E3FdXEGf

1VAPT
2Vulnerability Assessment Penetration Testing
3VAPT EXPERT = Vulnerability Assessment and Penetration Testing expert,
4
5so VULNERABILITY ASSESSMENT is a pre-hacking phase in which the intended person scans and tries to find out the security gaps or holes that make the device or software vulnerable
6			 
7Example 
8ip address	 
9
10PENETRATION TESTING is a phase in which the intended person actually tests out the systems by simulating attacks on the systems
11
12Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack like a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and involves active exploitation of security vulnerabilities.
13
14Example using Exploits for known vulnerability
15
16->windows 7 Server 
17
18->Using exploit to exploit the server
19
20AT the end a proof of concept is need to be made a handed to Senior Authority
21
22Example
23Big banks or smart car manufacturers hire security professionals to hack into their systems ethically and they pay large sums of money to them to do that in the end of VAPT a Vapt report needs to be handed to the bank's security team 
24
25
26__________________________________________________
27
28
29
30Owasp ->Open Web Application Security Project
31
32Owasp top 10
33
341. SQL Injection 
352. Broken Authentication and Session Management
363. Cross Site Scripting(XSS)
374. Insecure Direct Object Reference
385. Security Misconfiguration
396. Sensitive Data Exposure
407. Missing Function Level Access Control
418. Cross site request forgery
429. Using Known Vulnerable Components
4310.Unvalidated Redirects and Forwards
44
45
46
471. Injection Vulnerabilities--> Sql,Commands
48
49Injection Attack occurs only if hacker's are able to send malicious unintended data from an application to the interpreter or say backend of the website .
50
51application->untrusted data->interpreter(backend)
52
53why this attacks occurs ->>
54This attack occurs because of improper validation-> for e.g lets take the example of a signin or signup field on a computer web application ,now when a user is trying to sign-in or sign-up
55it requires user to enter id/password in a certain manner, like there should be no special characters involved etc, You will learn about that as regular expressions
56
57Similarly when a developer is setting up a webapp/or application he/she need to validate all the parameter,link and domains of the website so that commands or special character dont work.
58__________________________________________________________________
592. Broken Authentication and Session Management
60
61In broken authentication or session management hackers make an attempt to steal account from another users, Attackers/hacker uses leaks and flaws in the authentication or session management Functions.
62
63Why this attack occurs
64
65->User credentials are not protected when stored using hashing or encryption
66-
67>Credentials can be guessed or overwritten through weak management functions eg(Hacker is able to guess session id , or change password)
68
69->Session id's are exposed in the url
70->Session id's don't time out
71______________________________________________________________________
72
733. Cross Site Scripting (XSS)
74
75It is an attack in which hackers are able to execute javascript code on a web site, It is of three types 
76
77->XSS Reflected 
78
79->XSS Stored 
80
81->Dom XSS
82
83This attack can be used by hacker to execute javascript code in victim browser to hijack user sessions,deface website, insert content, etc
84
85Why this attack occurs
86
87->Improper Validation
88->Unsafe JavaScript API
89
90The pentesting of a website can easily protect form xss attacks and xss can also be found with simple code analysis.
91_______________________________________________________________________________
92
934. Insecure Direct Object Reference
94
95
96It is a vulnerability in which an attacker who is authorised to his/her own dash board is able to gain access to some other users account by changing his/her own object teference assigned by the app. 
97
98study tonight
99
1005.Security Misconfiguaration
101
102As the name is security misconfiguration what it means is imagine a webapp having admin accounts on it or just having default accounts with default passwords but having certain privledges. Now if you run a website which has default accounts configured and your website is available in the public domain. Now from an attackers perspective he/she can actually go out and try out default credentials and would be able to log in the website.
103
104why this attack occurs->
105->Keeping default credentials
106->Using a component or plugin which may have some default credentials
107e.g
108->>>>>>>>>>>Directory listing is not disabled on your server.
