Show Menu

Web Application Hacking Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Web Applic­ation Concepts

Web applic­ation : are that applic­ations that are running on a remote applic­ation server and available to the client via the internet.​

We have three Users of web applic­ation :

Server Admini­str­ator​ : is the one who take care of the web server in terms of safety­,se­cur­ity­,fu­nct­ion­ing,​ and prefor­mance. it is respon­sible for estimating Security measures and deploying security models­,fi­nding and elimin­ating vulner­bil­ites.​

Applic­ation Admini­str­ator​ : is respon­sible for the management and config­uration required for the web applic­ation. it ansures the avalib­ility and high prefor­mance of the web applic­ation.​

Clients: ​ are those endpoints which interact with the web server or applic­ation server.​

How does Web Applic­ation Works ?

A Web Applic­ation functions in two steps, i.e., Front-end and Back-end

Front-end : where the user is intera­cting with the ​web pages.
Back-end : All processing was controlled and processed on the back-end.​
Server­-side languages include:
Ruby on Rails ,​PHP, ​C#,​Java, ​Python​.
Client­-side languages include:
The web applic­ation is basically working on the following layers: - ​
Presen­tation Layer: Presen­tation Layer Respon­sible for displaying and presenting the inform­ation to the user on the client end. ​
Logic Layer: Logic Layer Used to transform, query, edit, and otherwise manipulate inform­ation to and from the forms. ​
Data Layer: Data Layer Respon­sible for holding the data and inform­ation for the applic­ation as a whole.​

Web 2.0 :​
Web 2.0 is the generation of world wide web websites that provide dynamic and flexible user intera­ction.
​ ​

Web App Hacking Method­ology​

Analyze web Applic­ations​
Analyzing Web applic­ation includes observing the functi­onality and other​
parameters to identify the vulner­abi­lities, entry points and server techno­logies​
Attack Authen­tic­ation Mechanism
By exploiting the authen­tic­ation mechanism using different techni­ques, an​
attacker may bypass the authen­tic­ation or steal inform­ation.​
Author­ization Attack Schemes
Attacker by accessing the web applic­ation using low privilege account,​
escalate the privileges to access sensitive inform­ation.​
Session Management Attack
As defined earlier, Session management attack is perforrned by bypassing the​
authen­tic­ation in order to impers­onate a legitimate authorized user.​

Mind map


Encoding schemes​
web Applic­aitons uses different encoding schemes for securing their data.​
These encoding schemes are catego­rized into the two catego­ries.​
URL Encoding​
URL Encoding is The encoding technique for secure handling of URL. In​
URL Encoding, URL is convened into an ASCII Format for secure​
HTML Encoding​
Similar to URL Encoding, HTML encoding is a technique to represent​
unusual Characters with an HTML code.

Web Applic­ation Threats​

Cookie Poisoning : Cookie poisoning is an effort by an unauth­orized person to access and control aspects of the data in a cookie, usually in order to steal someone’s identity or financial inform­ation. ​
Insecure Storage : a common vulner­ability that occurs when sensitive data is not stored securely. ​
Inform­ation Leaking : category of software vulner­abi­lities in which inform­ation is uninte­nti­onally disclosed to end-us­ers.​
Directory Traversal : is an HTTP attack which allows attackers to access restricted direct­ories and execute commands outside of the web server's root direct­ory.​
Parame­ter­/Form Tempering : is a form of Web-based attack in which certain parameters in the URL or Web page form field data entered by a user are changed without that user's author­iza­tion.
DOS Attack : is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service.​
Buffer Overflow : is a bug in a computer program that can lead to a security vulner­abi­lity.
Log tampering : involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior.​
SQL injection : SQL Injection is basically the injection of malicious SQL queries. ​
Cross-­Sit­e(XSS) : is a type of computer security vulner­ability typically found in web applic­ations. XSS enables attackers to inject client­-side scripts into web pages viewed by other users.​
Cross-Site Request Forgery : is an attack that forces an end user to execute unwanted actions on a web applic­ation in which they're currently authen­tic­ated.
Secuirty Miscon­fig­uration : Security miscon­fig­uration vulner­abi­lities could occur if a component is suscep­tible to attack due to an insecure config­uration option.​
Broken Session Management : these types of weaknesses can allow an attacker to either capture or bypass the authen­tic­ation methods that are used by a web applic­ation. ​
DMZ(de­mil­ita­rized zone) Attack : is a physical or logical subnetwork that contains and exposes an organi­zat­ion's extern­al-­facing services to an untrusted network.​
Session Hijacking : is the exploi­tation of a valid computer sessio­n—s­ome­times also called a session key—to gain unauth­orized access to inform­ation or services in a computer system. ​
Network Access Attacks : is a type of vulner­ability that is used to acess a network unauth­ori­zed.​​​

Web Applic­ation Threats More in-depth​

Unvali­dated Input: refers to the processing of non-va­lidated input from the​
client to the web applic­ation or backend sewers.
Injection Flaws: Injection attacks work with the support of web applic­ation Vulner­abi­lities if a​ web applic­ation is vulnerable that it allows untrusted input to be executed. Injection flaws include the follow­ing:​
. SQL Injection​
. Command Injection​
. LDAP Injection​
command injection can be done by any oi the following methods:​
- Shell Injection​
- File Injection​
- HTML Embedding​
-LDAP injection is a technique that also takes advantage of non-va­lid­ated​
input vulner­abi­lity. ​
Denial­—of­—Se­rvice DoS Attack​ :
An attacker may perform a Dos attack in the following ways: -​
1. User Regist­ration DoS
An attacker may automate the process to keep regist­ering with fake​
2. Login DoS
Attacker attempt to send login requests repeat­edly.​
3. User Enumer­ation
An attacker may attempt to Lry different usernarne password​
combin­ations from a dictionary file.​
4. Account Lockout​
An attacker is attempting to lock the legitimate account by attemp­ting​
invalid passwo­rds.​