1
00:00:00,060 --> 00:00:01,050
Welcome back, everyone.

2
00:00:02,400 --> 00:00:07,970
This session is about understanding the application vulnerabilities gap.

3
00:00:08,290 --> 00:00:18,300
OK, when I say scanning, it's about performing the performing, the penetration testing or even the

4
00:00:18,300 --> 00:00:19,500
ethical hacking as well.

5
00:00:20,310 --> 00:00:24,360
So before this is no one particular related to the hacking.

6
00:00:24,630 --> 00:00:32,500
But this is what has been followed by security testing professionals, practitioners as well.

7
00:00:32,940 --> 00:00:40,050
So whomever it's a part of cyber security in a way, but it is important to understand how the other

8
00:00:40,050 --> 00:00:41,760
side of the house really looks like.

9
00:00:41,760 --> 00:00:49,770
You know, you need to understand what kind of practices are being used by the cyber security professional

10
00:00:50,220 --> 00:00:56,940
to protect their protect their Web application, because from the ethical hacking point of view, we

11
00:00:56,940 --> 00:00:58,080
don't have any framework.

12
00:00:58,440 --> 00:01:03,780
We we are not really tied with any specific rules or framework or structure.

13
00:01:04,230 --> 00:01:07,290
We can keep making use of any possible methods.

14
00:01:07,320 --> 00:01:14,850
But on the other side, the cyber security professional follows certain guidelines, certain frameworks,

15
00:01:15,150 --> 00:01:16,340
certain strategies.

16
00:01:17,040 --> 00:01:19,180
And that's what we are actually going to talk about.

17
00:01:20,040 --> 00:01:25,860
So if you look at the Web application already scanning or probably you can say testing as well, we'll

18
00:01:25,860 --> 00:01:28,010
be talking about some of the practices.

19
00:01:28,290 --> 00:01:37,950
So on that initiative is the is a non-profit organization, which is nothing but open Web application

20
00:01:37,950 --> 00:01:46,320
security projects where the job of this organization or institution is to find the vulnerabilities in

21
00:01:46,320 --> 00:01:53,910
a Web application that's mostly known vulnerabilities and submitted as top 10 vulnerabilities.

22
00:01:53,910 --> 00:02:03,480
So for what usually we would find a you know, as a part of as a part of activity, this the stop invulnerability

23
00:02:03,480 --> 00:02:10,770
and all these security testing professionals or cybersecurity professionals make use of this for the

24
00:02:10,770 --> 00:02:14,510
vulnerability assessment and penetration testing point of view.

25
00:02:15,240 --> 00:02:22,230
This is immediately used as a part of the best practices, because if you are if you are done with this,

26
00:02:22,680 --> 00:02:31,460
this, then then security patches, fixes and everything, you are good but good.

27
00:02:31,470 --> 00:02:36,190
But mostly 90, 95 percent purchase online.

28
00:02:36,240 --> 00:02:38,660
OK, so that's what I believe in.

29
00:02:38,910 --> 00:02:41,370
And as I told you, it's a nonprofit organization.

30
00:02:41,880 --> 00:02:50,900
Every every every every time they come up with some sort of a list of 10 vulnerabilities.

31
00:02:50,910 --> 00:02:59,080
And on the right hand side, you couldn't get to see that top 10 vulnerability of 2013 and 2017 is.

32
00:02:59,090 --> 00:03:07,200
But based on the trend, based on the track trend as well, the kind of attack that happened in the

33
00:03:07,200 --> 00:03:12,570
past and kind of attacks has happening now.

34
00:03:12,810 --> 00:03:15,920
The the the ranking changes as well.

35
00:03:15,930 --> 00:03:21,930
If you see the ranking has been changed from 84 to 85, which has been much.

36
00:03:22,060 --> 00:03:27,120
So if you find a one this is injection in 2013.

37
00:03:28,080 --> 00:03:36,420
The first one of the latest was about indication that the broken authentication then A3 was crossette

38
00:03:36,420 --> 00:03:44,610
scripting and if all was insecure, object references and S7 was the missing functional level access

39
00:03:44,610 --> 00:03:50,430
control, which has been much to be broken access control right now.

40
00:03:50,490 --> 00:04:02,160
Now that you would find as a part of 2017 as a top down top three, you are probably going to rank three.

41
00:04:02,160 --> 00:04:08,820
You will find sensitivity to exposure, whereas you will find crosseyed scripting has been moved to

42
00:04:09,210 --> 00:04:10,020
rank seven.

43
00:04:10,380 --> 00:04:10,690
Right?

44
00:04:11,190 --> 00:04:15,870
So this is what happened and this gives you the priority about which one to fix.