109
110Attacker discovers she can simply list directories to find any
111file. Attacker finds and downloads all your compiled Java
112classes, which she decompiles and reverse engineers to get all
113your custom code. She then finds a serious access control
114flaw in your application
115_______________________________________________________________________
116
1176.Sensitive Data Exposure
118Sensitive data exposure is a vulnerability that occurs when a hacker is able to gain access to sensitive data in motion or at rest or even at customer/users browser
119
120
121eg 1
122An application encrypts credit card numbers in a database using automatic database encryption. However, this means it also decrypts this data automatically when retrieved, allowing an SQL injection flaw to retrieve credit card numbers in clear text. The system should have encrypted the credit card numbers using a public key, and only allowed back-end applications to decrypt them with the private key.
123
124eg 2
125A site simply doesn’t use SSL for all authenticated pages. Attacker simply monitors network
126traffic (like an open wireless network), and steals the user’s session cookie. Attacker then replays this cookie and hijacks the user’s session, accessing the user’s private data.
127
128
129_____________________________________________________________________________
1307. Missing Function Level Access Control
131->It is an attack in which a hacker or an anonymous person is able to access an application interface that it would otherwise never been able to access.
132
133eg www.anywebsite.com/user
134
135and hacker is able to access www.anywebsite.com/admin
136now if a hacker /person is able to do that it is a flaw.
137____________________________________________________________
138
1398. Cross site request Forgery.
140In this attack the hacker creates a forged http request and tricks victim into submitting that request via images tabs or xss
141
142
143
144The application allows a user to submit a state changing request that does not include anything secret.
145For example:
146 http://anywebsite.com/app/transferFunds?amount=1500&destinationAccount=4673243243
147this all done by making the victim click on a link or on a certain appealing image 
148_______________________________________________________________
149
1509. Using Components with Known Vulnerability
151In this case hacker tries to discover a weak component through scanning or manual analysis and then either finds out an exploit if already available or writes an exploit
152
153eg 
154a website using a server which has an rce exploit 
155or
156a wordpress website which has a vulnerable component and has an exploit.
157___________________________________________________________________________________
158
15910.Unvalidated Redirects and Forwards
160Attacker links to unvalidated redirects and tricks victim into clicking it,attacker targets unsafe forwards to bypass security check.
161
162eg  http://anywebsite.com/redirect.jsp?url=evil.com
163
164->->url=evil.com<-<-
165
166______________________________________________________________________________________
167Introduction to DBMS
168Database
169
170Database is a collection of structured data set which contains all the data(important credentials,logs,etc)
171Database Management system-This data needs to be managed and it is done with help of dbms ,Dbms can also interact with user and writes user data to database.
172
173Database can be of two types 
174SQL 
175No SQL
176There are certain tables and entries in a database
177
178table name Member
179_________________________________________________________
180Name | ID | NUMBER |		 EMAIL 		| ADDRESS | Age |
181_________________________________________________________
182deepak|10|9123456719|deepak@yahoo.co.in|lokhandvala|26 |
183Gagan |4 |9145619237|gagan@gmail.com   |Delhi      |20 |   
184_________________________________________________________
185
186
187Structured querries would look like
188for example
189all the people who have age less then 30
190so query would look like
191
192Select * from Member where age<30
193
194
195h.w perform all querries
196queries
197 SELECT - extracts data from a database
198= UPDATE - updates data in a database
199= DELETE - deletes data from a database
200= INSERT INTO - inserts new data into a database
201= CREATE DATABASE - creates a new database
202= ALTER DATABASE - modifies a database
203= CREATE TABLE - creates a new table
204= ALTER TABLE - modifies a table
205= DROP TABLE - deletes a table
206= SELECT * from trainees -  Select everything from table name "trainees"
207= WHERE - Showing the location of the data of the table,column etc.
208
209H.w Study Mongodb
210sql VS noSql