\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{fahad} \pdfinfo{ /Title (web-application-hacking.pdf) /Creator (Cheatography) /Author (fahad) /Subject (Web Application Hacking Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{A3A3A3} \definecolor{LightBackground}{HTML}{F3F3F3} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Web Application Hacking Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{fahad} via \textcolor{DarkBackground}{\uline{cheatography.com/77149/cs/18939/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}fahad \\ \uline{cheatography.com/fahad} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Not Yet Published.\\ Updated 23rd February, 2019.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{4} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Web Application Concepts}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{{\bf{Web application}} : are that applications that are running on a remote application server and available to the client via the internet.​ \newline % Row Count 3 (+ 3) ​{\bf{We have three Users of web application}} : \newline % Row Count 4 (+ 1) {\bf{Server Administrator​}} : is the one who take care of the web server in terms of safety,security,functioning,​ and preformance. it is responsible for estimating Security measures and deploying security models,finding and eliminating vulnerbilites.​ \newline % Row Count 10 (+ 6) {\bf{Application Administrator​}} : is responsible for the management and configuration required for the web application. it ansures the avalibility and high preformance of the web application.​ \newline % Row Count 14 (+ 4) {\bf{Clients}}: ​ are those endpoints which interact with the web server or application server.​% Row Count 16 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{How does Web Application Works ?}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{A Web Application functions in two steps, i.e., {\bf{Front-end and Back-end}} \newline % Row Count 2 (+ 2) {\bf{Front-end}} : where the user is interacting with the ​web pages. \newline % Row Count 4 (+ 2) {\bf{Back-end}} : All processing was controlled and processed on the back-end.​ \newline % Row Count 6 (+ 2) {\bf{Server-side languages include}}: \newline % Row Count 7 (+ 1) Ruby on Rails ,​PHP, ​C\#,​Java, ​Python​. \newline % Row Count 9 (+ 2) {\bf{Client-side languages include}}: \newline % Row Count 10 (+ 1) Css.Javascript,HTML. \newline % Row Count 11 (+ 1) The web application is basically working on the following layers: - ​ \newline % Row Count 13 (+ 2) • {\bf{Presentation Layer}}: Presentation Layer Responsible for displaying and presenting the information to the user on the client end. ​ \newline % Row Count 16 (+ 3) • {\bf{Logic Layer}}: Logic Layer Used to transform, query, edit, and otherwise manipulate information to and from the forms. ​ \newline % Row Count 19 (+ 3) • {\bf{Data Layer}}: Data Layer Responsible for holding the data and information for the application as a whole.​ \newline % Row Count 22 (+ 3) {\bf{Web 2.0}} :​ \newline % Row Count 23 (+ 1) Web 2.0 is the generation of world wide web websites that provide dynamic and flexible user interaction. \newline % Row Count 26 (+ 3) ​ ​% Row Count 27 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Web App Hacking Methodology​}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{{\bf{Analyze web Applications​}} \newline % Row Count 1 (+ 1) Analyzing Web application includes observing the functionality and other​ \newline % Row Count 3 (+ 2) parameters to identify the vulnerabilities, entry points and server technologies​ \newline % Row Count 5 (+ 2) {\bf{Attack Authentication Mechanism}}​ \newline % Row Count 6 (+ 1) By exploiting the authentication mechanism using different techniques, an​ \newline % Row Count 8 (+ 2) attacker may bypass the authentication or steal information.​ \newline % Row Count 10 (+ 2) {\bf{Authorization Attack Schemes}}​ \newline % Row Count 11 (+ 1) Attacker by accessing the web application using low privilege account,​ \newline % Row Count 13 (+ 2) escalate the privileges to access sensitive information.​ \newline % Row Count 15 (+ 2) {\bf{Session Management Attack}}​ \newline % Row Count 16 (+ 1) As defined earlier, Session management attack is perforrned by bypassing the​ \newline % Row Count 18 (+ 2) authentication in order to impersonate a legitimate authorized user.​ \newline % Row Count 20 (+ 2) ​% Row Count 21 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Mind map}} \tn \SetRowColor{LightBackground} \mymulticolumn{1}{p{3.833cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/fahad_1550925830_9a71a9d0216311e98196dd72e0e4c850.map.png}}} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Countermeasures​}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{{\bf{Encoding schemes​}} \newline % Row Count 1 (+ 1) web Applicaitons uses different encoding schemes for securing their data.​ \newline % Row Count 3 (+ 2) These encoding schemes are categorized into the two categories.