Java Reference
In-Depth Information
12.2 Practical Security testing for Web Applications
In this section, we will explore some of the ways of testing Web applications for security, with an
emphasis on speciic key methodologies used for security testing. his section particularly sum-
marizes the important security testing aspects, without probing into the any particular testing
technique/methodology. Web Application Vulnerability Assessment and Penetration Testing is an
exhaustive subject by itself and this topic is not meant to cover the topic in such depth. For more
advanced Web application penetration testing, we refer the readers to comprehensive resources
such as the OWASP Testing Guide, which delves into testing methodology for Web applications.
Some of the important security testing aspects for Web applications that will be discussed in this
section are the following:
◾
Information gathering and enumeration
◾
Testing Web application access control
◾
Testing data validation
12.2.1 Information Gathering and Enumeration
Information gathering is the irst step in performing a Web application vulnerability test and, subse-
quently, a penetration test. To carry out an efective and skilled incursion into the Web application, the
tester needs to glean as much information as possible about the target application and its environment.
We will explore some information gathering and enumeration techniques, including the following:
◾
DNS and WHOIS information enumeration
◾
OS and services enumeration
◾
Spidering
◾
Search engine reconnaissance
12.2.1.1 DNS and WHOIS Information Enumeration
One of the irst approaches to gaining information about a target application is through the host
discovery route. WHOIS information available on several databases may be used to perform some
basic passive enumeration about the Web application and the server it is hosted on. WHOIS is
essentially a protocol used to query databases to get information about the registrant of a domain
name or IP address (IP address block). A WHOIS query provides a host of information like the
domain registrant, username, email, address, and phone number. WHOIS queries can be per-
formed from the operating system's command prompt. For instance, the command WHOIS fol-
lowed by the host domain or IP address in a Unix operating system provides WHOIS information
from the command line. WHOIS information can also be obtained by accessing WHOIS or DNS
sites, which query Internet databases to provide the details of the target domain or the IP address.
hese sites also provide other useful details to the attacker or pen tester like the hosting provider,
the type and version of the server that the Web site/application is hosted on, the domain transfer
and update details, and so on. he tester or the attacker can proile an application based on the
useful data provided by querying domain information using WHOIS. Figure 12.6 illustrates the
use of a Web site to obtain details about a target domain.
Search WWH ::
Custom Search