OWASP Top 10

  • Note: In this section our example will be taken using OWASP Juice shop which is a voluntarily vulnerable application. You can get it here along with explainations on how to install and run it on Kali (For the example the install was made using Docker and for challenges not available with docker I used the one from tryhackme here) We are also going to use examples from XSS Game

  • To go further with juice shop check out the gitbook here

SQL Injection

Source: Practical Ethical Hacking - TCM Security

Source: Practical Ethical Hacking - TCM Security

Source: Practical Ethical Hacking - TCM Security

  • To find a SQL injection we can try to add special chars in forms and analyze the responses we get.

Defenses again SQLi

Source: PEH - TCM Security Academy

Broken authentication

Sensitive data exposure

  • Using directory busting we can find sensitive info like folders or backup files

  • We can check the response and grep on keywords like passwords or keys

  • We also need to check if HSTS is enabled which means that we need to check if the strict transport security header is used and properly set up. Check this on OWASP for more info.

  • It is also checking SSL we can use testssl for this purpose or nmap with nmap --script=ssl-enum-ciphers -p 443 domain.com

XML External Entities (XXE)

  • In this XML code we are defining something that works like a constant in a way, everytime we will call the &from; we will put the value "someone".

  • However when using this we could mess up with it by adding special chars that would be interpreted as xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE gift [
  <!ENTITY from "someone">
]>
<gift>
  <To>someone else</To>
  <From>&from;</From>
  <Item>A nice item</Item>
</gift>
  • We can try this payload taken from PayloadsAllTheThings(https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XXE%20Injection/README.md#classic-xxe)

<?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE foo [  
  <!ELEMENT foo ANY >
  <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
  • For our example we put this in a file called test.xml

Broken Access Control

Security Misconfiguration

Cross Site Scripting

Reflected

  • Our XSS is not persistent so our payload is not kept in database

Stored

  • Our XSS is persistent so our payload is stored in the database so anyone accessing our page will have the payload executed.

Prevent XSS

Source: PEH - TCM Security Academy

Insecure deserialization

Using components with known vulnerabilities

Insufficient Logging and Monitoring

Resources

Last updated