1
00:00:12,050 --> 00:00:14,520
Hi, welcome back to another episode on How to Hack.

2
00:00:15,050 --> 00:00:20,770
So today we'll be discussing about open Web application security project, otherwise known as waps.

3
00:00:21,140 --> 00:00:26,230
So this is the top 10 Web variabilities that we can find across all these different sites.

4
00:00:26,240 --> 00:00:32,110
So more and more websites now are using Web application technology to actually provide information,

5
00:00:32,120 --> 00:00:36,030
provide services and look at even payment systems and so on.

6
00:00:36,050 --> 00:00:42,280
So a lot of different kind of versatility that comes along with Web application services as a result

7
00:00:42,300 --> 00:00:46,040
that we have different kind of attacks that go after many of these sites.

8
00:00:46,050 --> 00:00:49,130
So, of course, the first one you can see over here is injection.

9
00:00:49,460 --> 00:00:54,380
How can we inject something into the site that could bypass some of the different security mechanisms

10
00:00:54,560 --> 00:00:57,300
and be able to pull results, drop tables and so on.

11
00:00:57,320 --> 00:01:00,310
So the list goes on and broken authentication.

12
00:01:00,320 --> 00:01:05,810
I'll be able to try to gain access to the system because you're not able to authenticate us properly

13
00:01:05,810 --> 00:01:06,650
or as intended.

14
00:01:06,920 --> 00:01:08,780
Can we bypass authentication?

15
00:01:09,440 --> 00:01:11,820
No trees on sensitive data exposure.

16
00:01:11,840 --> 00:01:18,170
So again, does it accidentally open up certain directories that would actually allow hackers or users

17
00:01:18,170 --> 00:01:21,650
to browse into those directories, pulling out information of data?

18
00:01:22,070 --> 00:01:24,740
And of course, we also have some external entities.

19
00:01:25,010 --> 00:01:30,560
When you're putting up different kind of XML technology into the site, does it process it correctly?

20
00:01:30,740 --> 00:01:32,720
Is the process or working as intended?

21
00:01:33,050 --> 00:01:35,850
Well, we had actually run certain kind of malicious scripts on it.

22
00:01:36,360 --> 00:01:39,150
Number five, broken access control.

23
00:01:39,410 --> 00:01:45,410
Are you managing the accesses to different users, different identities, different roles of how users

24
00:01:45,410 --> 00:01:46,100
go into your site?

25
00:01:46,130 --> 00:01:50,660
So all this matter in terms of how you're managing DNS and the control of it.

26
00:01:51,150 --> 00:01:56,270
Number six isn't security misconfiguration, which is a very big part because as more and more enterprises

27
00:01:56,270 --> 00:02:02,240
go into cloud, this is the part that we can actually see that some of these servers or instances are

28
00:02:02,240 --> 00:02:03,200
being mis configured.

29
00:02:03,410 --> 00:02:07,310
And this allow hackers to actually go directly into the systems.

30
00:02:07,310 --> 00:02:10,940
So maybe they open up secure, shall they open up telnet.

31
00:02:11,120 --> 00:02:16,820
And there wasn't a ability to stop with first attack from happening and there was seven of Croci scripting.

32
00:02:17,000 --> 00:02:23,180
Are we able to inject our own scripts into the site, changing the behavior of the intended purposes

33
00:02:23,390 --> 00:02:27,680
of different parts of the site, number eight on in security serialisation.

34
00:02:27,710 --> 00:02:33,020
So again, when we upload a data into the system, are we able to change the way it behaves?

35
00:02:33,470 --> 00:02:37,640
Nemani What about components to come alongside with a Web application service?

36
00:02:37,970 --> 00:02:43,370
If you are using different kind of libraries, different kind of plug ins, add ons to your site, already

37
00:02:43,370 --> 00:02:45,330
vulnerable to different kind of attacks as well.

38
00:02:45,830 --> 00:02:48,860
And number 10, how are you logging now?

39
00:02:49,070 --> 00:02:50,450
What is happening to the site?

40
00:02:50,600 --> 00:02:53,690
Did a user fail to authenticate a user?

41
00:02:53,690 --> 00:02:57,800
Actually authentication a few times and he managed to access it.

42
00:02:58,040 --> 00:03:02,830
Is the user accessing the system from a different kind of geolocation?

43
00:03:02,840 --> 00:03:08,240
So all these are things that we have to constantly lock down so that we can perform further analysis

44
00:03:08,450 --> 00:03:09,410
onto the site.

45
00:03:11,240 --> 00:03:16,460
And of course, if you go back into the earlier lecture and tutorial, we will looking at the Web server

46
00:03:16,460 --> 00:03:17,390
architecture, right.

