Web Security 24x7

Web Security | Web Hacking | Bug Bounty POC | Web Penetration Testing Tools

Friday, June 24, 2016

What is Cobalt all about and how does it work

Pren Host Blog Demo 2:35 AM
 

Application security tailored for you

Cobalt hardens your application security by tailoring a security program to your needs. Here’s how it works.

Set the Scope

Talk to our experienced security team about your concerns. We'll review your security needs, discuss budget and requirements, show you through a demo, and tailor a security testing program specifically for you and your software development lifecycle.

Start a Program

Typically we would begin with a Private Pen Test setup with a small team of hand-picked security researchers (one of whom will be a certified CISSP or equivalent) doing timeboxed, focused penetration testing and vulnerability assessments.  
Following this, we usually recommend a Private Curated Bug Bounty open to our vetted Core Security researchers to apply a wider and shallower filter.

Patch Vulnerabilities

When a program is launched you will receive vulnerability reports on Cobalt Central, your own application security inbox. Assign reports to your team members via your preferred workflow, such as Jira or Github. Clear up questions quickly by asking researchers directly on Cobalt Central, and ensure that your security is hardened as efficiently as possible.

What is BugCrowd all about and how does it work

Pren Host Blog Demo 2:31 AM

From the outback to the valley, Bugcrowd is paving the way for crowdsourced security. Founded in 2012 in Australia by Casey Ellis, Bugcrowd is now based in San Francisco and is backed by Costanoa Venture Capital, Rally Ventures, Paladin Capital Group and Blackbird Ventures.

  1. Set Your Scope

    Tell the crowd what applications you need tested, how long you want to test, and what targets are in scope. Fill your bounty brief out with all the details.
  2. Engage

    Engage the Crowd

    Bugcrowd attracts all the right talent from around the world to your program. Run an ongoing bounty program for continuous testing or a time-boxed flex program as a pen test replacement. We recommend both!
  3. Engage

    Find & Fix Bugs

    Vulnerabilities start coming in! As the leaders in the next big wave of crowdsourcing, Bugcrowd manages your programs for you and makes them successful.
  4. Engage

    Reward Results

    Pay for results, not effort! Bugcrowd provides market rate suggestions on how much to reward researchers so they stay motivated to find more bugs. Best of all, Bugcrowd manages all reward payouts for you!

What is HackerOne all about and how does it work

Pren Host Blog Demo 2:27 AM

Suppose a Hacker discovers a security vulnerability in [Company] (or any Developer). Would they call customer support? Would they hope to walk into [Company] offices? Why should [Company] trust that it's worth their time to investigate? On the other hand, how would our hacker trust [Company] in this situation? What could [Company] do here to intimidate the researcher? What if [Company] doesn't respond at all?

HackerOne focuses on solving the problems with vulnerability disclosure in its various forms. This practice describes the problems involved with the passage of vulnerabilities from their finders (Researchers / Hackers) to their owners (Developers / Response Teams).

Here's an example of how broken disclosure opportunities can make things complicated:

Whistle-Blower Faces FBI Probe
http://archive.wired.com/politics/security/news/2005/07/68356?currentPage=all

MIT Students Get Top Marks for Hacking Boston Subway
http://www.wired.com/2008/08/mit-students-ge/

The interesting thing is that both the Hacker and Developer value a peaceful and productive interaction here. The Hacker and Developer can both benefit greatly provided the conversation has a bit of structure, pre-set expectations, and precedence with other research interactions to set norms across the board. Bounties help a lot too. 

How it works: Hackers sign up to find bugs in various technologies whose owners have expressed an interest in collaborating towards stronger security. To get a glimpse of it in action, check out an actual vulnerability coordinated between a hacker and Twitter:

Subdomain Takeover on media.vine.co
https://hackerone.com/reports/32825

TL;DR - HackerOne offers a platform that promotes a positive disclosure experience in pursuit of its mission of securing all the things, with Hackers and Companies working together for the benefit of all.

