g1 s16

1. SESSION 16
2. ==========
3.  
4. CSRF
5. =====
6. CSRF stands for Cross/Client Site Request Forgery. This is a Web Application attack where a attacker forces an end user to execute unwanted actions on a web application in which they're currently authenticated. They creates his/her own malicious links or pages to trigger and lure a victim and further misuse and steal there data for illegal purposes further leads to Identity Theft etc..
7.  
8.  
9. Eg. already logged in inta a bank site and clicking on a ad on other malicious website stating "click here to win an iphone X" and is malicious.
10.  
11. Demonstration on LVS and DVWA.
12.  
13. --------------------------------------------------------------------------------------------------------------------------------------------------------------
14.  
15. MISSING FUNCTION LEVEL ACCESS CONTROL
16. =====================================
17.  
18. Let us first understand what Access Control means.
19. Access Control : access control is a process by which users are granted access and certain privileges to systems, resources or information. This term is usually derives for Authentication Checks.
20.  
21. Most of the web applications verify function level access rights before making that functionality accessible to the user. Missing Function Level Access Control is one of the vulnerabilities on OWASP's Top 10 list and occurs when those authentication function checks are insufficient and attackers misuse them.
22.  
23. Demonstration on LVS via Unrestricted User Access to the Admin Account.
24.  
25. ---------------------------------------------------------------------------------------------------------------------------------------------------------------
26.  
27. INVALIDATED REDIRECTS AND FORWARDS
28. ===================================
29. Most web applications on the internet frequently redirect and forward users to other pages or other external websites.
30. Invallidated/Unvalidated redirects and forwards means redirecting a authenticated and valid user to a phishing or malicious web page which defines a malicious activity created by the attacker as using forwards to access unauthorized pages.
31.  
32. How to find the redirecting value?
33. There is a redirect_to="url" value in the Hyperlinks, this will signify that the URL is redirecting us to a particular malicious link.
34.  
35. Demonstration on LVS of Manual Redirects and Automatic Redirects.
36.  
37. ------------------------------------------------------------------------------------------------------------------------------------------------------------
38.  
39. CWE
40. ====
41. Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software.The purpose of CWE is to facilitate the effective use of tools that can identify, find and resolve bugs, vulnerabilities and exposures in computer software before the programs are publicly distributed or sold.
42.  
43. Website - https://cwe.mitre.org/
44.  
45. ---------------------------------------------------------------------------------------------------------------------------------------------------------------
46.  
47. Automated VAPT Tool - NETSPARKER
48. ================================
49.  
50. Netsparker is a web application security scanner, with support for both detection and exploitation of vulnerabilities. It is like Accunetix only, but more advanced and flexible in Report Generation and finding out Vulnerabilities.
51.  
52. Demo Application - https://www.netsparker.com/web-vulnerability-scanner/download/
53.  
54. Demonmstration of Report Generation and explanation on demo.testfire.net via Netsparker.
55.  
56. ---------------------------------------------------------------------------------------------------------------------------------------------------------------