broken access control involves implementing strict role-based access, validating user permissions, and conducting regular security testing.

Web application penetration testing (basics) involves assessing a web app for security vulnerabilities that could be exploited by attackers. It starts with information gathering, followed by identifying common issues like SQL injection, XSS, CSRF, broken authentication, and insecure direct object references (IDOR). Tools like Burp Suite, OWASP ZAP, and browser dev tools are commonly used. The goal is to simulate real-world attacks to find and fix weaknesses before malicious actors can exploit them.

Account takeover (ATO) is a type of cyberattack where an attacker gains unauthorized access to a user's online account, often through stolen credentials, phishing, credential stuffing, or social engineering. Once access is gained, the attacker can change passwords, steal sensitive data, perform fraudulent transactions, or use the account for further attacks. ATO can severely impact individuals and organizations. Preventive measures include strong password policies, multi-factor authentication (MFA), and continuous monitoring for suspicious activity.