Scribd Logo
Upload

Welcome to Scribd!

  • 9 views

    07 Hacker Mindset

    Uploaded by

    champubhaiya8
    The document discusses how to find vulnerabilities in web applications. It states that the first step is reconnaissance to understand how the application works and flows of data through it. Understanding the intended functionality helps determine if behaviors are actual vulnerabilities. The steps given to "rob a web application" mirror those of reconnaissance, developing hypotheses of vulnerabilities, testing them, and developing exploits if found. Injection vectors and understanding data flows are also discussed as important to analyzing vulnerabilities.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    07 Hacker Mindset

    Uploaded by

    champubhaiya8
    9 views8 pages
    The document discusses how to find vulnerabilities in web applications. It states that the first step is reconnaissance to understand how the application works and flows of data through it. Understanding the intended functionality helps determine if behaviors are actual vulnerabilities. The steps given to "rob a web application" mirror those of reconnaissance, developing hypotheses of vulnerabilities, testing them, and developing exploits if found. Injection vectors and understanding data flows are also discussed as important to analyzing vulnerabilities.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses how to find vulnerabilities in web applications. It states that the first step is reconnaissance to understand how the application works and flows of data through it. Understanding the intended functionality helps determine if behaviors are actual vulnerabilities. The steps given to "rob a web application" mirror those of reconnaissance, developing hypotheses of vulnerabilities, testing them, and developing exploits if found. Injection vectors and understanding data flows are also discussed as important to analyzing vulnerabilities.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    9 views8 pages

    07 Hacker Mindset

    Uploaded by

    champubhaiya8
    The document discusses how to find vulnerabilities in web applications. It states that the first step is reconnaissance to understand how the application works and flows of data through it. Understanding the intended functionality helps determine if behaviors are actual vulnerabilities. The steps given to "rob a web application" mirror those of reconnaissance, developing hypotheses of vulnerabilities, testing them, and developing exploits if found. Injection vectors and understanding data flows are also discussed as important to analyzing vulnerabilities.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 8

    The Hacker Mindset

    CSE 591 – Security and Vulnerability Analysis


    Spring 2015

    Adam Doupé
    Arizona State University
    http://adamdoupe.com
    What is a Vulnerability?
    • Make the application to do something that
    it is not supposed to do
    • Therefore, in order to find vulnerabilities,
    you must first understand the application
    – What is the intended functionality?
    – What is the intended behavior?
    – What does the application use as input?
    – What does the application produce as output?

    Adam Doupé, Security and Vulnerability Analysis


    Example
    • Find: unauthenticated users can edit page
    content
    • Is this a vulnerability?
    – On cnn.com, yes!
    – On wikipedia.org, no!
    • This is why understanding the web
    application is critical

    Adam Doupé, Security and Vulnerability Analysis


    How to Rob a Bank*
    • Step 1: Reconnaissance
    – Who works at the bank?
    – What is their role?
    – Who has the keys?
    – When do the guards change or take a break?
    – What does the layout of the bank look like?
    – What does the vault look like?
    – What kind of lock does the bank use?
    – …
    • Step 2: Build elaborate plan
    • Step 3: Everything goes wrong
    • Step 4: Profit?
    *Knowledge comes from movies

    Adam Doupé, Security and Vulnerability Analysis


    How to Rob a Web Application
    • Step 1: Reconnaissance
    – How does the application work?
    – Are there user accounts?
    – Do the user accounts have different privileges?
    – How are privileges enforced?
    – What does the layout of the web application look like (URLs)?
    – What URLs should only be accessible via a certain privilege?
    – What is the input to the web application?
    – What is the output of the web application?
    – How is the web application probably written?
    • Step 2: Develop vulnerability hypothesis
    • Step 3: Test vulnerability hypothesis
    • Step 4: Develop exploit
    • Step 5: Profit
    Adam Doupé, Security and Vulnerability Analysis
    Injection Vectors
    • All user input to the web application
    • Some examples
    – Query parameters
    – URL path
    – POST parameters
    – Cookies
    – Referer header
    – Files
    – Other websites (twitter feed)
    – Emails
    Adam Doupé, Security and Vulnerability Analysis
    Understand Data Flow
    • How does the input data flow through the
    program?
    – Data on page X is displayed on page Y and
    used to calculate the result of page Z
    • How does the output of a page flow
    through the program?
    – Result of a calculation used as part of a tweet

    Adam Doupé, Security and Vulnerability Analysis


    Summary
    • First step to hacking is reconnaissance
    • Critical to understand the web application
    – Helps to decide what is a vulnerability and what
    is not!
    • Want to reverse engineer the web
    application
    – Ask yourself how would I have written this web
    application?
    – What mistakes might the developer have made?

    Adam Doupé, Security and Vulnerability Analysis

    You might also like