1
00:00:14,740 --> 00:00:17,830
Let us continue with the Web application penetration testing.

2
00:00:18,370 --> 00:00:23,560
In the previous lectures, we saw an introduction to Web server attacks and countermeasures.

3
00:00:23,980 --> 00:00:28,680
And now from this lecture onwards, we will see the application vulnerabilities.

4
00:00:29,230 --> 00:00:35,000
So before we move ahead, before the practical applications and using of tools, we should first know

5
00:00:35,020 --> 00:00:37,150
the UPS top 10 attacks.

6
00:00:37,900 --> 00:00:43,690
So in this lecture, that is the first part I will tell you, which are the first five top vulnerabilities

7
00:00:43,900 --> 00:00:45,460
presented by the UPS.

8
00:00:45,850 --> 00:00:49,670
So Apps stands for open web application security.

9
00:00:50,800 --> 00:00:56,270
You can see these other top 10 attacks according to 2017 or APS released.

10
00:00:56,620 --> 00:01:03,610
Now, why I'm not going to tell you the 2020 2019 because there is only a slight change in documentation,

11
00:01:03,610 --> 00:01:05,580
but the major attacks remain same.

12
00:01:06,250 --> 00:01:09,910
So in this lecture, we will cover the first five attacks.

13
00:01:09,910 --> 00:01:11,670
That is even to a five.

14
00:01:12,040 --> 00:01:20,380
So which is the first attack injections plus injection floors are a application vulnerabilities that

15
00:01:20,380 --> 00:01:26,620
allow untrusted data to be interpreted and executed as a part of a command or query.

16
00:01:27,340 --> 00:01:34,060
Now attackers can exploit injection laws by constructing malicious commands or queries that result in

17
00:01:34,060 --> 00:01:39,160
data loss or corruption, lack of accountability or denial of access.

18
00:01:39,670 --> 00:01:46,810
There are various types of encryption flaws like SQL injection, command line injection, a deep injection

19
00:01:46,990 --> 00:01:47,710
and others.

20
00:01:49,030 --> 00:01:52,570
The next data is broken authentication.

21
00:01:53,410 --> 00:02:00,790
What is broken authentication and attacker uses vulnerabilities in the authentication or session management

22
00:02:00,790 --> 00:02:10,360
functions such as exposed accounts, session IDs, logout password management timeouts, remember meetings,

23
00:02:10,630 --> 00:02:18,640
secret questions, one time passwords, account updates and others just to impersonate other users,

24
00:02:19,780 --> 00:02:28,270
attackers, the network traffic or the user to get an I.D. And he uses these session IDs for malicious

25
00:02:28,270 --> 00:02:28,960
purposes.

26
00:02:29,830 --> 00:02:34,000
Password exploitation is also a part of broken authentication.

27
00:02:34,780 --> 00:02:36,490
What is Dinmore exploitation?

28
00:02:36,910 --> 00:02:38,200
No fun applications.

29
00:02:38,200 --> 00:02:45,280
Timeouts are not set properly and the user simply closes the browser without logging out from sites

30
00:02:45,280 --> 00:02:47,560
accessed through a public computer.

31
00:02:47,860 --> 00:02:52,750
The attacker can simply use the same browser later and exploit the user's privileges.

32
00:02:53,530 --> 00:02:59,230
The third one is sensitive data exposure, as you can guess on the name.

33
00:02:59,560 --> 00:03:05,170
Many Web applications do not protect sensitive data properly from unauthorized users.

34
00:03:05,680 --> 00:03:12,580
Sensitive data exposure takes place you two floors like insecure cryptographic storage and information

35
00:03:12,580 --> 00:03:13,150
leakage.

36
00:03:14,050 --> 00:03:20,200
Now, when an application uses poorly written encryption code to securely encrypt and store sensitive

37
00:03:20,200 --> 00:03:27,610
data in the database, the attacker can exploit this flaw and steal or modify weakly protected, sensitive

38
00:03:27,610 --> 00:03:33,490
data such as credit card numbers, assistance and other authenticated credentials.

39
00:03:34,150 --> 00:03:39,550
So basically, by exploiting this vulnerability, attackers can steal your sensitive data.

40
00:03:40,600 --> 00:03:50,860
The fourth one is external external entity that is Xixi external external entity attack is a site request

41
00:03:50,860 --> 00:03:59,530
forgery, that is SRF, but an application is able to parse XML input from an unreliable source because

42
00:03:59,530 --> 00:04:06,820
of the misconfiguration XML parser, and that occurs in the malicious XML input containing a reference

43
00:04:06,820 --> 00:04:09,990
to an external entity to the victim of application.

44
00:04:10,480 --> 00:04:16,530
When this malicious input is processed by a weekly configured XML parser of the target of application,

45
00:04:16,960 --> 00:04:23,350
it enables attackers to access particular files and services from servers or connected networks.

46
00:04:23,830 --> 00:04:27,160
And the fifth one, this lecture is broken.

47
00:04:27,160 --> 00:04:35,740
Access Control now refers to how Overapplication grant access to its contents and functions, goes unprivileged

48
00:04:35,740 --> 00:04:37,550
users and others.

49
00:04:38,470 --> 00:04:45,660
Broken access control is a method in which an attacker identifies of law related to access control and

50
00:04:45,660 --> 00:04:49,770
then bypasses the authentication and then compromises the network.

51
00:04:50,260 --> 00:04:59,310
It allows an attacker to act as a user or an administrator with privileged functions and to create access,

52
00:04:59,320 --> 00:05:01,250
update or delete every record.

53
00:05:01,660 --> 00:05:09,280
So for this lecture, we have seen the first five attacks of the web stop then and in the next lecture

54
00:05:09,460 --> 00:05:11,280
we'll explore all of these.

55
00:05:11,290 --> 00:05:13,030
That is the remaining five attacks.