The Web Application Vulnerability Computer Science Essay

Published Date: 02 Nov 2017

Devadatta Karayia, Mohit Shahb, Siddhesh Korgaonkarc, Yogesh Pingled

a,b,cBE Information Tech,VCET.

dAsst. Prof VCET.

[email protected], [email protected], [email protected], [email protected]

Abstract: As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases. Vulnerability Assessment is the process of identifying, quantifying and prioritizing the vulnerability components of the IT Infrastructure. Vulnerability assessment aims at identifying weaknesses and vulnerabilities in a website's design, implementation, or operation and management, which could be exploited to violate the website's security policy.

The purpose of a black-box website vulnerability assessment is to identify the weaknesses and vulnerabilities visible and exposed on the website. Vulnerability assessment will set the guidelines to close or mitigate any exploitable risk and reinforce security processes.

Key Words: Web application scanner, Black-box scanning, Web Engineering.

INTRODUCTION

Vulnerability Scanners are used to find the various security vulnerabilities within a short period of time using limited resources. But due to some reasons scanners are not able to find all exposed vulnerabilities this can pose a threat to the security of the web application. So the question is that how many exposed vulnerabilities still remain undetected and what is the reason behind it.

The scope of our project is to detect as many exposed vulnerabilities as possible. Basically, that means finding a certain type of problem (e.g. Cross Site Scripting) in an application with analytical methods. At the same time we expect to see only a minimum number of false positives in the report[3].

We intend to store and use state information which classical black box scanners usually ignore. These shortcomings will be overcome by storing and analyzing the internal state machine of the web app.

Web application scanner consists of three modules: Crawler module, Attacking module, Analysis module. Scanner's efficiency can be improved by making improvement in any of the modules. Our solution is mainly concentrated on crawler module. By taking internal states of web application into consideration, we will be able to improve crawler's efficiency and thus that of scanner.

RELATED WORK

OWASP [2] Top 10

OWASP [2] collects data from successful web application attacks and uses this data to produce the OWASP [2] Top 10 statistics. The OWASP Top 10 refers to the top 10 web attacks as seen over the year by security experts, and community contributors to the project.

Current OWASP [2] Top 10

A1 – Injection

A2 – Cross Site Scripting /XSS

A3 – Broken Authentication / Session Management

A4 – Insecure Direct Object References

A5 – Cross Site Request Forgery

A6 – Security Miss-configuration

A7 – Insecure Cryptographic Storage

A8 – Failure to Restrict URL Access

A9 – Insufficient Transport Layer Protection

A10 – Un-validated Redirects and Forwards

Some Statistics

The vulnerabilities listed above account for the majority of common web application security breaches. Here are some statistics.

- Estimated 77 million user accounts compromised by an external hacker on the Sony Play station Network.

- In 2008 there was $1 trillion dollars worth of intellectual property stolen according to a McAfee report.

- It takes 10 minutes to crack a 6 character, lower case password, with no numbers or symbols.

- 73% of all Americans have fallen victim to some form of cybercrime according to a Symantec study.

- On average it takes 156 days before a computer or network compromise is even detected.

- 90% of businesses suffered some sort of computer hack in the last 12 months according to a study by Research Ponemon on behalf of Juniper Networks.

SOLUTION APPROACH

Algorithm:

1. Spidering :

Get input as base URL from user.

Browse to that web address and parse the response for

Data Entry Points (<input>,<textarea>,etc);

Links containing Domain name of base Url (href="")

Add all the compatible links found to a tree structure with Base URL as Root node.(All links will be in the form of "Link" data structure and tree can be implemented using doubly linked list)

All Data Entry Points will be stored in a variable size vector in respective URL node.

The various web application states will be identified and stored in tree.

This improved state aware spidering algorithm will help parse the whole web application and reduce spidering related failures.

2. Attacking Module:

Information Gathering and Test case execution is done in this module.

In Information Gathering the "spidered" pages are analyzed for information disclosure.

A major part of this module requires scanner to be efficient in filling forms with vulnerable test cases from vulnerability database.

A low level Browser API can be used for this purpose.

All input JavaScript validations will be bypassed using this approach.

The various states (paths) of the website are exercised independently by making use of test cases.

Each test case is stored in Vulnerability database using the following schema

TEST CASE table:

Platform

Vul_ID

Type of vulnerability

Code to inject

Response Text

3. Analysis and Reporting Module:

In this module the various response html obtained from attacking phase using input fuzzing is matched with response text from test case table.

Each Vulnerability type is stored in database using following schema

If match is found, then the corresponding Vulnerability_ID is added to a list of detected vulnerabilities.

VULNERABILITIES table:

Vulnerability_ID

Type of vulnerability

Report Text

Flowchart:

1. Flow chart for Spidering:

2. Flow chart for Attacking Module:

EXPECTED OUTPUT AND STATISTICS

As per the simulation we conducted the following pseudo statistics were gathered

Website URL

No. of links successfully scanned

Estimated No. of vulnerabilities detected

State Aware

http://localhost:8080/Sid

9

18

Non-State Aware

http://localhost:8080/Sid

6

12Statistics:

CONCLUSION

We have described how the scanner's efficiency can be improved by taking into consideration the internal states of web applications. Using this we can detect more vulnerability and make the web application more secure.

There are several other areas for improvement such as improvement in attacking module of the scanner. Thus in the future the various other characteristics of the web application scanners can be improved.