Discover Web Application Security Issues using Burp Proxy

Getting started with Web Application Hacking
3.7 (120 ratings) Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
8,448 students enrolled
Free
Start Learning Now
  • Lectures 24
  • Length 1 hour
  • Skill Level Beginner Level
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 11/2015 English

Course Description

This course will teach you how to set up Burp Proxy, which is a tool used to find security issues outlined in the OWASP Top 10 (See below for details). This course will also show you to set up my proprietary distribution (WAED) which is loaded with vulnerable web applications. This distribution has around 18 vulnerable applications, and you'll have ample opportunity to learn how to identify web application security issues. This course will get you set up, and my next course will go into details of Web Application pentesting principles. This course should take less than an hour to complete, and once you complete you should already see the power of using these tools whether you're a developer, pentester or a QA analyst.

Web application pentesting is a lucrative field. You can earn anywhere from $100,000 to $120,000 depending upon your skill sets.

Why is Web Application Security very important and Why you should get started?

Given the large amount of financial and other sensitive information that is transmitted over the internet all over the world, it would be a very obvious choice for cyber hackers to focus their efforts. In addition to the increased amount of traffic, the proliferation of insecure web applications also makes web-based hacking attacks even more profitable and attractive.

Breaking into systems is not something new. Since the early 80s skilled hackers and other computer enthusiasts, have used their broad computer knowledge to break into systems with no benefiting intention. However, with the introduction of web applications, the sophistication of hacking activities has greatly increased. Web applications allow visitors access to the most crucial and sensitive information of a website, database server or web server. Developers of these applications dedicate a lot of time on functionality and features but allocate very little time on security. The amount of skills required to carry out such hacking attacks has greatly lessened. Fortunately, there are some ways by which developers can prevent web application hacking.

All web applications vulnerabilities, how hackers exploit them and how to stop and prevent them are covered in the OWASP top ten.

The OWASP Top 10:

The OWASP (open web application security project) is an international organization that is committed to enhancing the security of web applications. OWASP sponsors numerous security related projects including the top 10 project. This project regularly publishes a list of the current top ten web applications security risks (vulnerabilities) worldwide. It provides a detailed report of each vulnerability, gives examples and provides suggestions on how to avoid the risk. The following are its current vulnerabilities and suggestions on how to avoid them.

1. Injection flaws

These flaws occur when a web application sends untrusted data to an interpreter as part of a query or a command. These flaws are often found in LDAP, SQL, NoSQL or Xpath queries, OS commands, SMTP headers, program arguments, XML parsers, etc.

The best way to find out whether your applications are vulnerable to injection flaws is to verify that the use of interpreters is clearly separating untrusted data from the query or command. This involves the use of bind variables in stored procedures and prepared statements and by avoiding dynamic queries altogether. Code analysis tools can assist you trace all data flow through the web application.

Preventing injection flows involves keeping all untrusted data separate from queries and commands by:

- Using a safe API that avoids the use of an interpreter

- Escaping the use of escape-special characters using specific-escape syntax for the interpreter

- Positive (“white list”) input validation.

2. Broken authentication as well as session management

This occurs when application functions that are related to session management and authentication are not implemented correctly. This allows attackers to compromise usernames, passwords, keys and session tokens.

You may be vulnerable to these flaws if your authentication credentials are not properly protected using encryption or hashing, if the credentials can be guessed or if session IDs are exposed in your URL.

Prevent these flaws by:

- Meeting all session management and authentication requirements as defined in the OWASP security verification standards

- Making strong efforts to avoid XSS flaws that can be used by hackers to access session IDs

3. Cross site scripting (XSS)

They occur anytime a web application sends untrusted data to a web browser without escaping or proper validation.

You are vulnerable to these flaws if you don’t ensure all user supplied data and input is escaped, or if you don’t verify the input to be safe through input validation. You can use automated tools to find XSS flaws automatically.

Prevent these flaws by:

- Escape all untrusted data that is based on HTML context (attribute, body, CSS, URL or JavaScript) that your data will be placed into

- Positive input validation is also an option although it is not a complete defense

- Consider auto sanitization libraries such as java-HTML sanitizer project for rich content

4. Insecure direct objects references

They occur when a web developer exposes a reference to any internal implementation object, such as a directory, file or a database key.

The best way to find whether your apps are vulnerable is to verify that all object references have the right defenses. Testing through automated tools may be effective for identifying these flaws.

Protect against the flaw by:

- Using per session or user indirect object references to prevent attackers from targeting unauthorized resources directly.