How to Become a Successful Bug Bounty Hunter

Pren Host Blog Demo 2:21 AM
If you ever dreamed of becoming a bounty hunter, your dreams can come true -- without changing your name to “Dog” or facing Han Solo in a Mos Eisley cantina. That’s by becoming a bug bounty hunter: A hacker who is paid to find vulnerabilities in software and websites.
Anyone with computer skills and a high degree of curiosity can become a successful finder of vulnerabilities. You can be young or old when you start. The main requirement is that you need to keep learning continuously. Also, it's more fun to learn if you have a buddy to share ideas with. Here is how I became a security hacker.
Submit valuable and easy-to-understand bugs
Quality over quantity. A remote code execution on a production system is a lot more valuable than a self-XSS, even though they're both security issues. Enjoy the thrill of the hunt for a super severe bug. Also, successful hackers spend a lot of time describing the issue as clearly as possible. Get to the point and don't introduce unnecessary (reading) overhead for the company (extra verbiage also reduces responsiveness of the company you’re submitting the report to). Finally, successful hunters read the program policy before they start looking for vulnerabilities.
Earn and show respect
Gain respect by submitting valuable bugs. Respect the company’s decision on the bounty amount. If you disagree with the amount they decided to award, have a reasonable discussion about why you believe it deserves a higher reward. Avoid situations where you ask for another reward without elaborating why you believe you deserve more. In return, a company should respect your time and value. They do this by awarding bounties, being responsive and transparent, engaging you in the discussion for the fix, and asking you to test the deployed fix. Being communicative and reasonable pays off: Successful bug bounty hunters receive tons of job offers.
Do your homework
If you’re not comfortable with the basics, get more comfortable. I found it really helpful to have a good understanding of protocols like IP, TCP, and HTTP and to take a few (web) programming courses.
Most of the bug bounty programs are focussed on web applications. To become a successful bug bounty hunter on the web, I'd suggest you check out the following resources:
Paired Practice
If you’re lucky enough to have a hacker buddy, try what worked amazingly well for me. My friend and I would write small, vulnerable programs and challenge each other to find the hidden vulnerabilities. Find someone who challenges you and use what you learned from their challenges to find awesome bugs on real targets in the wild.
Bug hunting is one of the most sought-after skills in all of software. It’s not easy, but it is incredibly rewarding when done right. Like writing code, keep in mind that it takes persistence, a lot of feedback, and determination to become a successful bug bounty hunter. Think outside the box and do your utter best.

Acunetix Web Vulnerability Scanner

Pren Host Blog Demo 2:16 AM

Audit Your Website Security with Acunetix Web Vulnerability Scanner

With the uptake of cloud computing and the advancements in browser technology, web applications and web services have become a core component of many business processes, and therefore a lucrative target for attackers. Over 70% of websites and web applications however, contain vulnerabilities that could lead to the theft of sensitive corporate data, credit cards, customer information and Personally Identifiable Information (PII).

Firewalls, SSL and Hardened Networks Are Futile Against Web Application Hacking

Cyber criminals are focusing their efforts on exploiting weaknesses in web applications such as eCommerce platforms, blogs, login pages and other dynamic content. Insecure web applications and web services not only provide attackers access to backend databases but also allow them to perform illegal activities using compromised sites.
Web application attacks are carried out over HTTP and HTTPS; the same protocols that are used to deliver content to legitimate users. Yet web application attacks, both on free open-source software, such as WordPress, Drupal and Joomla!, as well as commercial or custom-built applications, can have repercussions that are the same, or worse than traditional network-based attacks.

The Technology Leaders in Automated Web Application Security

  • DeepScan Technology allows accurate crawling of AJAX-heavy client-side Single Page Applications (SPAs) that leverage complex technologies such as SOAP/WSDLSOAP/WCFREST/WADL, XML, JSON, Google Web Toolkit (GWT) and CRUD operations.
  • Industry’s most advanced and robust SQL Injection and Cross-site Scripting testing, including advanced detection of DOM-based Cross-site Scripting.
  • AcuSensor Technology allows accurate scanning further reducing the false positive rate, by combining black box scanning techniques with feedback from its sensors placed inside the source code.
  • Download

Vega Web Vulnerability Scanners

Pren Host Blog Demo 2:12 AM

Vega helps you find and fix cross-site scripting (XSS), SQL injection, and more.

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive  information , and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.
Automated Scanner
Vega includes a website crawler powering its automated scanner. Vega can automatically log into websites when supplied with user credentials.

Intercepting Proxy
Vega can be used to observe and interact with communication between clients and servers, and will perform SSL interception for HTTP websites.

Proxy Scanner
The Vega proxy can also be configured to run attack modules while the user is browsing the target site through it. This allows for semi-automated, user-driven security testing to ensure maximum code coverage.

Download

For 64For 32

Burp Suite Web App Scanner

Pren Host Blog Demo 2:06 AM
Burp Suite is a set of tools for assessing web application security. It's available in a free and commercial  versions. We recommend its use when developing or assessing any web applications.

 Usage Instructions
The Burp tool must only be used to evaluate the security of your web application that resides outside of Force.com (e.g. www.partnersite.com). For applications residing completely on Force.com (e.g. partner-visual.force.com, appxpartner.force.com. etc.)
Training Video
A 15 minute training video on using the Burp Suite Professional tool can be found Here


Technical Overview
By launching the tool and setting a web browser to use this as its proxy server, all web traffic can be intercepted, inspected, modified and analyzed to identify a range of security vulnerabilities.

