EXPERIMENT TOPIC SIGN

NO
1 a) Make a list of OWASP top 10 vulnerabilities.
b) Make a list of tools that are available to scan and report vulnerabilities in web
applications and network .
c) Make a comparative List of Static code analysis tools for Vulnerability detection
in web application and mobile application
d) Make a comparative List of dynamic code analysis tools for Vulnerability
detection in web application and mobile application
e) Make a List of penetration testing tools web application and mobile application
2 a) Demonstrate command Injection
b) Demonstrate Various forms of XSS attack
c) Demonstrate File inclusion attack
d) Demonstrate Various forms of SQL injection.
e) For all above , modify / correct code and remove all above vulnerabilities
3 Install a web server and configure it to ensure webserver foot printing and
fingerprinting is not available.
 EXPERIMENT 1

A) Make a list of OWASP top 10 vulnerabilities.

The Open Web Application Security Project, or OWASP, is an international non-profit organization dedicated to web
application security. One of OWASP’s core principles is that all of their materials be freely available and easily accessible on
their website, making it possible for anyone to improve their own web application security. OWASP Top 10 Application
Security Risks – 2017

A1:2017-Injection
Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a
command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing data
without proper authorization.

A2:2017-Broken Authentication
Application functions related to authentication and session management are often implemented incorrectly, allowing attackers
to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users' identities
temporarily or permanently.

A3:2017-Sensitive Data Exposure

Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may
steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be
compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when
exchanged with the browser.

A4:2017-XML External Entities (XXE)

Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities
can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code
execution, and denial of service attacks.

A5:2017-Broken Access Control

Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws
to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users'
data, change access rights, etc.
A6:2017-Security Misconfiguration
Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations,
incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing
sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but
they must be patched/upgraded in a timely fashion.

A7:2017-Cross-Site Scripting (XSS)

XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or
updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows
attackers to execute scripts in the victim's browser which can hijack user sessions, deface web sites, or redirect the user to
malicious sites.

A8:2017-Insecure Deserialization
Insecure deserialization often leads to remote code execution. Even if deserialization flaws do not result in remote code
execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks.

A9:2017-Using Components with Known Vulnerabilities

Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a
vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications and APIs
using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts.

A10:2017-Insufficient Logging & Monitoring

Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further
attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to
detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.
b) Best Vulnerability Assessment Tools
1) Netsparker: Netsparker is a dead accurate automated scanner that will identify vulnerabilities such as SQL Injection
and Cross-site Scripting in web applications and web APIs.
Netsparker uniquely verifies the identified vulnerabilities proving they are real and not false positives. Therefore you do
not have to waste hours manually verifying the identified vulnerabilities once a scan is finished. It is available as a
Windows software and as online service.

2) Acunetix: Acunetix is a fully automated web vulnerability scanner that detects and reports on over 4500 web
application vulnerabilities including all variants of SQL Injection and XSS.
The Acunetix crawler fully supports HTML5 and JavaScript and Single-page applications, allowing auditing of complex,
authenticated applications.

It bakes in advanced Vulnerability Management features right-into its core, prioritizing risks based on data through a
single, consolidated view, and integrating the scanner’s results into other tools and platforms.

3) Intruder : Intruder is a proactive vulnerability scanner that scans you as soon as new vulnerabilities are released. In
addition, it has over 10,000 historic security checks, including for WannaCry, Heartbleed and SQL Injection.
Integrations with Slack and Jira help notify development teams when newly discovered issues need fixing, and AWS
integration means you can synchronize your IP addresses to scan.

The Intruder is popular with startups and medium-sized businesses as it makes vulnerability management easier for small
teams.

4) Probely: Probely scans your Web Applications to find vulnerabilities or security issues and provides guidance on how to
fix them, having Developers in mind.
Probely not only features a sleek and intuitive interface but also follows an API-First development approach, providing all
features through an API. This allows Probely to be integrated into Continuous Integration pipelines in order to automate
security testing.

Probely covers OWASP TOP10 and thousands of more vulnerabilities. It can also be used to check specific PCI-DSS,
ISO27001, HIPAA and GDPR requirements.

5) AppTrana
Company Name: Indusface
AppTrana: Indusface WAS is an automated web application vulnerability scanner that detects and reports vulnerabilities
based on OWASP top 10.
The company is headquartered in India with offices in Bengaluru, Vadodara, Mumbai, Delhi, and San Francisco and their
services are used by 1100+ customers across 25+ countries globally.
Features

 New age crawler to scan single page applications.

 Pause and resume feature
 Additional Manual Penetration testing and publish the report in the same dashboard
 Proof of concept request to provide evidence of reported vulnerability and eliminate false positive
 Optional integration with the Indusface WAF to provide instant virtual patching with Zero False positive
 Ability to automatically expand crawl coverage based on real traffic data from the WAF systems (in case WAF is
subscribed and used)
 24×7 support to discuss remediation guidelines and POC
 Free trial with a comprehensive single scan and no credit card required

6) ManageEngine Vulnerability Manager Plus: Vulnerability Manager Plus is an on-premise threat and vulnerability
management solution that empowers IT administrators and security teams with an integrated console to secure to
systems and servers across local and remote offices, roaming devices as well as closed network (DMZ) machines.
With Vulnerability Manager Plus, you can:
 Continuously monitor your network for existing and emerging vulnerabilities.
 Prioritize vulnerabilities that are more likely to be exploited with a vulnerability assessment.
  Audit antivirus and firewall protection, and get rid of open shares, unauthorized users, weak passwords, legacy
protocols, and other misconfigurations, with Security Configuration Management.
 Customize and automate patching for Windows, macOS, Linux, and over 250 third-party applications with built-in
Patch Management.
 Safeguard your internet-facing servers from many attack variants, like XSS, clickjacking, and brute-force attacks,
with Web Server Hardening.
 Detect and eliminate unauthorized and unsupported software in your network.
Vulnerability Manager Plus is an easy-to-implement, remotely deployable agent-based software with an intuitive UI that
doesn't demand skilled professionals or extensive training.