​ \newline % Row Count 5 (+ 2) {\bf{URL Encoding​}} \newline % Row Count 6 (+ 1) URL Encoding is The encoding technique for secure handling of URL. In​ \newline % Row Count 8 (+ 2) URL Encoding, URL is convened into an ASCII Format for secure​ \newline % Row Count 10 (+ 2) {\bf{HTML Encoding​}} \newline % Row Count 11 (+ 1) Similar to URL Encoding, HTML encoding is a technique to represent​ \newline % Row Count 13 (+ 2) unusual Characters with an HTML code.% Row Count 14 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Web Application Threats​}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{{\bf{Cookie Poisoning}} : Cookie poisoning is an effort by an unauthorized person to access and control aspects of the data in a cookie, usually in order to steal someone's identity or financial information. ​ \newline % Row Count 5 (+ 5) {\bf{Insecure Storage}} : a common vulnerability that occurs when sensitive data is not stored securely. ​ \newline % Row Count 8 (+ 3) {\bf{Information Leaking}} : category of software vulnerabilities in which information is unintentionally disclosed to end-users.​ \newline % Row Count 11 (+ 3) {\bf{Directory Traversal}} : is an HTTP attack which allows attackers to access restricted directories and execute commands outside of the web server's root directory.​ \newline % Row Count 15 (+ 4) {\bf{Parameter/Form Tempering}} : is a form of Web-based attack in which certain parameters in the URL or Web page form field data entered by a user are changed without that user's authorization. \newline % Row Count 19 (+ 4) {\bf{DOS Attack}} : is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service.​ \newline % Row Count 22 (+ 3) {\bf{Buffer Overflow}} : is a bug in a computer program that can lead to a security vulnerability. \newline % Row Count 24 (+ 2) {\bf{Log tampering}} : involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior.​ \newline % Row Count 28 (+ 4) {\bf{SQL injection}} : SQL Injection is basically the injection of malicious SQL queries. ​ \newline % Row Count 30 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Web Application Threats​ (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{{\bf{Cross-Site(XSS)}} : is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.​ \newline % Row Count 4 (+ 4) {\bf{Cross-Site Request Forgery}} : is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. \newline % Row Count 8 (+ 4) {\bf{Secuirty Misconfiguration}} : Security misconfiguration vulnerabilities could occur if a component is susceptible to attack due to an insecure configuration option.​ \newline % Row Count 12 (+ 4) {\bf{Broken Session Management}} : these types of weaknesses can allow an attacker to either capture or bypass the authentication methods that are used by a web application. ​ \newline % Row Count 16 (+ 4) {\bf{DMZ(demilitarized zone) Attack}} : is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network.​ \newline % Row Count 20 (+ 4) {\bf{Session Hijacking}} : is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. ​ \newline % Row Count 24 (+ 4) {\bf{Network Access Attacks}} : is a type of vulnerability that is used to acess a network unauthorized.​​​% Row Count 27 (+ 3) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Web Application Threats More in-depth​}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{{\bf{Unvalidated Input}}: refers to the processing of non-validated input from the​ \newline % Row Count 2 (+ 2) client to the web application or backend sewers. \newline % Row Count 3 (+ 1) {\bf{Injection Flaws}}: Injection attacks work with the support of web application Vulnerabilities if a​ web application is vulnerable that it allows untrusted input to be executed. Injection flaws include the following:​ \newline % Row Count 8 (+ 5) . SQL Injection​ \newline % Row Count 9 (+ 1) . Command Injection​ \newline % Row Count 10 (+ 1) . LDAP Injection​ \newline % Row Count 11 (+ 1) {\bf{command injection}} can be done by any oi the following methods:​ \newline % Row Count 13 (+ 2) - Shell Injection​ \newline % Row Count 14 (+ 1) - File Injection​ \newline % Row Count 15 (+ 1) - HTML Embedding​ \newline % Row Count 16 (+ 1) -LDAP injection is a technique that also takes advantage of non-validated​ \newline % Row Count 18 (+ 2) input vulnerability. ​ \newline % Row Count 19 (+ 1) {\bf{Denial—of—Service DoS Attack​}} : \newline % Row Count 20 (+ 1) An attacker may perform a Dos attack in the following ways: -​ \newline % Row Count 22 (+ 2) {\bf{1. User Registration DoS}}​ \newline % Row Count 23 (+ 1) An attacker may automate the process to keep registering with fake​ \newline % Row Count 25 (+ 2) accounts.​ \newline % Row Count 26 (+ 1) {\bf{2. Login DoS}}​ \newline % Row Count 27 (+ 1) Attacker attempt to send login requests repeatedly.​ \newline % Row Count 29 (+ 2) {\bf{3. User Enumeration}}​ \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{3.833cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Web Application Threats More in-depth​ (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{3.833cm}}{An attacker may attempt to Lry different usernarne password​ \newline % Row Count 2 (+ 2) combinations from a dictionary file.​ \newline % Row Count 3 (+ 1) {\bf{4. Account Lockout​}} \newline % Row Count 4 (+ 1) An attacker is attempting to lock the legitimate account by attempting​ \newline % Row Count 6 (+ 2) invalid passwords.​% Row Count 7 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}