47
00:03:17,420 --> 00:03:20,060
So over here, we've got these on the left side.

48
00:03:20,060 --> 00:03:21,170
We've got all your Web browsers.

49
00:03:21,170 --> 00:03:26,180
So they could be Chrome, Firefox and right at the center, we have all these Web server technology.

50
00:03:26,190 --> 00:03:28,430
So it could be your USP and so on.

51
00:03:28,850 --> 00:03:30,400
In a right state, you go to databases.

52
00:03:30,410 --> 00:03:36,020
So, of course, you could have different databases like Microsoft, SQL microprocessors, equal or

53
00:03:36,020 --> 00:03:40,020
even a newer type, like no sequel on Mongo, DB and so on.

54
00:03:40,040 --> 00:03:43,820
So those are places where we are storing a lot of data.

55
00:03:43,850 --> 00:03:48,230
So again, this is the architecture of a Web server and there's a lot of more things that we can do

56
00:03:48,230 --> 00:03:48,680
with that.

57
00:03:50,210 --> 00:03:55,820
So, of course, if you go back to the earlier lecture and tutorial on SQL injection, so this is a

58
00:03:55,820 --> 00:03:56,840
very simple way.

59
00:03:57,120 --> 00:04:02,450
We're real looking at what's happening across the site and we are able to know what kind of injection

60
00:04:02,450 --> 00:04:05,870
we can put in and this allow us complete access into the system.

61
00:04:05,900 --> 00:04:06,210
All right.

62
00:04:06,650 --> 00:04:09,270
So with that, let us go ahead with the first tutorial.

63
00:04:10,070 --> 00:04:11,900
So over here, I've abstruse shop.

64
00:04:11,930 --> 00:04:19,250
So this allow us an access to a Web application server and Tassell ability to unlock different parts

65
00:04:19,250 --> 00:04:22,790
of the site to SQL injection, to croci scripting and so on.

66
00:04:22,820 --> 00:04:27,090
So, again, this is the place we're going into to try to find more details.

67
00:04:27,650 --> 00:04:31,250
So what we're trying to find here is looking at the search result bar.

68
00:04:31,260 --> 00:04:33,790
So this allow us to put in some kind of input.

69
00:04:34,280 --> 00:04:35,890
There's also an account and login.

70
00:04:35,930 --> 00:04:41,120
So once you're presented with a login page, you're thinking about what kind of database are the using

71
00:04:41,120 --> 00:04:44,520
of the backend and how could you possibly bypass login?

72
00:04:45,110 --> 00:04:50,470
So remember earlier in the electric slide, you could actually see what is happening behind the scene.

73
00:04:50,480 --> 00:04:54,680
And of course, you'll be calling into the database, trying to find details and information.

74
00:04:55,130 --> 00:05:01,400
And all we get to do is enter a single car to test whether this particular login form is vulnerable

75
00:05:01,760 --> 00:05:07,760
to a sequel injection so we can enter or one equal one, which means that this complete statement is

76
00:05:07,760 --> 00:05:08,480
actually true.

77
00:05:08,780 --> 00:05:12,980
And in parser we can just enter one, two, three, four or five, six, seven, eight, for example.

78
00:05:13,370 --> 00:05:16,130
And all we get to do is go ahead and click login and that.

79
00:05:16,340 --> 00:05:19,430
So this would actually allow us access into the system.

80
00:05:19,730 --> 00:05:24,500
And the great thing about All Upstages Shop is that it will actually inform you when a challenge is

81
00:05:24,500 --> 00:05:25,050
complete.

82
00:05:25,400 --> 00:05:32,840
So this is allowing you to learn through a score brought format to know what kind of levels and challenges

83
00:05:32,840 --> 00:05:36,710
there are in order for you to access further into the site.

84
00:05:37,340 --> 00:05:41,480
So we've done I hope you learned something really valuable in today's lecture and tutorial.

85
00:05:41,720 --> 00:05:47,360
So we will be starting this upstairs shop series of a web application penetration testing so that you

86
00:05:47,360 --> 00:05:49,340
can learn more about cybersecurity.

87
00:05:49,670 --> 00:05:51,310
So thank you so much once again for watching.

88
00:05:51,380 --> 00:05:55,250
And if you have any questions, feel free to leave a comment below and I'll try my best to answer any

89
00:05:55,250 --> 00:05:55,850
of your queries.

90
00:05:56,180 --> 00:06:00,810
Remember to like subscribe to channel so that you can be kept abreast of the latest cybersecurity.

91
00:06:01,220 --> 00:06:02,720
Thank you so much once again for watching.