313 Chapter 12 Web Hacking Web applications are where majority of attacks are occuring now a days. Since past decade, we
have seen an upward progression in the layers of insecurities where the attacks moving from
Phsical layer up to application layer of the OSI model. This chapter is going to be probably the
biggest in this book, and we will talk about some of the most common web application attacks,
along with some server-side attacking techniques and strategies.
Let’s talk about web application attacks first. Almost every web application attack is due to
unvalidated input: failure to validate input upon authentication, on form fields, or other inputs
such as http headers and cookies. Web application hacking happens because either developers
aren’t taught to validate inputs or they don’t pay much attention to it.
Attacking the Authentication Authentication in web security is an application to verify if it’s the correct user that accesses the
private/protected information. In this section, we will talk about authentication-based attacks.
Some of the common vulnerabilities against authentication are as follows:
◾
Credentials sent over HTTP. Since they are unencrypted, an attacker on LAN/WLAN can
launch an MITM attack. See Network Sniffing chapter (Chapter 6).
◾
Default passwords.
◾
Weak or simple credentials that can be cracked with brute force or dictionary attacks.
◾
Bypassing authentication by using various vulnerabilities.
◾
Abusing reset forgotten password functionality.
◾
Passwords being stored in local storage, making it easy for an attacker to extract them by
using XSS vulnerability.
In this section, most of our focus would be on some of the commonly used vulnerabilities to
bypass authentication such as SQL injection and Xpath injection. But before that, let’s talk about
some low-profile attacks.