45
00:04:15,870 --> 00:04:23,000
First, when you when you are ready with your applications now you have to start securing it, OK,

46
00:04:23,280 --> 00:04:32,940
or maybe if you are a third party security testing organization and company, outsource it to your organization.

47
00:04:32,940 --> 00:04:39,240
And guess in that case, also, if you start your activity and you know, the customers are the client

48
00:04:39,240 --> 00:04:46,850
says, OK, see, we have to go live another seven days and we just want to make sure we are good from

49
00:04:47,010 --> 00:04:48,870
good from our security point of view.

50
00:04:48,870 --> 00:04:49,160
Right.

51
00:04:49,470 --> 00:04:54,960
So in that case, what you could what you could really start with is you can start with the injection

52
00:04:54,960 --> 00:04:59,760
you need to find if the application if this specific target application.

53
00:05:00,450 --> 00:05:05,590
Has got any injection vulnerability or not, this has got any broken authentication one.

54
00:05:05,610 --> 00:05:06,360
No, it is not.

55
00:05:06,720 --> 00:05:09,420
And then it can start with the rest of the perimeter.

56
00:05:09,900 --> 00:05:10,120
Right.

57
00:05:10,410 --> 00:05:12,360
So this is how it really helps.

58
00:05:13,020 --> 00:05:19,920
And then as a follow of testing practices, this is what we'll be talking about, a decision because

59
00:05:22,050 --> 00:05:25,960
of why being an ethical hacker, we should really follow this.

60
00:05:25,980 --> 00:05:32,340
That's the first question, because if you follow this trend, you understand this is what I have to

61
00:05:32,340 --> 00:05:40,050
start first, and this is where we'll have to make use of all this vulnerability that there will be

62
00:05:40,050 --> 00:05:46,800
five one five vulnerabilities that will be focusing more, because this is where most of the organization

63
00:05:46,850 --> 00:05:52,710
fails, taking care of their weaknesses, their application weaknesses.

64
00:05:53,070 --> 00:05:59,250
So from the ethical hacking point of view will be they'll be forced five of the staff, five vulnerabilities.

65
00:05:59,250 --> 00:06:05,160
Then there will be, you know, a different technique as a part of penetration testing.

66
00:06:05,490 --> 00:06:11,250
Where will it be going random and will be making use of some advance hacking techniques as well.

67
00:06:11,370 --> 00:06:17,490
So this is something which will keep making use of it throughout the session, first as information

68
00:06:17,490 --> 00:06:22,930
gathering and thus Fosdick testing practices on this.

69
00:06:22,930 --> 00:06:27,510
And this is mainly for from the security testing point of view.

70
00:06:27,630 --> 00:06:34,140
OK, but this is also important from the data hacking as well, because once once you start when you

71
00:06:34,140 --> 00:06:41,310
start hacking any application, you have to first see if the application is hackable through the through

72
00:06:41,310 --> 00:06:44,920
the known vulnerabilities or through the OS on top.

73
00:06:44,920 --> 00:06:51,750
Then when everything goes not and if they clear if the application can clear all those tests, then

74
00:06:51,750 --> 00:06:53,920
you can go to the rest of the stuff.

75
00:06:54,360 --> 00:07:00,120
I'm not saying this is this is what you are supposed to follow, but I'm saying this is what you could

76
00:07:00,120 --> 00:07:04,230
actually start with, because this is where this actually saves a whole lot of time.

77
00:07:04,740 --> 00:07:05,150
All right.

78
00:07:05,790 --> 00:07:06,830
Information gathering.

79
00:07:07,140 --> 00:07:13,680
You could probably start seeing if you if you can gather the domain name, IP address, email address,

80
00:07:13,680 --> 00:07:22,380
use information just by getting the website that domain or IP address and all those information, either

81
00:07:22,380 --> 00:07:24,420
by passive scan or after Skype.

82
00:07:24,840 --> 00:07:25,200
All right.

83
00:07:25,200 --> 00:07:28,050
So invasive scan, we don't really hit it.

84
00:07:28,090 --> 00:07:30,890
We don't send any probes to the target machine.

85
00:07:30,900 --> 00:07:37,110
We don't really even let the application know that we are trying to get some information about it.

86
00:07:37,350 --> 00:07:38,880
In the the active scan.

87
00:07:38,880 --> 00:07:40,470
We might send some proofs.

88
00:07:40,500 --> 00:07:44,700
OK, then it comes the input output from manipulation.

89
00:07:45,300 --> 00:07:54,190
And this case we try to understand, is there any standardization happened from the application or not?

90
00:07:54,420 --> 00:07:55,770
And I say sanitisation.

