Vega Web Application Project
This project demonstrates the tool Vega and SQLMap. The reason for the project is to be able to test web application security as a security professional. Vega will be used to scan high, medium, and low web vulnerabilities, including SQL injection. In this project, I worked on demonstrating how to configure and use the tool and how to verify its results with sqlmap. The use of sqlmap is used to replicate these vulnerabilities and exploit them to prove that the scan proved correct. It is important to understand basic networking concepts such as basic networking concepts like HTTP/HTTPS protocol and a basic understanding of SQL queries.
This is a paragraph where you can add any information you want to share with website visitors. Click here to edit the text, change the font and make it your own.
1.
First we neeed to open the Vega application for this project I am using a windows machine.
2.
The next step we will go to our vulnerable website http://testphp.vulnweb.com/ and take a look at the different web pages we will see a login in screen that may be vulnerable. If we want to scan the website we will need to enter the website in vega. And choose the modules we want to use.
3.
In the modules we can detail down to exactly what we want to test for sucha s XSS injection , Blind SQL Text Injection Differential checks, HTTP Header checks and more.
4.
Next we will hit scan and continue. We will then wait for the scan.
5.
When it is finished we will see that we have results for cross site scripting and sql injection in the high alert category. Also cleartext password over HTTP in high category.
6.
If we look at the login php for the clear text password we can see the Request for the website, Discussion which explains what was found , and the impact. There is also a remediation tab.
7.
Next we will look into the search.php resource in High. The classifction is stated as an input validation Error . We can see that Cross site scripting is being defined in the discusion field. Cross site scripting is a class of vulnerabilities affecting web applications that can result in security controls implemented in browsers being circumvented.
8.
We will then look in to the web application website coding and look at the form actions
9.
IN the search box we run <script> xss</script> and in the website will get a box that shows that this is succeptable. A more sophisticated java script could pull data from the website.
10.
Next we will also scan our second website for vulnerabilities. The website is demo.testfire.net
11.
We will then look at the resuults of the scan once it was finished we will look at the results in the summary we see that clear text password over HTTP and cross site scripting are in that high category.
12.
If we look into the cross site scripting category in the second website the classification is input validation error and see the request and discussion. Almost similar to the first.
13.
Next we will look in the send feedback field where this vulnerability lies. We will then enter the <script> xss</script> into the question field.
14.
We will also look at the SQL Injection form and we will look at the Request and resource content.
15.
We will then look at the list of products and we see the cat in the URL and us ' after the 1 and enter. We will then see we can enter that SQL can be entered in the field.
16.
Next we will exploit with SQLMAP. We must go to the sql map directory C:\Users\Administrator\Desktop\sqlmapproject-sqlmap-1.7.2-20-gd42174e>cdsqlmapproject-sqlmap-d42174e. And run sqlmap.py-h.
17.
Next we will scan the url using this command
C: \Users \Administrator\ Desktop\sqlmapproject-sqlmap-1.7.2-20-gd42174e\sqlmapproject-sqlmap-d42174e>sq1map.py -u http://testphp.vulnweb.com/l
istproducts.php?cat=1
18.
Next we run sqlmap.py-uhttp://testphp.vulnweb.com/1
istproducts.php?cat=1 --dbs --batch to get the name of the database .
19.
Next get name of current database
20.
Next we run sqlmap.py -u http://testphp.vulnweb.com/1
istproducts.php?cat=1 -D acuart --tables in order to get tables.
21.
Next I'll get the users and use option -T to get a specific tables columns. Run
sqlmap.py -u http://testphp.vulnweb.com/listoroducts.cho?cat=1 -D acuart -T users --columns
22.
Next run , sq1map.py -u http://testphp.vulnweb.com/1istproducts.php?cat=1 -D acuart -T users -C uname, pass- - dump to dump user name and password
Remediating Clear Text Passed Over HTTP Steps :
1. Implement HTTPS:
Use HTTPS (Hypertext Transfer Protocol Secure) to encrypt the communication between the client and the server. This ensures that data transmitted between them is encrypted and cannot be easily intercepted. To implement HTTPS:
Acquire an SSL/TLS certificate from a trusted certificate authority (CA).
