SlideShare a Scribd company logo

VAPT_FINAL SLIDES.pptx

Download as PPTX, PDF
K
karthikvcyber

The document discusses vulnerability assessment and penetration testing (VAPT). It defines vulnerability assessment as systematically finding security issues in a network or system through scanning, and penetration testing as exploiting vulnerabilities to prove they can cause damage. The document outlines the types of VAPT testing, steps in the process, common tools used like Nmap and ZAP, and top vulnerabilities like SQL injection and XSS. It provides examples of specific vulnerabilities found like outdated themes and XML-RPC access, and their potential impacts and solutions.

1 of 34
VULNERABILITY ASSESSMENT & PENETRATION TESTING
INDEX • What Is Vulnerability Assessment • What Is Penetration Testing • Types Of Testing • Steps Involved In vapt Process • Some Images • T ools WhichAre Use • Top Common Vulnerability • Demo WebsiteAnd Vm’s • Some vulnerabilities and solution of them.
WHAT IS VULNERABILITY ASSESSMENT • Vulnerability assessment (VA) is a systematic technical approach to finding the security loopholes in a network or software system. • It primarily adopts a scanning approach which is done. • both manually and performed by certain tools. • The outcome of a VAprocess is a report showing all vulnerabilities, which are categorised based on their severity. • This report is further used for the next step, which is penetration testing (PT).
WHAT IS PENETRATION TESTING • A Penetration test (PT) is a proof-of-concept approach to actually explore and exploit vulnerabilities. • This process confirms whether the vulnerability really exists and further proves that exploiting it can result in damage to the application or network. • The outcome of a PT is, typically, evidence in the form of a screenshot or log, which substantiates the finding and can be a useful aid towards remediation.
TYPES OF TESTING • There Are Mainly 3 Types Of Testing. 1. BLACKBOX TESTING 2. GRAYBOX TESTING 3. WHITEBOX TESTING • Black Box does not include any knowledge of the structure of the system, so this type of testing simulates the approach of an outside attacker. • Gray Box includes only a limited knowledge of the layout of the target. • White Box testing occurs when a penetration tester has complete knowledge of the layout of the target(s).
STEPS INVOLVED IN VAPT PROCESS • Enumerates a vulnerability. • Performs an attack manually • Analyses the results of the attack Performs similar or different attacks based on previous findings • Assimilates the results to create a customised attack • Exploits the vulnerability further to see if more attacks are possible • Repeats the above steps for all vulnerabilities • Prepare the final report of testing
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
TOOLS WHICH ARE USE • HOSTEDSCAN • NMAP • OWASP ZAP • WPSCAN • NIKTO
• NMAP :- Nmap is a network scanning tool that uses IP packets to identify all the devices connected to a network and to provide information on the services and operating systems they are running. • OWASP ZAP :- OWASP ZAP Penetration testing helps in finding vulnerabilities before an attacker does. OSWAP ZAP is an open-source free tool and is used to perform penetration tests. The main goal of Zap is to allow easy penetration testing to find the vulnerabilities in web applications. • NIKTO :- Nikto is an open source web server and web application scanner. Nikto can perform comprehensive tests against web servers for multiple security threats, including over 6700 potentially dangerous files/programs. Nikto can also perform checks for outdated web servers software, and version-specific problems.
• WPSCAN :- The WPSSCAN CLI tool is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites. • HOSTEDSCAN :- Vulnerability scans, automated for any business. Scan networks, servers, and websites for security risks. Manage your risks via dashboards, reporting, automation.
TOP COMMON VULNERABILITY • SQL Injection • Cross Site Scripting • BrokenAuthentication and Session Management • Insecure Direct Object References • Security Misconfiguration • Insecure Storage • Failure to restrict URLAccess • Un-validated Redirects and Forwards
SOME VULNERABILITY
1.Vulnerability name : XML RPC SEEMS TO BE ENABLED. SEVERITY : MEDIUM. IMPACT : Vulnerability in XML-RPC allows an attacker to make a system call which can be dangerous for the application and servers. Also, an attacker can use this method to craft a successful DOS and BRUTEFORCE attack against the application. SOLUTION : Simply deleting the xmlrpc.php file. That's a WordPress core file that some 3rd- party apps and plugins still rely on to interact with WordPress, so deleting it risks disrupting their functionality. I'll describe three ways of disabling XML-RPC safely here: 1. Disable XML-RPC in WordPress using a plugin. 2. Block XML-RPC using the htaccess file. 3. Disable XML-RPC in WordPress via a filter.
