Java Reference
In-Depth Information
In this chapter, we will be discussing some of the practical black-box testing techniques cover-
ing VA and PT for Web applications. We will not be delving into white-box testing procedures for
the Web applications speciically in this chapter, as we have already discussed the same in Section
2 of this topic.
12.1.2 Tools and Technologies for Practical Security Testing
To conduct an efective Web application vulnerability assessment and penetration test, some
speciic tools and technologies need to be used. Diferent tools need to be used to perform dif-
ferent functions and at diferent stages of security testing. Let us explore some of the types of
tools and technologies that can be used to conduct a Web application penetration test. Some of
them are
◾
Primary tool—Web application proxy
◾
Generic security assessment tools
12.1.2.1 Primary Tool—Web Application Proxy
A Web application proxy is a speciic tool to perform Web application security assessments.
his tool is essentially a Web proxy that intercepts the requests and responses to and from the
Web application and allows the tester to modify the HTTP request and response information
to assess the Web application for security vulnerabilities. Web application proxies also facilitate
the Web application security testing process by providing out-of-the-box attack vectors for XSS,
SQL injection, path traversal, and so on. he tester can use speciic modules to perform vulner-
ability assessments and penetration tests for the Web application. he tester is easily able to
modify parameter information, add parameters, reduce parameters, and alter HTTP request and
response header information based on the need. Some of the other features of a Web application
proxy include the following:
◾
SSL support
Spidering
◾
◾
Request & response trapping
◾
Scanning
Spidering
—Web application proxies crawl the target Web application to glean information
about the directory structure and iles. Proxies also provide information about any pages
that respond with HTTP 200 (successful request) response and other HTTP responses
like HTTP 401 (Unauthorized Entry), HTTP 500 (Internal Server Errors), and so on.
Figure 12.1 illustrates the use of a Web application proxy's spidering feature.
SSL Support
—Web application proxies also work over HTTPS connections; the built-in SSL
certiicate provided for the proxy may be used to intercept connectivity between the browser
and the Web application by connecting to the proxy's server. Figure 12.2 is a screen capture
of the SSL support for the Web application proxy Burp Suite Professional.
Trap Request and Response
—Proxies have capabilities of trapping HTTP requests and
responses to provide the tester capability to edit the request and response information on
the ly before being transmitted to the Web application. Request parameters are populated
Search WWH ::
Custom Search