Practical Web Application Security Testing - Secure Java: For Web Application Development

Java Reference

In-Depth Information

SELECT * FROM USERS where username = '1' OR '1'=1 AND PASSWORD = '1' OR

'1'=1

his query bypasses the authentication system of the application, as '1'=1 is an always true condi-

tion and the database query will yield the user table being available to the tester.

Another attack that can be performed is against an application's email-password feature. he

application provides an input ield where the user must enter a validly registered email for the for-

gotten password to be emailed to the user. A vulnerable application will construct the statement

as so:

“SELECT email from users where email = ' ” + request.getParameter(email)

+ “ ' ”

he tester can enter the same attack vector as given above to circumvent the control provided by

the email-password feature and compromise the user tables in the Web application.

SQL injection attacks may be much more advanced than the ones covered in this section.

here are several cases of attacks where databases have been deleted because of SQL injection

coupled with inappropriate access control set up on the database. SQL injection is quite an exhaus-

tive topic by itself and requires supplemental reading * to provide a greater insight into the sphere

of testing.

12.3 Summary

In this chapter we began by exploring the approach that an organization or individual can adopt

for assessing a Web application for security. As a part of Web application security testing, we

delved into the concepts of black-box and white-box testing for Web applications to understand

diferent dimensions of Web application security testing, with a focus on black-box testing, explor-

ing vulnerability assessments and penetration tests. Certain tools that may be used for conduct-

ing vulnerability assessments and penetration tests for Web applications were highlighted and

explained. Practical security testing techniques were explored in detail. Information gathering

and enumeration, Web application access control testing, and testing for data validation were

discussed in detail.

* Additional resources on SQL injection are as follows:

Steve Friedl's Unixwiz.net Tech Tips: http://unixwiz.net/techtips/sql-injection.html

SQL Injection Cheat Sheet: http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

Search WWH ::

Custom Search

Home