VAPT_FINAL SLIDES.pptx
2. Vulnerability name : THEME VERSION IS OUT DATED. SEVERITY : LOW. IMPACT : Outdated theme versions are more prone to get affected by a security threat Over time hackers find their way to exploit its core and ultimately execute the attack on the sites still using outdated versions. Solution : the WordPress team releases patches and newer versions with updated security mechanisms. Update themes and plugins.
3.Vulnerability name : BACKUP DIRECTORY FOUND. SEVERITY : MEDIUM IMPACT : The File Manager WordPress plugin, version 6.4 and lower, failed to restrict external access to the fm_backups directory with a .htaccess file. This resulted in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, which the plugin had taken. SOLUTION : Update the File Manager WordPress plugin, version 6.5 and higher.
VAPT_FINAL SLIDES.pptx
4.Vulnerability : USERID/USERNAME FOUND. SEVERITY : HIGH IMPACT :Attacker will do Bruteforce attack and get your password. SOLUTION : Change username/id and password. Create complex password. Require multi-factor authentication Enable and configure remote access. An access management tool like OneLogin will mitigate the risk of a brute-force attack.
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
5.VULNERABILITY : GOT ACESS OF DATABASE. SEVERITY : CRITICAL. IMPACT : WordPress Database is the brain of a WordPress website as it stores all the information about and on the website like posts, pages, comments, tags, users data, categories, custom fields, and other site options. This makes it a juicy target for malicious actors. Spammers and hackers run automated codes for SQL injections. Here is how you can secure the WordPress database . SOLUTION : Change Administrator Username and user id. Change Database Prefix Strict Database User Privileges Create Backups and delete custom tables. reference : https://www.getastra.com/blog/911/how-to-secure-wordpress-database/
VAPT_FINAL SLIDES.pptx
6. Vulnerability : USERID/USERNAME FOUND. SEVERITY : HIGH IMPACT :Attacker will do Bruteforce attack and get your password. SOLUTION : Change username/id and password. Create complex password. Require multi-factor authentication Enable and configure remote access. An access management tool like OneLogin will mitigate the risk of a bruteforce attack
VAPT_FINAL SLIDES.pptx
7. Vulnerability : ROBOT.TXT FOUND. SEVERITY : LOW IMPACT : This file can be viewed by anyone, and it might contain sensitive information about the server. For example, specifying which directories shouldn’t be indexed tells the attacker where the sensitive files are. robot(s).txt to supply information to search engines and other indexing tools. This file exists on your server. SOLUTION : Make sure the file doesn’t contain any sensitive information. If any information in file so remove it.
6. Vulnerability : WORDPRESS VERSION IS OUT-DATED. SEVERITY : LOW IMPACT : Outdated WordPress versions are more prone to get affected by a security threat. Over time hackers find their way to exploit its core and ultimately execute the attack on the sites still using outdated versions. SOLUTION : For the same reason, the WordPress team releases patches and newer versions with updated security mechanisms. Running older versions of PHP can cause incompatibility issues.As WordPress runs on PHP, it requires an updated version to operate properly.
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
7. Vulnerability: - Cross Site Scripting (XSS) – Reflected Severity: - Medium Summary: -  Reflected Cross-site Scripting (XSS) occur when an attacker injects browser executable code within a single HTTP response. When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests back to the client.  The value of request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Impact : Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application. o Arbitrary requests - An attacker can use XSS to send requests that appear to be from the victim to the web server. Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware. o Solution : Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. o Input which fails the validation should be rejected, not sanitized. User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including <> " ' and =, should be replaced with the corresponding HTML entities (<> etc). - o Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware.
VULNERABILITY FIND WITH HOSTEDSCAN WEBSITE : HTTPS://DPSRKP.NET/
VULNERABILITY FIND WITH ZAP. WEBSITE : HTTPS://DPSRKP.NET/
THANK YOU

