Why we need Pentesting?
As a Developer, this question may arise in your mind why do I need Pentesting my web application when it is performing as I want it to?
Let’s start with a Hypothetical Scenario,
Suppose You developed an awesome web application let say ‘Awesome App‘,
Awesome App is integrated with some cool new features which none of the other application has in the market, and it is bound to fetch you some good fortune, and it will.
But you didn’t focused much on security part, obviously to cut off development cost.
Now, you launched the application in the market, and it is a big hit,
It’s in the headlines of business daily, everyone is talking about it.
And suddenly one morning you wakeup and today also it is making a Headline saying-
“Data of thousands of users of ‘Awesome App’ up for sale on Darkweb”.
Surely this is enough to tell you how important it is to take Web application security as seriously as you take development.
I think this is enough of threat giving part.
So, Now the question arises…
How to Ensure Security of Web Application?
Penetration testing (Pentesting) is the most commonly used security testing technique for web applications.
A Pentesting is a simulated cyber attack to find out the security of the servers and also to know how much secure the web hosting site and server are.
In this Process tester try to breach application security in different way to find loop holes in the system security.
Stages of Pentesting
Basically there are 3 major stages of Web application Pentesting:
- Planning And Reconnaissance.
- Vulnerability Assessment.
So, till now it was just an intro, Well now lets jump to they juicy part.
Planning and Reconnaissance
Before starting with the process of testing, it is a good to have an idea about working of web application properly,
In real world scenario if you’re doing this for a client he may be ask you to perform following type of tests:
|Black Box testing: You test the application without the client giving you any authentication to the application.|
|White Box Testing: You test the application by knowing clearly the code lying underneath it.|
You are expected to analyze the source code and find vulnerabilities.
|Grey Box Testing: You test the application by the authentication provided by the client, to their backend software.|
In all the three scenarios proper planning is very important to accomplish task successfully.
And for proper planning you need a perfect set of information about the target so here comes Information Gathering/Reconnaissance.
So, as I mentioned in my guide on Information Gathering.
It is the process of gathering relevant (and sometimes not seem too relevant) information about our target.
Basically, it can be said as the very first step to Penetration testing.
In this step, the tester is expected to gather every information that one could possibly get about a web application or the scope one testing.
So, till now it was all bookish talk but now i’ll tell you what I do whenever I confront some web application for testing.
Habits one must have
1. Visit website Manually and try to find possible week points and note them down.
2. Try to read and understand the Inner HTML of the webpage to have a better understanding of how a web page is working?
3. Intercept the requests to understand how the web applications are interacting with the user.
Done through automated software, this type of testing is performed to scan web applications against known vulnerability signatures.
It is the process of identifying and prioritizing vulnerabilities in the web application whereas it provides the knowledge, awareness, and risk background check which is necessary to understand.
Types of Vulnerabilities:
- Broken Authentication – This vulnerability relates to the application’s login mechanism, which may enable the attacker to guess username and passwords and thus launch a brute-force attack.
- Broken Access Controls – The application fails to properly protect access to sensitive information. An attacker can be able to view other user’s personal information.
- SQL Injection – This allows the attacker to submit arbitrary input to the application and interfere with the application’s backend database. An attacker may be able to modify or retrieve data from the application or execute commands on the database.
- Information Leakage– In this case, the application exposes sensitive data or information that might be useful for the attacker when targeting the application.
- Cross-site Request Forgery– This allows the attacker to create malicious and unintended actions in the application on the other user’s behalf.
Now after we know what are the vulnerabilities in application. Next step is to Exploit those vulnerabilities.
Well, this part seems most fascinating and thrilling.
Any web application at its development stage has number of places where it is vulnerable.
A vault with single door is easy to protect than a building with many windows
Similarly, Web application have many attack surfaces that may contain exploitable vulnerabilities.
- Client-side surface: form inputs (including hidden fields), cookies, headers, query parameters, uploaded files, mobile code
- Server attack surface: web service methods, databases
- AJAX attack surface: the union of the above
So, that was it for this post, Hope! you find some value in it…
Please tell me know in comment section or on my Instagram handle if you want me to write on some specific post.