Web Application Concepts
Server Administrator
Application Administrator
Client
How do Web Applications works?
Server-side languages include:
- Ruby on Rails
- PHP
- C#
- Java
- Python
- JavaScript
Client-side languages include:
- CSS
- JavaScript
- HTML
The web application is basically working on the following layers:
- Presentation Layer: Presentation Layer Responsible for displaying and presenting the information to the user on the client end.
- Logic Layer: Logic Layer Used to transform, query, edit, and otherwise manipulate information to and from the forms.
- Data Layer: Data Layer Responsible for holding the data and information for the application as a whole.
Web 2.0
Web App Threats
The threat to Web Application are:
- Cookie Poisoning
- Insecure Storage
- Information Leakage
- Directory Traversal
- Parameter/Form Tampering
- DOS Attack
- Buffer Overflow
- Log tampering
- SQL Injection
- Cross-Site (XSS)
- Cross-Site Request Forgery
- Security Misconfiguration
- Broken Session Management
- DMZ attack
- Session Hijacking
- Network Access Attacks
Unvalidated Inputs
Parameter / Form Tampering
Injection Flaws
SQL Injection:
Command Injection:
LDAP Injection
Denial-of-Service DoS Attack
An attacker may perform a DoS attack in the following ways:
- User Registration DoS
- Login DoS
- User Enumeration
- Account Lockout
Web App Hacking Methodology
Attack Authentication Mechanism
- Username Enumeration
- Cookie Exploitation
- Session Attacks
- Password Attacks
Authorization Attack Schemes
Session Management Attack
Perform Injection Attacks
Attack Data Connectivity
Countermeasures
- Encoding Schemes
- URL Encoding
- HTML Encoding