More Related Content

VAPT_FINAL SLIDES.pptx

  • 2. INDEX • What Is Vulnerability Assessment • What Is Penetration Testing • Types Of Testing • Steps Involved In vapt Process • Some Images • T ools WhichAre Use • Top Common Vulnerability • Demo WebsiteAnd Vm’s • Some vulnerabilities and solution of them.
  • 3. WHAT IS VULNERABILITY ASSESSMENT • Vulnerability assessment (VA) is a systematic technical approach to finding the security loopholes in a network or software system. • It primarily adopts a scanning approach which is done. • both manually and performed by certain tools. • The outcome of a VAprocess is a report showing all vulnerabilities, which are categorised based on their severity. • This report is further used for the next step, which is penetration testing (PT).
  • 4. WHAT IS PENETRATION TESTING • A Penetration test (PT) is a proof-of-concept approach to actually explore and exploit vulnerabilities. • This process confirms whether the vulnerability really exists and further proves that exploiting it can result in damage to the application or network. • The outcome of a PT is, typically, evidence in the form of a screenshot or log, which substantiates the finding and can be a useful aid towards remediation.
  • 5. TYPES OF TESTING • There Are Mainly 3 Types Of Testing. 1. BLACKBOX TESTING 2. GRAYBOX TESTING 3. WHITEBOX TESTING • Black Box does not include any knowledge of the structure of the system, so this type of testing simulates the approach of an outside attacker. • Gray Box includes only a limited knowledge of the layout of the target. • White Box testing occurs when a penetration tester has complete knowledge of the layout of the target(s).
  • 6. STEPS INVOLVED IN VAPT PROCESS • Enumerates a vulnerability. • Performs an attack manually • Analyses the results of the attack Performs similar or different attacks based on previous findings • Assimilates the results to create a customised attack • Exploits the vulnerability further to see if more attacks are possible • Repeats the above steps for all vulnerabilities • Prepare the final report of testing
  • 10. TOOLS WHICH ARE USE • HOSTEDSCAN • NMAP • OWASP ZAP • WPSCAN • NIKTO
  • 11. • NMAP :- Nmap is a network scanning tool that uses IP packets to identify all the devices connected to a network and to provide information on the services and operating systems they are running. • OWASP ZAP :- OWASP ZAP Penetration testing helps in finding vulnerabilities before an attacker does. OSWAP ZAP is an open-source free tool and is used to perform penetration tests. The main goal of Zap is to allow easy penetration testing to find the vulnerabilities in web applications. • NIKTO :- Nikto is an open source web server and web application scanner. Nikto can perform comprehensive tests against web servers for multiple security threats, including over 6700 potentially dangerous files/programs. Nikto can also perform checks for outdated web servers software, and version-specific problems.
  • 12. • WPSCAN :- The WPSSCAN CLI tool is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites. • HOSTEDSCAN :- Vulnerability scans, automated for any business. Scan networks, servers, and websites for security risks. Manage your risks via dashboards, reporting, automation.
  • 13. TOP COMMON VULNERABILITY • SQL Injection • Cross Site Scripting • BrokenAuthentication and Session Management • Insecure Direct Object References • Security Misconfiguration • Insecure Storage • Failure to restrict URLAccess • Un-validated Redirects and Forwards
  • 15. 1.Vulnerability name : XML RPC SEEMS TO BE ENABLED. SEVERITY : MEDIUM. IMPACT : Vulnerability in XML-RPC allows an attacker to make a system call which can be dangerous for the application and servers. Also, an attacker can use this method to craft a successful DOS and BRUTEFORCE attack against the application. SOLUTION : Simply deleting the xmlrpc.php file. That's a WordPress core file that some 3rd- party apps and plugins still rely on to interact with WordPress, so deleting it risks disrupting their functionality. I'll describe three ways of disabling XML-RPC safely here: 1. Disable XML-RPC in WordPress using a plugin. 2. Block XML-RPC using the htaccess file. 3. Disable XML-RPC in WordPress via a filter.
