What is a web application? Why web applications are the first target for hackers? Why vulnerabilities occur in web applications? How we can make a web application a cure portal. As I understand a web application is a portal available on internet for the general public who can easily make use of it positively for different purpose or for the reason the web application exists. You must be aware, web applications are the easy target for hackers to gain access because it is publicly available, and a hacker needs to know only the name of the organization which he wants to hack. Vulnerability is the weakness or lack of control exists in the application. Vulnerabilities can be due to insecure programming in web applications, lack of access control places or configured, miss configuration of applications and server or due to any other reason, there is no limit.
There are many ways to harden your python application or your web server we will discuss this in a while. Let’s see what are the key requirements which makes up a web application live?
a. Web Server
b. Application content displayed
c. And or databases
These are the key components of any web application.
Web server is a service which runs on the computer and serves of web content/application content. This server typically listen on port 80(http) or on port 443(https). There are many web servers which are freely available or commercial including top contributors
a. I.I.S by Microsoft
b. Apache by Open source community
c. Tomcat etc
Application content is what you see on the website, it can be dynamic or static, dynamic content containing web applications are at more risk as compare to static content containing web applications. Dynamic content containing web applications uses database to store the changing content. This database can be one of the following types.
a. MySql Server
b. SQL Sever
c. Oracle Server
d. MS Access or any other
We have discussed a lot on web application architecture now I will show you how to perform penetration on web application (what we say a Pen-test).
2. Information Gathering
Any pen-test can not be accomplished without performing the information gathering phase. This is the phase which is the heart of pen test, there are many ways to do information gathering lets discuss here.
a. Hacking with Search engines.
I would not list specific search engine which can be used in information gathering phase, there are lots of search engine which are more power full from which secret/confidential information can be gather. There are techniques which you can use to gather information on the target.
b. For example
You can use ‘inurl:’ in search engines to know what are the complete site map of the web portal, you can also use intitle: admin to gain access to the admin panel of the web portal, you can use inurl: Admin filetype: asp or aspx in order to search for admin login pages or simply you can lock for login page for any portal.
c. You can also look for the email address of the technical staff, email address shows the user id for that specific person
d. You can also use archives for more info to gather. This is the short list of the techniques, to explain more I would be writing a book
Here I will explain you what are the major attacks which hackers use on web applications or the attacks which are dangerous for web applications. We will only discuss application level vulnerabilities and attacks.
a. Miss configuration? If you are a technical person your priority would be availability of your server, you should be asked by your senior management for the 100% up time of your server, this is the point where technical staff left security holes in the configuration just to make it live or in order to give 100% up time as directed. This miss configuration may lead to the compromise of the complete server.