- Through check access

5. Security mis-configurations

Good application security requires having a secure configuration that is deployed and defined by the application, application server, database server, platform and frameworks.

Automated scanners are very useful for the detection of misconfigurations, missing patches, unnecessary services, use of default account, etc.

Protect against the flaws by establishing the following:

- A repeatable process for following and deploying all software updates in a timely manner to a deployed environment

- An application architecture that is strong enough to provide an effective and secure separation between components

6. Sensitive data exposure

Many applications do not put into place measures to protect sensitive data including tax IDs, credit cards and authentication credentials. The most common vulnerability here is failing to encrypt all sensitive data. Encrypting data doesn’t mean that it is free from weaknesses; it simply means that it is very hard for attackers to exploit such weaknesses, especially on a large scale.

Determine all the sensitive data that require extra protection and act accordingly. Ensure you encrypt all sensitive data in transit and at rest. It is also important to avoid storing such data unnecessarily.

7. Missing function-level access control

Developers must include proper code checks to properly protect applications functions, but they sometimes forget. An attacker is therefore able to access privileged functions by simply changing a parameter to the function or through changing the URL.

These flaws allow an attacker to access administrative functions and other unauthorized functionalities. If such vulnerability becomes public, your reputation will be greatly damaged.

It is important to deny all access by default in order to prevent this flaw from occurring.

8. Cross site request forgery

This attack forces a logged on victim’s browser to send forged HTTP requests to fake web pages. This may include the user’s session cookie and other authentication information. Browsers usually send credentials such as session cookies automatically. Attackers create malicious web pages that are capable of generating forged requests that cannot be distinguished from legitimate ones. They then trick users into submitting requests through XSS, image tags and other numerous techniques. If the user gets authenticated, the attack effectively succeeds.

You can prevent cross site forgery through including a unique token that is unpredictable in each HTTP request. Maximize the effectiveness of these tokens through:

- Including the unique token in a hidden field. This is the best option as it causes values to be sent in the HTTP request’s body hence preventing it from being included in the URL.

- Including the unique token in an URL parameter or in the URL itself. However, this method is slightly risky as the URL is at a risk of being exposed to the hacker, thereby compromising the secret unique token. Fortunately, the CSRF Guard from OWASP can automatically include unique tokens in Java, PHP or EE apps. ESAPI from OWASP has some methods that developers can use to prevent cross site request forgery vulnerability.

- Requiring users to re-authenticate or convincingly prove they are real users, for instance through the use of CAPTCHA.

9. Using components that have known vulnerabilities

Hackers identify weak components in an application through manual analysis or automated scanning. All applications have some flaws because developers don’t dedicate enough time in ensuring that all libraries/components are up to date.

The only clear way of preventing this flaw is through avoiding the use of any application that you didn’t write. Unfortunately, this is not very realistic. It is therefore important that you strictly monitor the security of all components of your applications through public databases, security and project mailing lists. Ensure all components are kept up to date.

You can also consider establishing security policies and rules governing the use of components, such as requiring all users to pass security tests, insisting on licenses and putting into place certain software development practices.

10. Invalidated redirects and forwards

This occur when a web application redirects and forwards users to other invalidated websites and pages. Hackers target unsafe forwards and redirects to bypass security checks. Such redirects may install malware or even trick users into disclosing sensitive credentials such as passwords; To find out whether your application has an invalidated forward or redirect, review the codes for all uses of forwards and redirects. In each case, find out whether the target URL is included in a parameter value. If the target URL is not validated on a whitelist, then your application is vulnerable.

To protect your applications against this flaw:

- Avoid using forwards and redirects

- If you use them, do not use users parameters in calculating destination

- If you cannot avoid destination parameters, ensure that all stipulated values are valid and authorized for the user

- Consider using ESAPI that can override the Send Redirect method to ensure all redirect destinations are safe and valid.

Attackers have taken advantage of the increase in number of active web applications to create automated tools that they can use to launch well-coordinated attacks against multiple vulnerable applications at once. Armed with these tools and a little knowledge on hacking, the targets of these hackers are not limited to large corporate web applications and websites.

The repercussions of having your applications compromised can be very devastating. Sensitive data may get stolen, user accounts might get compromised, your brand reputation will be damaged, your clients may lose confidence in you and you may end up losing sales revenue. There is therefore a need to eliminate all possible threats that exist on each web application. Avoiding the above ten discussed flaws is of uttermost importance as they are the favorite target for cyber criminals trying to gain users’ trust and confidence. Strictly follow the tips and leave nothing to chance as hackers are eagerly waiting for you to make just one single mistake.

