INSC561_Project1
docx
keyboard_arrow_up
School
George Washington University *
*We aren’t endorsed by this school
Course
INSC561
Subject
Information Systems
Date
Jun 27, 2024
Type
docx
Pages
15
Uploaded by a_rod_19
Group Project 1
[Group X]
1
Task 1: Gathering information on a target
●
By relying on one of our three toolkits, you show how to explore the contents and functionality of the target (please choose only one website for your final report, although you might explore more than one website). Target: bWAPP
Toolkit: OWASP ZAP
2
The spider analysis in OWASP ZAP (Zed Attack Proxy) is an automated tool that explores and maps out a web application by following links, identifying pages, forms, and other resources. It starts by visiting a specified URL and follows all links on that page, including hyperlinks, form actions, and dynamically generated links through JavaScript. The spider can also automatically submit forms to access pages that require
user input.
As it crawls the website, the spider identifies both static resources (such as HTML pages, images, CSS, and JavaScript files) and dynamic resources (such as content loaded via AJAX requests). It executes JavaScript to discover client-side generated links, ensuring comprehensive coverage of the website. The spider logs all HTTP requests and responses during the process, which can be reviewed for further analysis.
This process builds a detailed site map of the application, outlining its structure and organization, including hidden paths and endpoints that may not be directly linked from the main pages. This thorough mapping is crucial for identifying areas that need further security testing and conducting vulnerability assessments. By providing a detailed overview of the entire application, the spider analysis in ZAP aids in gaining a comprehensive understanding and evaluation of the web application's security.
3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
POST Login information (HTTP POST Request)
Correct Credentials Information Request
Incorrect Credentials Information Request
4
The POST login information process involves capturing user credentials through a login form, securely transmitting these credentials to the server using an HTTP POST request. The server then validates the credentials against stored data, creates a session upon successful authentication, and sends a session token or cookie back to the client. This token or cookie allows the user to remain authenticated for subsequent requests without needing to log in again. If the login fails, the server responds with an error message prompting the user to retry.
5
POST Login information (HTTP POST Response)
Correct Credentials Information Response
6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Incorrect Credentials Information Response
The POST login information response involves the server validating the user's credentials and, if successful, creating a session and sending a session token or cookie 7
back to the client. This allows the user to stay authenticated for future requests. The server also typically redirects the user to a secured area of the application, such as a dashboard. If the login attempt fails, the server responds with an error message, prompting the user to re-enter their credentials.
●
How does manual browsing help you uncover more page information? Manual browsing using OWASP ZAP (Zed Attack Proxy) helps uncover more page information by intercepting and analyzing HTTP/HTTPS traffic, allowing for detailed inspection and manipulation of requests and responses. This process reveals hidden elements such as form fields, cookies, and headers that are not immediately visible in the browser, offering a deeper understanding of the web application's functionality.
ZAP allows you to modify intercepted requests and responses on the fly, which is
crucial for testing the application’s robustness and identifying vulnerabilities like SQL injection or cross-site scripting (XSS). By altering parameters, headers, or cookies, you can observe how the server responds to different inputs, helping to identify weaknesses. Additionally, you can manipulate session tokens to test for issues like session fixation or hijacking, providing insights into the application's session management practices.
ZAP also helps discover hidden content and endpoints by analyzing all requests made during a browsing session. This can reveal unlinked resources and hidden API endpoints, such as JavaScript files and images that are not directly linked from the main
page. Furthermore, ZAP assists in understanding AJAX calls and JavaScript interactions, which are crucial for modern web applications that dynamically load content. Using ZAP’s spidering and scanning features, you can automate the discovery of hidden URLs and endpoints, providing a comprehensive understanding of the web application's behavior and potential security issues.
8
●
A final diagram similar to
Figure Lab 3.6
in the lecture notes must be identified and created Task 2.1: Scenario 1 of bypassing a client-side control
●
Your targeted web application and toolkit(s) were used.
The application targeted was WebGoat client-side form restrictions. The tool used was ZAP.
9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
●
A step-by-step explanation of your pen-test scenario. Screenshots with some explanatory words would be very helpful.
o
Uncovering the vulnerability
The site has a section containing multiple input types for a form that restricts the data that can be submitted. In this case WebGoat will not give
you a successful prompt unless these controls are bypassed. 10
o
Compromising it
To compromise these controls with ZAP a breakpoint is set on usage of the submit button. The contents for submission are then modified before the request is sent to the server. ●
Task 2.2: Scenario 2 of bypassing a client-side controlour targeted web application and toolkit(s) were used.
The application being targeted is bWAPP specifically the XSS -Reflected. I used the Burp Suite toolkit. 11
●
A step-by-step explanation of your pen-test scenario. Screenshots with some explanatory words would be very helpful.
o
Uncovering the vulnerability
passing JavaScript alert payload into the first and last name field on the XSS - reflected (GET)
▪
These screenshots show that the payloads entered into the fields will result in an alert on the page.
12
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
o
Compromising it
▪
Placing alert script in values of firstname and lastname when intercepting:
▪
The response is:
13
Task 3:
Based on the found vulnerable issues, what should you do to prevent attackers from hacking your web application?
o
Protection and prevention for Scenario 1
In order to further protect sites from form level restrictions bypassing server-side validation can be added. Server-side validation can be added that enforces the same restrictions on the data submitted to the server from the form. If an input is a radio button with two options the server could check that the data submitted matches these criteria. Similar steps can be also taken at the server level to validate content length, format, and range. If all possible values are known a whitelist can also be used to ensure that values entered are only from a set of options provided to the user. Because this processing happens at the server side rather than the client the intercepted request modifications made by an application like ZAP will still be validated again after this modification has taken place. This extra step of validation on the server side can help to enforce any expectation made of the user's input created on the client side especially for those with more malicious intent. 14
o
Protection/prevention for Scenario 2
To protect against cross-site scripting (XSS) attacks on a PHP-based site like bWAPP, several measures can be taken. First, encoding user inputs before rendering them in the browser is crucial, and PHP functions like htmlspecialchars() can be used to convert special characters to HTML entities, preventing malicious scripts from executing. Implementing a Content Security Policy (CSP) is another effective strategy; it restricts the sources from which scripts can be loaded, blocking unauthorized scripts. This can be easily done by adding a meta tag such as <meta http-
equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'"> to your HTML. Additionally, securing cookies using PHP's setcookie() function with the HttpOnly flag prevents access to cookie data via JavaScript, while the Secure flag ensures cookies are only sent over HTTPS. These steps together significantly enhance the security of your web application against XSS vulnerabilities.
Summary
●
Each team member should indicate what effort they have made towards this group assignment by mentioning their name
o
Andrew- Completed Pen testing for Task 2.2 and then explained how to protect/prevent it from happening.
●
Team peer-review table Name
Contributing Efforts in this project (0 ~ 100%)
XXX
100%
XXX
100%
XXX
100%
XXX
100%
(This table will be used to calculate an individual's points. If one’s effort in the team is xx
%, then his/her grade for this project will be xx% * assigned grade. Each team must have at least one person score 100%. Hopefully, everyone will be 100% from beginning to end, which indicates that you all work and contribute to the team project in a well-
collaborative manner. Your team’s submission assumes that you all have a consensus on the peer-review.
15
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help