Burp Suite Professional contains the following tools:

Proxy - an intercepting HTTP/S proxy server which operates as a man-in-the-middle between the end browser and the target web application, allowing you to intercept, inspect and modify the raw traffic passing in both directions.
Spider - an intelligent application-aware web spider which allows complete enumeration of an application's content and functionality.
Scanner - an advanced tool for performing automated discovery of security vulnerabilities in web applications.
Intruder - a highly configurable tool for automating customized attacks against web applications, such as enumerating identifiers, harvesting useful data, and fuzzing for common vulnerabilities.
Repeater - a tool for manually manipulating and re-issuing individual HTTP requests, and analyzing the application's responses.
Sequencer - a tool for analyzing the quality of randomness in an application's session tokens or other important data items which are intended to be unpredictable.
Use the above links to read the detailed help specific to each of the individual Burp Suite tools. For additional help and details, please visit the Burp Suite Professional website.

Effectively Scanning Applications Using Burp
In order to obtain effective results from the Burp Scanner, it is recommended that you do the following:

• Turn “Intercept” (Proxy->Intercept) off within Burp. Do not change other default configurations
• Configure your browser to use Burp as a proxy (Default port is 8080)
• Login to your web-application with the highest privileged account to ensure no features are hidden, and run through typical use cases (simulate customer usage). Your goal is to access all application pages
• Right click on the Target URL (Target->site map) and click on “spider this host”
• Once spidering completes, Right click on the Target URL and click on “actively scan this host”. The scan progress can be monitored under the “Scanner” tab

Accuracy of Results
While black-box testing tools can be of great assistance in uncovering major security vulnerabilities, it is important to understand that no tool can identify all vulnerabilities. Additionally, since these tools lack insight into the context of the application, false positives can be produced. The output of this tool should not be considered a comprehensive security assessment of your application; rather it should complement a thorough manual review. The OWASP testing guide can be a valuable asset in determining your application’s security testing plan.

False Negatives
A false negative occurs when a tool is not able to identify an existing bug. Some vulnerabilities that Burp Suite may not identify are:

• Stored Cross-Site Scripting
• Cross-Site Request Forgery
• Session Hijacking/Fixation
• Weak Access Control Policy

False Positives
A false positive occurs when a bug is flagged as being legitimate, which a tool misinterprets as being an actual issue. This can occur for multiple reasons, but often times it occurs due to not understanding the full context of an application. Here are two of the common places where you will see false positives in the output from Burp:

• SQL Injection - SQL Injection consists of insertion of a SQL query via the input data from a user to the application. Burp looks for database error messages in the HTTP response, and may incorrectly classify an error message as being output from the database.
• XML Injection – XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. Burp looks for exceptions thrown during XML parsing. However, at times a response containing the term “XML” could get flagged as an exception.

CSRF Vulnerability in Oculus

Pren Host Blog Demo 1:50 AM
Steps to Reproduce :
1) Go to https://www1.oculus.com/order/
2) See the source code
3) And see the code of the order form
4) There is no auth or csrf token present in there to
forward the request.
Another way of checking:
1) Open mozila and go to https://www1.oculus.com/order/
2) and start the tool tamper data
3) fill all the information required and tamper the
request you will see no csrf token in the request.

Session issue in Coinbase

Pren Host Blog Demo 1:48 AM
Coinbase is a bitcoin wallet and platform where merchants and consumers can transact with the new digital currency bitcoin.
Steps to Reproduce : 
1. Login in your coinbase Wallet via Android Application and go to manage account.
2. now Login in your Coin Base Wallet Via Pc
3. Now open security setting from pc and remove all device from authorized apps
4. after removing all authorized apps from pc your android session will still validate there and you can still manage the setting from android app

Cross Site Scripting in Hostinger

Pren Host Blog Demo 1:47 AM
Hostinger is a free web hosting services provider and domain registrar.

Reproduction Steps :

1- Go to https://cpanel.hostinger.in/auth
2- Login to your account
3- Go to my profile and click on edit profile
4- Now change your name and set it to cross-site scripting payload (“><img src=x onerror=prompt(2);>).
5- Click save changes and payload will be executed












Ddos Website Using Gif Image

Pren Host Blog Demo 1:43 AM

Introduction:

Hi My Name is Sajibe Kanti A Noob Web Security Hunter .
Today I share A Small Trick Of Web Security .
Ddos Website Using Gif  Image.

Step to reproduce:

1)go to that website which have upload option(notice they don’t cheak file size)
2)upload image file(download from here)
3)next step click upload
4)now goto that directory where the image went after upload
You will shocked to see 504 gateway timeout error…
Subscribe to: Posts (Atom)

Recent Posts

Recent Posts Widget

Popular Posts

Contact Form

Name

Email *

Message *