91
00:07:55,770 --> 00:08:03,810
It's all about it's all about is there any additional precaution has been taken care by the application

92
00:08:03,810 --> 00:08:11,970
or not that could lead to a severe one of these like Eskil injection crosseyed scripting as well, even

93
00:08:11,970 --> 00:08:17,460
in the cross site scripting that could be reflected, that could be stored, could be, Dombey says,

94
00:08:17,460 --> 00:08:26,730
but then the authentication related challenges and this would be very, very, very different approach

95
00:08:26,730 --> 00:08:32,100
because in this situation the attacker might get set right.

96
00:08:32,640 --> 00:08:39,360
Or the attacker might have to spend like your years as well just to get the right password.

97
00:08:39,870 --> 00:08:48,360
But from now on, that application has been pretty much advanced where they have started making use

98
00:08:48,360 --> 00:08:53,090
of no maximum number of items that you can make on any target website.

99
00:08:53,550 --> 00:08:58,470
They started making use of multifactor authentication, Two-Factor authentication, where you get an

100
00:08:58,470 --> 00:09:03,180
OTB or probably you get an authenticated dot b all this stuff.

101
00:09:03,570 --> 00:09:03,890
Right.

102
00:09:03,900 --> 00:09:07,350
Biometric options are also available on the stuff.

103
00:09:07,740 --> 00:09:11,920
So that's where we can make use of brute force attack before the attack as well.

104
00:09:12,270 --> 00:09:19,680
So from the security testing point of view, the security testing folks will keep checking if the system

105
00:09:19,680 --> 00:09:26,640
is infected from system, can be compromised by any brute force attacks, ESKIL injection and all stuff.

106
00:09:26,890 --> 00:09:31,560
In fact, that's what the hacker would be doing as well in this point.

107
00:09:31,560 --> 00:09:31,810
Right.

108
00:09:32,490 --> 00:09:39,750
And if you go on the authorization, this is where the security testing folks will be testing.

109
00:09:39,990 --> 00:09:45,570
If a normal user can get that privilege, escalation to an admin, use it or not.

110
00:09:45,600 --> 00:09:50,370
So that's where it will be testing about Bodrov as a privileged escalation of this stuff.

111
00:09:50,370 --> 00:09:50,630
Right.

112
00:09:51,470 --> 00:09:54,610
And in fact, ethical hacker would be doing the same thing.

113
00:09:54,870 --> 00:09:59,520
He would also be testing if he can penetrate in the network and.

114
00:09:59,950 --> 00:10:05,830
He had he if he's a normal user, can he get the legislation to the next level?

115
00:10:05,840 --> 00:10:12,760
And then this session management system management session management is all about where you can hijack

116
00:10:12,760 --> 00:10:13,270
this issue.

117
00:10:13,480 --> 00:10:17,860
OK, but the decision is being happening, maybe Skippy's and whatever it is.

118
00:10:17,860 --> 00:10:18,130
Right.

119
00:10:19,270 --> 00:10:26,040
So this is all about security practices, which is being used and which is being used by security testing

120
00:10:26,080 --> 00:10:31,570
professionals and being delivered and presented by Auvers.

121
00:10:31,900 --> 00:10:40,000
OK, so from the ethical hacking point of view, will be will be going to these five steps in much more

122
00:10:40,000 --> 00:10:40,540
detail.

123
00:10:41,350 --> 00:10:48,810
And this will make us pretty much confident as a part of security testing, professional and rest.

124
00:10:49,150 --> 00:10:58,420
What ever you would be doing would be considered as the advanced hacking technique and wearing the security

125
00:10:58,420 --> 00:11:01,090
testing professional, even one we knowing about it.

126
00:11:01,100 --> 00:11:01,350
Right.

127
00:11:01,570 --> 00:11:03,640
And that's where the magic really happens.

128
00:11:04,270 --> 00:11:10,630
So if the hackers keep making use of this five vulnerabilities, right.

129
00:11:10,990 --> 00:11:15,760
This is what the security professionals would also be knowing.

130
00:11:15,760 --> 00:11:16,110
Right.

131
00:11:16,360 --> 00:11:23,440
Because as an as a periodic audit program, they keep testing all these five parameters.

132
00:11:23,800 --> 00:11:27,280
That could be a couple of more hours based on the guideline.

133
00:11:27,580 --> 00:11:28,720
They keep testing it.

134
00:11:28,810 --> 00:11:29,170
Right.

135
00:11:29,680 --> 00:11:37,960
So if you being an ethical hacker, just stick to those five methods, you might end up losing the grip

136
00:11:38,260 --> 00:11:41,770
on your you know, on your capability.

137
00:11:42,400 --> 00:11:50,550
You the think hacker would be the one who's go who goes beyond those well known vulnerabilities.

138
00:11:50,560 --> 00:11:54,420
And that's what will be covering up it as well as we go further.

139
00:11:55,180 --> 00:11:58,130
I hope you got the idea, but he's got you in the next session.

140
00:11:58,270 --> 00:11:58,780
Thank you.