Chapter 9 - 04 - Application Security Testing Techniques and Tools - 07_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Application Security Conf...

Certified Cybersecurity Technician Exam 212-82 Application Security Configuring URLScan to Setup as WAF For IIS Server Microsoft URLScan is @ WAF tool that analyzes and filters all HTTP requests received by 1IS and protects web applications against SQL injection or cross-site scripting XSS attacks The administrator can configure the URLScan filter rules to reject HTTP requests based on following criteria: W) etermet Information Senvces (15) Manager - [w] x °—o HTTP request method or verb E0 @) wunmar » Stes b luwsrptreats » w e File View Hep File extension of the requested resource | Connections |. | [kifl -id2 e @ I1sAPIFilters = N St Page Use tha festureto configure ISAR fikers that process requests made 20999 v N WEBSERVER (WEBSERVER\AS 1o the Web server View Ordered List, o} Appheation Pooly Suspicious URL encoding voa St Geoupby: No Grewping. 0 @ Detault Web Ste Hame Errcutable Ferry Type @ Demoltpsee AN AD b CAWendows Microseft NIV. Lecal @ taunreats APN 40 6tbn CAWndows\ Microset NITVF.. Lecal Presence of non-ASCIl characters in the URL Urffcan 3.1 Chinetpubwwwrestilunry.. Local Presence of specified character sequences in the URL < > P s [ Features View | Content View Presence of specified headers in the request [ Corf lecalhont confiy, «lotaten paths Tusry! " Copyright © by EC All Rights Reserved. Reproduction is Strictly Prohibited Configuring URLScan to Setup as WAF For IIS Server Microsoft URLScan is a WAF tool that analyzes and filters all Hypertext Transfer Protocol (HTTP) requests received by the Internet Information Service (lIS) web service and protects web applications against Structured Query Language (SQL) injection or cross-site scripting (XSS) attacks. It can log requests to allow the diagnosis of attempts to upset a server. If a request is identified as a risk, the script immediately returns an HTTP 404 message to the client. This mechanism protects the script, website, and server. ‘3 Internet Information Services (IIS) Manager & @ » WEBSERVER » Sites » luxurytreats » File View Help Connections ‘ Actions 0 ISAPI Filters €-Id |28 i Add... W3 Start Page Revert To Parent Use this feature to configure ISAPI filters that process requests made v ‘5 WEBSERVER (WEBSERVER\Ad( to the Web server. View Ordered List... L Application Pools v @) Sites Group by: No Grouping. © Hep » €D Default Web Site Name Executable Entry Type , €D DemoFtpSite ASP.Net_4.0_32bit C:AWindows\Microsoft.NET\F... Local s & luxurytreats ASP.Net_4.0_64bit CA\Windows\Microsoft.NET\F... Local UrlScan 3.1 C:inetpub\wwwroot\Luxury... Local < : , | [Festures View. Content View Configuration: ‘localhost’ applicationHost.config, m» G2 H|> m» 1@ dotDefender (329 days left) @) ™ (@©} [d] Event Viewer (Local) (+)4 #’! W]) Internet Internet Information Information Services Services (( [ —— R R _d tDefender~ d tDEfender RRRRRRRRRRRRRRRRRRRRRRRRRRRRR — O Ucerse Ucense (@ [ Global Settngs — = )() Defauit Security Seaurity Profie (Protec (Protec' Lfi]— A Server Masking Macking [EI SQL SQL Injection Injection ‘4! Upload {4 Upload Folders Folders [©[ ) () Patterns intercept Choose which type of SQL Injection attacks to inlercept [(¥ ) I Whitelist (Permitted Acc ¥[#) () 14 Paranod Paranoid [#) [C] (¥ Encoding Encodin A e g e A ¥ 1) Buffer Overflow 7 Suspect Single Quote (Safe) & 1= (=) 1) (1) SQL Injection L’E}|| Best User Defined il Practices F Pattern Pattern == Pattern Pattern D [#¥ 1) 11 Cross-Site Scripting O] [¥) ) Cookie Manipulaton Manipulation e [#) () Path Traversal # Classic2 SQL Comment non "--" [" [#)[ () 11 Probing Probing [#[¥) 1) I Remote Command Exec v SQL SQL Comments Comments [n) 115 Code Injection [# 1171 [#) [¥ |[)I+ Windows Directories an 5]18] )([2) XML XML Schema Schema # ‘Union Select’ Statement B e [#[ 1) 12 XPath Injection [#] | [#) 1) XPath Cross Site Scripti (3 ) Signatures [# 1) Signatures ¥ ‘Select Version’ Statement O »)| ] Defauit) (Use Default) | Athena FTP Site (Use Default) # SQL CHAR Type 0 ¥ SQL SYS Commands D ~ IS_SRVROLEMEMBER followed by ( 0[ ¥ MS SQL Specific SQL Injection D Figure 9.33: Screenshot of dotDefender web application firewall Some additional web application firewalls are as follows: »= ServerDefender VP (https://www.iis.net) »* ModSecurity (https://github.com) = Radware’s AppWall (https://www.radware.com) * Qualys WAF (https://www.qualys.com) (https.//www.qualys.com) » Barracuda Web Application Firewall (https://www.barracuda.com) Module 09 Page 1226 EC-Council Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security Bug Bounty Programs The bug bounty program is a challenge hosted by organizations, websites, or software developers to tech-savvy individuals or security professionals to participate and break into their security to report the latest bugs and vulnerabilities This program focuses on identifying the latest security flaws in software or any web application that most security developers fail to detect Individuals or security professionals who report the vulnerabilities are rewarded accordingly based on the severity level of the bugs Many organizations and companies conduct bug bounty programs to strengthen their cyber security by patching ignored vulnerabilities I g i Moo= K Bug Bounty Programs A bug bounty program is a challenge or agreement hosted by organizations, websites, or software developers for tech-savvy individuals or security professionals to participate and break into their security to report the latest bugs and vulnerabilities. This program focuses on identifying the latest security flaws in the software or any web application that most security developers fail to detect and which may hence pose a great threat. Therefore, individuals or security professionals who report the vulnerabilities are rewarded accordingly based on the severity of the bugs. Thus, any threat or flaw that evades the developer can be mitigated before it paves the way to sophisticated cyber-attacks. Many white-hat hackers contribute to this program as part of a comprehensive vulnerability disclosure framework and get rewarded for their work. Many organizations benefit from such programs, as they need to maintain a keen watch on their system security and identify ignored vulnerabilities. Most of the latest bugs that are not detected by legacy security testing techniques and software tools can be exploited, resulting in major data loss. Such programs can also help organizations to avoid loss of money and reputation in the case of a data breach, as offering rewards through the bug bounty program is more economical. Therefore, most of the large companies use this program for strengthening their security, which in turn enhances websites and programs. Module 09 Page 1227 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser