Security Testing 简明教程
Security Testing - Hacking Web Applications
我们可以将各种方法论/方法用作执行攻击的参考。
Web Application - PenTesting Methodologies
在制定攻击模型时可以考虑以下标准。
在以下列表中,OWASP 最为活跃,并且有许多贡献者。我们将重点关注 OWASP 技术,它在设计 Web 应用程序之前由每个开发团队考虑在内。
OWASP Top 10
The Open Web Application Security Protocol team released the top 10 vulnerabilities that are more prevalent in web in the recent years. Below is the list of security flaws that are more prevalent in a web based application.
Application - Hands On
In order to understand each one of the techniques, let us work with a sample application. We will perform the attack on 'WebGoat', the J2EE application which is developed explicitly with security flaws for learning purposes.
The complete details about the webgoat project can be located https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project. To Download the WebGoat Application, Navigate to https://github.com/WebGoat/WebGoat/wiki/Installation-(WebGoat-6.0) and goto downloads section.
To install the downloaded application, first ensure that you do not have any application running on Port 8080. It can be installed just using a single command - java -jar WebGoat-6.0.1-war-exec.jar. For more details, visit WebGoat Installation
Post Installation, we should be able to access the application by navigating to http://localhost:8080/WebGoat/attack and the page would be displayed as shown below.
We can use the credentials of guest or admin as displayed in the login page.
Web Proxy
In order to intercept the traffic between client (Browser) and Server (System where Webgoat Application is hosted in our case), we need to use a web proxy. We will use Burp Proxy that can be downloaded from https://portswigger.net/burp/download.html
It is sufficient if you download the free version of burp suite as shown below.
Configuring Burp Suite
Burp Suite 是一个 Web 代理,可以截取浏览器和 Web 服务器发送和接收的每个信息包。这有助于我们在客户端向 Web 服务器发送信息之前修改内容。
Step 1 − 应用程序已安装在端口 8080 上,Burp 已安装在端口 8181 上,如下图所示。启动 Burp 套件并进行以下设置,以便在端口 8181 上启用它,如下所示。
Step 2 − 我们应确保 Burp 正在侦听应用程序安装所在的端口 8080,以便 Burp 套件可以截获流量。应在 Burp 套件的范围选项卡上进行此设置,如下所示。
Step 3 − 然后将浏览器的代理设置设为侦听端口 8181(Burp 套件端口)。因此,我们已配置 Web 代理来截获客户端(浏览器)与服务器(Web 服务器)之间的流量,如下所示 −
Step 4 − 配置的快照如下图所示,并附有简单的工作流图表