A Comprehensive Guide To Web based Application Security

As we are testing the functionality and performance of a web-based application, it is also important to perform security testing before that particular application becomes live.

Security testing is performed to detect vulnerabilities in an application while ensuring that its data and other confidential information are protected and that particular application works according to its functionality and expectations.

Among the different kind of applications available in the market, web-based applications demand more security as they involve large amounts of important data and online transactions. The web apps must be tested to ensure that they are not vulnerable to any cyber-attacks.

In order to perform security testing for web applications, the tester must have good knowledge about HTTP protocol. He/she should have a clear understanding of how the client (browser) and server communicate using HTTP.  The tester should also know basics of SQL injection and XSS. The security defects in web application is comparitively low, the tester must take note of each defect detected, in detail.

Approaches to do Security Testing of Web-based Applications

When we get an application to check if it is secure from the security point of view we always start with Reconnaissance process. In this, we gather information about the target.

This process is also known as foot-printing/fingerprinting. There is a very thin line difference between foot-printing and fingerprinting.

Foot-printing- Foot-printing is an information gathering process where we collect information about number of open ports, protocols which are being used at victim end and IDS and IPS related information.

Fingerprinting- This is also an information gathering technique. Following this technique we gather information about the servers/OS/server version related information.

There are two types of Recon which we perform-

- Active Reconnaissance

- Passive Reconnaissance

Active Recon-:

Active recon is something where an attacker collects information about the target directly and no mediator exists between target and attacker.

This information could be anything like open ports, running services, the database in use, IP addresses etc

For active recon we use below tools-

1. NMAP- NMAP is a scanning tool which works on Layer 3 of OSI model. It provides the information about the target. Using NMAP we can collect information about Open ports, running services, OS versions, server versions, database information, open methods which have been used. From the security point of view, only GET and POST methods should be allowed and rest should not be allowed. Only 80 and 443 ports should be allowed but rest ports should be closed.

We can run below commands-

Command 1-  --sV—script –vuln –Pn www.abc.com ( We use this command to gather information if an application is vulnerable at Network layer of OSI model

Command 2-  -O www.abc.com (We use this to gather information about running OS and relevant versions information which is being used at target end)

2. HTTRACK- It is a website copier tool and it downloads all HTML files which have been used in that particular application. After then we analyze the downloaded files to check if any sensitive info is available.