Vulnerability Assessment and Penetration VAPT
Vulnerability Assessment and Penetration VAPT : In this cyberpointsolution tutorial we are going to describe about the Vulnerability Assessment and Penetration VAPT.
Vulnerability Assessment and Penetration Testing (VAPT) is a comprehensive approach to evaluating the security of computer systems, networks, and applications. It involves identifying vulnerabilities, weaknesses, and potential security risks that could be exploited by malicious actors.
Vulnerability Assessment (VA) is the process of systematically scanning and analyzing computer systems, networks, or applications to identify security vulnerabilities. This can be done using automated tools, such as vulnerability scanners, which examine system configurations, software versions, and network services to detect known vulnerabilities. The assessment may also involve manual inspection and verification of identified vulnerabilities.
Penetration Testing (PT), also known as ethical hacking, takes the vulnerability assessment a step further by actively simulating real-world attacks to exploit identified vulnerabilities. Skilled security professionals, known as penetration testers or ethical hackers, attempt to gain unauthorized access, escalate privileges, and extract sensitive information from the target systems or applications. This helps organizations understand the potential impact of successful attacks and assess the effectiveness of their security controls.
The primary goals of VAPT are to proactively identify security weaknesses, assess the risk level associated with those weaknesses, and provide recommendations for mitigating or eliminating the identified vulnerabilities. By conducting VAPT, organizations can better understand their security posture, prioritize remediation efforts, and improve their overall security defenses to protect against potential cyber threats.
Vulnerability Assessment and Penetration VAPT
INTRODUCTION TO VAPT
Let us First understand what does these 4 words mean –
Vulnerability : These are the loopholes, mistakes, security holes, security misconfiguration which leads a attacker to know that this target is weak.
Assessment : Assessment simply means Analysis and to examine the Vulnerability which helps a Attacker to mitigate and develop its attacking procedure and strategy.
Penetration : This means to attack and exploit a Vulnerable System which leads by the Vulnerability Assessment Report of the Target.
Testing : Testing means applying different different attacking processes which can lead to a successful attempt of the Attack.
The Term VAPT are two Different Processes, VA and PT.
VA : To just scan for loopholes and weak security points. In this phase we just scan for the devices, web application, server, network, website and database. We generate a report on the performed scan.
PT : To gain access into the scanned vulnerabilities. We just try to hack into the services, devices, web application, servers and databases via the scanned vulnerabilities.
Bug Bounty – https://www.bugcrowd.com/bug-bounty-list/
INTRODUCTION TO WEB SECURITY STANDARDS – OWASP TOP 10
OWASP stands for Open Web Application Security Program, is a no-profit organization and a community which focuses on the SEcurity of the WEb Application Vulnerabilities. It is a Web Application Security Standard Now which every organization follows.
OWASP TOP 10
It is a list generated by Owasp Organization which carries all the TOP 10 vulnerabilities of Web Applications worldwide. The list of Top 10 Vulnerabilities updates in every 2-3 Years which contains all the most common Vulnerabilities founding out in the Web Applications and the Attackers are Exploiting them. So, on the basis of those Top 10 Attacks, they create a list known as OWASP TOP 10.
OWASP TOP 10 – 2013
Injection is a attack vector in which a attacker insert some SQL queries in the input method of the Web Applicatyion which helps in extracting the juicy data of the Website from the Database. Types of Injections are basically – Union Based, Blind Based, Stacked Query Based, Error Based, LDAP Injections etc.
A2-Broken Authentication and Session Management
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.
A3-Cross-Site Scripting (XSS)
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
A4-Insecure Direct Object References
A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.
Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date.
A6-Sensitive Data Exposure
Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser.
A7-Missing Function Level Access Control
Most web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access functionality without proper authorization.
A8-Cross-Site Request Forgery (CSRF)
A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
A9-Using Components with Known Vulnerabilities
Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts.
A10-Unvalidated Redirects and Forwards
Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
INTRODUCTION TO DBMS
A database is a place in the backend where all
DBMS stands for Database Management System is a program which manages the data incoming or outgoing, organizes it and provides ways for the data to be modified or extracted by users.The DBMS can Create, Insert, Modify, Delete and perform other operations on the Tables and Columns the Database we are operating on.
Databases stores data in the Forms of Tables, Columns and Rows.
Tables contains some columns having data and columns contains the rows having data.
Eg. Employee Record
Employee Name, ID , Contact number, email, address etc.
Name | EID | MOBILE NUMBER | EMAIL | ADDRESS |
Database only knows one language to communicate.
SQL – Structured Query Language.
SQL is the language in which a Database can communicate by creating , modifying or inserting any type of data. Structured Query Language works on the basis of queries.
Queries are the commands used for creating, manupilating and deleting the data in the database.
= SELECT – extracts data from a database
= UPDATE – updates data in a database
= DELETE – deletes data from a database
= INSERT INTO – inserts new data into a database
= CREATE DATABASE – creates a new database
= ALTER DATABASE – modifies a database
= CREATE TABLE – creates a new table
= ALTER TABLE – modifies a table
= DROP TABLE – deletes a table
= SELECT * from trainees – Select everything from table name “trainees”
= WHERE – Showing the location of the data of the table,column etc.
= table_name : Table’s Name
= column_name : Column’s Name
= database() : Database’s Name
= version() : Database’s Version
Database = Lucideus
Table = Trainees
Columns = Name, Address, Age, Contact Details
To Insert data in member table of lucideus database
INSERT INTO `Trainees` (`Name`, `Address`, `Age`, `ContactDet`) VALUES (‘Sairam ‘, ‘New Delhi’, ’23’, ‘998897363’);
LVS SETUP AND CONFIGURATION
LVS stands for Lucideus VAPT Simulator. It is a vulnerable web application created in html, php, css, sql and js which have all the major vulnerabilities practicals to let the user understand that what is the attack vector in this.
We have to host lvs in our localhost xampp server.
Setup and Configuration
Copy zip file into C:\xampp\htdocs
Right click the zip file, click on extract here
start xampp server, start apache and mysql
Open the browser, goto 127.0.0.1/lvs
It will show you a message “Click here to create the Database”.
After Clicking, your Database have been created in “127.00.0.1/phpmyadmin” which will lists out all the Databases.
Go through the Instruction Page of LVS and then start learning through it.
SQL INJECTION AUTHENTICATION BYPASS
Attack Vector :
To log in as an administrator, when you are just a simple user not administrator.
To log into someone’s account without the need of any username and password.
= OR GATE
= TAUTALOGY CONNDITION , WHERE ALL THE THREE VALUES ARE 1.
1 –> true
0 –> false
OR GATE : if any of the value is true or 1, the answer will always be true or 1
A | B | Resultant
0 | 0 | 0
1 | 0 | 1
0 | 1 | 1
1 | 1 | 1
1 : True – Administrator
1’or’1’=’1 : True – Administrator
x’or’x’=’x : True – Administrator
Database portal scenario of authentication
Username : 1’or’1’=’1
Password : 1’or’1’=’1 Administrator Access
Username : admin’or’1’or’1’=’1
Password : admin’or’1’or’1’=’1 Administrator Access
Vulnerability Assessment and Penetration VAPT
Follow Us On Cyber Point Solution Youtube Channel : Click Here
Learn More Ethical Hacking and Cyber Security click on this link. cyber security