What are the requirements?

  • Basics of web application design
  • Fundamentals about virtual machines

What am I going to get from this course?

  • Have a environment to learn web application hacking
  • Learn how to use Burp proxy tool
  • Identify few basic security vulnerabilities
  • Identify bugs within web applications

What is the target audience?

  • This course is for
  • Software developers
  • Pentesters
  • Quality Assurance testers

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

Section 1: Introduction
Course Introduction
01:58
Why Proxy is used?
01:18
Section 2: Setting up Burp Proxy
Download Java
01:17
Download and install Burp Proxy
01:13
Section 3: Setting up Web Attacks and Exploitation Distro (WAED)
Intro to WAED
01:11
WAED download
01:06
Installing WAED
04:19
Start/Stop Applications in WAED
04:02
Clean up Applications in WAED
00:47
Setting up Burp Proxy in WAED
05:45
Accessing Applications from Windows Machine
03:00
Section 4: Introduction to Burp Proxy
Burp Introduction
03:11
Burp - Proxy tab demo
06:47
Burp - Repeater tab demo
04:21
Burp - Intruder tab demo
09:33
Burp - Comparer tab demo
02:34
Burp - Decoder tab demo
02:00
Burp - Spider tab demo
02:56
Burp - Scanner tab demo
01:31
Burp - Target tab demo
02:49
Burp - Option tab demo
04:13
Burp - Extender tab demo
01:56
Start Burp from Command line
01:09
Section 5: Conclusion
Outro
00:35

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Hello All

My name is Rajganesh Pandurangan and I am the creator/developer of Web Attacks and Exploitation distro (WAED). WAED was born to have a platform where users can test their web application penetration testing skills in a safe and legal environment.

My Background:

A resourceful, self-motivated, results driven Senior Security Consultant with a career spanning over 15 years of progressive experience. Possessing valuable transferrable skills including outstanding interpersonal relationships and results-driven success across a multitude of Fortune 100 companies. Areas of expertise include securing web applications, securing mobile platforms, designing security savvy products tailor made to cater to client’s needs, securing and implementing networks of various size. Possesses exemplary planning skills and accustomed to working under considerable pressure, remaining calm and prioritizing wisely.

  • Delivered several million dollars of security services and technology for clients in the financial, retail, healthcare, manufacturing, and utilities sectors.
  • Performed security code reviews and application risk assessments for customer facing applications at Fortune 100 companies. Audited applications written in multiple languages, including Java/JSP, C#, C/C++, PHP, and Classic ASP.
  • Web Penetration testing to prove Software Security Vulnerabilities with IBM AppScan, Burp Professional, Paros and Manual Fuzzing and Penetration Testing with AppScan and Firefox plug-ins.
  • Trained, documented and advised application developers in regards to security risks, secure coding best practices, with practical remediation guidance provided to developers.
  • Drove the adoption of security scanning tools for both development and production use. Tools utilized: Qualys and IBM Rational AppScan.
  • Located and helped remediate Software Security Vulnerabilities including credit card numbers and social security numbers, SQL injection, Cross Site scripting, Stored Cross Site Scripting, Buffer Overflows, Improper use of Cryptography, Malicious code and various other vulnerabilities.
  • Trained developers to write secure code using the OWASP software security testing guide.
  • Found Software security vulnerabilities for clients including: SQL injection, XSS, Cross Site Request Forgery and multiple other vulnerabilities.
  • Tested over a thousand Fortune 100 web applications for security issues; tested top company external and internal and penetrated into systems.
  • Participated in many PCI Assessments for many small, large and multinational companies and performed gap analysis, consultation, and development of customized solutions.
  • Performed numerous onsite and remote security consulting including penetration testing, application testing, web application security assessment, code reviews, onsite internet security assessment, social engineering, and wireless assessment.
  • Outstanding background in information systems for successfully identifying risks and implementing security solutions for wide range of projects and clients.
  • Introduced security risk assessment and threat modeling techniques into the organization.
  • Acted as technical authority on security for numerous RFPs and during contract negotiations.
  • Strong application of best-practice methodologies in development and integration of hardware/software, security incident, risk management, audit requirements, and technical security assessments across an enterprise infrastructure.

Professional Certifications

Offensive Security Certified Professional (OSCP

Certified Ethical Hacker (CEH)

Certified Information Systems Security Professional (CISSP)

Microsoft Certified Solutions Developer

Ready to start learning?
Start Learning Now