  • 17. 2. Vulnerability name : THEME VERSION IS OUT DATED. SEVERITY : LOW. IMPACT : Outdated theme versions are more prone to get affected by a security threat Over time hackers find their way to exploit its core and ultimately execute the attack on the sites still using outdated versions. Solution : the WordPress team releases patches and newer versions with updated security mechanisms. Update themes and plugins.
  • 18. 3.Vulnerability name : BACKUP DIRECTORY FOUND. SEVERITY : MEDIUM IMPACT : The File Manager WordPress plugin, version 6.4 and lower, failed to restrict external access to the fm_backups directory with a .htaccess file. This resulted in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, which the plugin had taken. SOLUTION : Update the File Manager WordPress plugin, version 6.5 and higher.
  • 20. 4.Vulnerability : USERID/USERNAME FOUND. SEVERITY : HIGH IMPACT :Attacker will do Bruteforce attack and get your password. SOLUTION : Change username/id and password. Create complex password. Require multi-factor authentication Enable and configure remote access. An access management tool like OneLogin will mitigate the risk of a brute-force attack.
  • 23. 5.VULNERABILITY : GOT ACESS OF DATABASE. SEVERITY : CRITICAL. IMPACT : WordPress Database is the brain of a WordPress website as it stores all the information about and on the website like posts, pages, comments, tags, users data, categories, custom fields, and other site options. This makes it a juicy target for malicious actors. Spammers and hackers run automated codes for SQL injections. Here is how you can secure the WordPress database . SOLUTION : Change Administrator Username and user id. Change Database Prefix Strict Database User Privileges Create Backups and delete custom tables. reference : https://www.getastra.com/blog/911/how-to-secure-wordpress-database/
  • 25. 6. Vulnerability : USERID/USERNAME FOUND. SEVERITY : HIGH IMPACT :Attacker will do Bruteforce attack and get your password. SOLUTION : Change username/id and password. Create complex password. Require multi-factor authentication Enable and configure remote access. An access management tool like OneLogin will mitigate the risk of a bruteforce attack
  • 27. 7. Vulnerability : ROBOT.TXT FOUND. SEVERITY : LOW IMPACT : This file can be viewed by anyone, and it might contain sensitive information about the server. For example, specifying which directories shouldn’t be indexed tells the attacker where the sensitive files are. robot(s).txt to supply information to search engines and other indexing tools. This file exists on your server. SOLUTION : Make sure the file doesn’t contain any sensitive information. If any information in file so remove it.
  • 28. 6. Vulnerability : WORDPRESS VERSION IS OUT-DATED. SEVERITY : LOW IMPACT : Outdated WordPress versions are more prone to get affected by a security threat. Over time hackers find their way to exploit its core and ultimately execute the attack on the sites still using outdated versions. SOLUTION : For the same reason, the WordPress team releases patches and newer versions with updated security mechanisms. Running older versions of PHP can cause incompatibility issues.As WordPress runs on PHP, it requires an updated version to operate properly.
  • 31. 7. Vulnerability: - Cross Site Scripting (XSS) – Reflected Severity: - Medium Summary: -  Reflected Cross-site Scripting (XSS) occur when an attacker injects browser executable code within a single HTTP response. When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests back to the client.  The value of request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Impact : Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application. o Arbitrary requests - An attacker can use XSS to send requests that appear to be from the victim to the web server. Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware. o Solution : Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. o Input which fails the validation should be rejected, not sanitized. User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including <> " ' and =, should be replaced with the corresponding HTML entities (<> etc). - o Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware.
  • 32. VULNERABILITY FIND WITH HOSTEDSCAN WEBSITE : HTTPS://DPSRKP.NET/
  • 33. VULNERABILITY FIND WITH ZAP. WEBSITE : HTTPS://DPSRKP.NET/