Configure your web server (e.g., Apache, Nginx) to enable HTTPS and use the acquired certificate.
Update your web application code to use https:// URLs instead of http:// for all resources.
2. Update URLs:
Ensure that all resources (images, scripts, stylesheets, etc.) referenced in your web application are loaded via HTTPS. Mixed content (HTTP content on an HTTPS page) can lead to security warnings and potential vulnerabilities.
3. HSTS (HTTP Strict Transport Security):
Implement HSTS in your web application to instruct browsers to always use HTTPS for communication. This prevents users from accessing your site via HTTP, even if they type in an HTTP URL. To enable HSTS, add the following header to your server configuration:
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
4. Content Security Policy (CSP):
Implement CSP to mitigate the risk of cross-site scripting (XSS) attacks by controlling what sources of content are allowed to be loaded on your web pages. A well-configured CSP can prevent the execution of malicious scripts. Example header:
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data:
5. Secure Cookies:
If your application uses cookies, ensure that the Secure flag is set. This ensures that cookies are only sent over secure (HTTPS) connections.
6. Avoid Query Parameters for Sensitive Data:
Avoid passing sensitive information like passwords, API keys, or personal data in the query parameters of URLs. Instead, use POST requests and pass data in the request body.
7. Use POST Instead of GET:
For sensitive operations, use HTTP POST requests instead of GET requests. Data sent via POST is not exposed in the URL.
8. Input Validation and Output Encoding:
Implement proper input validation and output encoding to prevent injection attacks (e.g., SQL injection, XSS).
9. Regular Security Audits:
Conduct regular security audits and vulnerability assessments of your web application to identify and address potential security issues.
10. Stay Updated:
Stay informed about the latest security best practices and vulnerabilities in web development to keep your application secure over time.
Remediating cross-site scripting (XSS) vulnerabilities in web applications:
1. Identify Vulnerable Areas:
Use security testing tools, manual code review, and penetration testing to identify the specific areas of your application that are vulnerable to XSS attacks. Look for places where user inputs are not properly sanitized before being displayed or executed.
2. Contextual Output Encoding:
Implement proper output encoding based on the context in which the data will be displayed. Use appropriate encoding functions for HTML, JavaScript, and other contexts. For example, use htmlspecialchars() in PHP for HTML output, or equivalent functions in other programming languages.
3. Use Content Security Policy (CSP):
Implement a Content Security Policy (CSP) to restrict which sources of content (scripts, styles, images, etc.) are allowed to be executed on your web page. This can help mitigate the impact of XSS attacks by limiting the potential sources of malicious content.
4. Input Validation and Sanitization:
Validate and sanitize user inputs before using them in the application. Reject or sanitize inputs that contain potentially malicious content. Regular expressions, input validation libraries, and language-specific validation functions can be helpful.
5. Use Framework Security Features:
If you're using a web framework, utilize its built-in security features for input validation and output encoding. Many frameworks provide functions and tools to handle these tasks securely.
6. Avoid Inline JavaScript:
Minimize the use of inline JavaScript code within your HTML documents. Instead, separate your JavaScript into external files and link to them using the <script> tag.
7. Escaping Data:
Escape dynamic data before embedding it within HTML, JavaScript, CSS, and other contexts. Escaping means converting characters that have special meaning in these contexts to their corresponding safe representations.
8. Regular Updates:
Keep your web application and all its components (libraries, plugins, frameworks) up to date. Security patches may be released to address known vulnerabilities, including XSS vulnerabilities.
9. Education and Training:
Educate your development team about secure coding practices and the risks associated with XSS vulnerabilities. Regular training can help prevent introducing new vulnerabilities in the codebase.
10. Security Testing:
Conduct regular security assessments, including both automated vulnerability scans and manual penetration testing, to identify and address any new XSS vulnerabilities that might arise during the development lifecycle.
11. Secure Coding Guidelines:
Develop and follow secure coding guidelines that address XSS vulnerabilities and other common security issues. These guidelines can help maintain consistency in your development practices.
12. Secure Development Lifecycle:
Integrate security practices into your software development lifecycle. Include security reviews and testing at various stages of development to catch and fix vulnerabilities early.