How Can You Hack Web Application? – Web Applications are that application that is running on a remote application server and available for clients over the internet. These web applications can be available on different platform such as Browser or Software to entertain the clients.
Use Of Web Application has been incredibly increased in last few years. Web application is basically depending upon Client-Server relationship. Web Applications are basically providing an interface to the client to avail web services. Web pages may be generated on the server or containing scripting to be executed on the client web browser dynamically.
The Server administrator is the one who took care of the web serve in terms of safety, security, functioning, and performance. It is responsible for estimating security measures and delpoying models, finding and eliminating vulnerabilities.
Application Administrator is responsible for the management and configuration required for the web application. It ensures the availability and high performance of the web application.
How Do Web Applications Works?
A Web Application functions in two steps. i.e Front-end and Back-end. Users requests are handled by front-end where the user is interacting with the web pages. Services are communicated to the user from the server through the button and other controls of the web page. All Processing was controlled and processed on the back-end.
Server-Side Languages Include:-
- Ruby on Rails
Client-Side Language Include:-
The Web Application is basically working on the following layers:-
- Presentation Layer : Presentation Layer Responsible for displaying and presenting the information to the user on the client end.
- Logic Layer : Logic Layer Used to transform, query, edit, and otherwise manipulate information to and from the forms.
- Data Layer : Data Layer Responsible for holding the data and information for the application as a whole.
Web Application Hacking Methodology
Analyzing Web Application includes observing the functionality and other parameters to identify the vulnerabilities, entry points and server technologies that can be exploited. HTTP requests and HTTP fingerprinting techniques are used to diagnose these parameters.
By Exploiting the authentication mechanisms using different techniques, an attacker may bypass the authentication or steal information. Attacking on authentication mechanisms includes:-
- Username Enumeration
- Cookie Exploitation
- Session Attacks
- Password Attacks
Attacker by accessing the web application using low privilege account, escalate the privileges to access sensitive information. Different techniques are used such as URL, POST Data, Query String, Cookies, Parameter Tampering, HTTP Header, etc. to escalate privilege
Session Management Attack is performed by bypassing the authentication in order to impersonate a legitimate authorized user. This can be done using different session hijacking techniques such as:-
- Session Token Prediction
- Session Token Tampering
- Man-in-The-Middle Attack
- Session Replay
Injection Attack is basically an injection of malicious code, commands, and file by exploiting the vulnerabilities in a web application. Injection attack may be performed in a different form such as:-
- Web Script Injection
- OS Command Injection
- SMTP Injection
- SQL Injection
- LDAP Injection
- Xpath Injection
- Buffer Overflow
Database Connectivity attack is focused on exploiting the data connectivity between application and its database. Database Connection requires connection string to initiate a connection to the database. Data connectivity attack includes:-
- Connection String Injection
- Connection String Parameters Pollution (CSPP)
- Connection Pool DoS
Web 2.0 is the generation of world wide web websites that provides dynamic and flexible user interaction. It provides ease of use, Interoperability between other products, systems, and devices. Web 2.0 allows the users to interact and collaborate with social platforms such as social media site and social networking sites. Prior generation, I.e Web 1.0 in which users are limited to passive viewing to static content, Web 2.0 offers almost all users the same freedom to contribute. The Characterstics of Web 2.0 are rich user experience, user participation, dynamic content, meta data, web standards ,and scalability.
Web App Threats
The threat to web application are:-
- Cookie Poisoning
- Insecure Storage
- Information Leakage
- Directory Traversal
- Parameter/Form Tampering
- Dos Attack
- Log Tampering
- SQL Injection
- Cross-site Request Forgery
- Security Misconfiguration
- Broken Session Management
- DMZ Attack
- Session Hijacking