=> Visit Vulnerability Manager Plus website

#7) OpenVAS

From the name itself, we can come to the conclusion that this tool is an open source tool. OpenVAS serves as a central
service that provides tools for both vulnerability scanning and vulnerability management.

 OpenVAS services are free of cost and are generally licensed under GNU General Public License (GPL)
 OpenVAS supports various operating systems
 The scan engine of OpenVAS is updated with the Network Vulnerability Tests on a regular basis
 OpenVAS scanner is a complete vulnerability assessment tool that is used to spot issues related to security in the
servers and other devices of the network
You can visit the official website from here and download this tool.

#8) Nexpose Community

Nexpose vulnerability scanner which is an open source tool is developed by Rapid7 is used to scan the vulnerabilities and
perform various network checks.

 Nexpose is used to monitor the exposure of vulnerabilities in real-time, familiarize itself to new hazards with fresh
data
 Generally, most of the vulnerability scanners categorize the risks using a high or medium or low scale
 Nexpose considers the age of the vulnerability like which malware kit is used in it, what advantages are used by it
etc. and fix the issue based on its priority
 Nexpose automatically detects and scans the new devices and assess the vulnerabilities when they access the
network
 Nexpose can be integrated with a Metaspoilt framework
Free trial of this tool is available here

#9) Nikto

Nikto is a very admired and open source web scanner used to assess the probable issues and vulnerabilities.
  Nikto is used to carry out wide-ranging tests on web servers to scan various items like few hazardous programs or
files
 Nikto is also used to verify the server version’s whether they are outdated, and also checks for any specific
problem that affects the server’s functioning
 Nikto is used to scan various protocols like HTTP, HTTPS, HTTPd etc. Using this tool one can scan multiple ports of
a particular server
 Nikto is not considered as a quiet tool. It is used to test a web server in the least possible time
To learn more about this tool, you can visit the official website from here.
#10) Tripwire IP360

Tripwire Inc is an IT Security Company famous for its security configuration management products. Tripwire IP360 is its
main vulnerability management product.

 Tripwire IP360 is the world’s foremost vulnerability assessment solution that is used by various agencies and
enterprises to administrate their security risks
 Using the open standards, tripwire IP360 enables the integration of risk management and vulnerability into
multiple processes of the business
 Tripwire IP360 offers low bandwidth solution, non-disturbing, and agentless network profiling
 Using a wide-ranging view of networks, tripwire IP360 notices all the vulnerabilities, applications, configurations,
network hosts etc.
#11) Wireshark

Wireshark is the world’s leading and extensively used network protocol analyzer.

 Wireshark is used across various streams like educational institutions, government agencies, and enterprises to
look into the networks at a microscopic level
 Wireshark has a special feature like it captures the issues online and performs the analysis offline
 Wireshark runs on various platforms like Windows, Linux, Mac, and Solaris.
 Wireshark has the capability of deeply inspecting many protocols
 Among the security practitioners toolkit, Wireshark is the most powerful tool
For downloading and further queries or information on this tool, access from here.

#12) Aircrack

Aircrack is also called as Aircrack-NG which is a set of tools used to assess the WiFi network security.

 Aircrack focuses on various areas of WiFi Security like monitoring the packets and data, replay attacks, testing the
drivers and cards, Cracking.
 Aircrack is a cracking agenda that purposely aims WPA-PSK and WEP keys
 Using Aircrack we can retrieve the lost keys by capturing the data packets
 Aircrack tools are also used in a network auditing
 Aircrack supports multiple OS like Linux, Windows, OS X, Solaris, NetBSD.
Check out the website from here for further information on Aircrack-NG tool.
#13) Nessus Professional

Nessus is patented and branded vulnerability scanner developed by Tenable Network Security.

 This tool has been installed and used by millions of users throughout the world for vulnerability assessment,
configuration issues.
 Nessus is used to prevent the networks from the penetrations made by hackers by assessing the vulnerabilities at
the earliest
 Nessus supports wide-range of OS, applications, DBs, and many more network devices among cloud
infrastructure, physical and virtual networks
 Nessus is capable of scanning the vulnerabilities which allow remote hacking of sensitive data from a system
For a free trial of this tool and for further information, visit here.

#14) Retina CS Community

Retina CS is an open source and web-based console with which the vulnerability management has been centralized and
simplified.

 Using Retina CS for managing the network security can save the time, cost and effort
 Retina CS is included with automated vulnerability assessment for workstations, DBs, web applications, and
servers
 As it is an open source application, it presents complete support for virtual environments like virtual app
scanning, vCenter integration etc.
 With its feasible features like patching, compliance reporting and configuration compliance Retina CS offers an
assessment of cross-platform vulnerability
Check out the website from here for further information on Retina CS like a free trial, demo etc.

#15) Microsoft Baseline Security Analyzer (MBSA)

Microsoft Baseline Security Analyzer is a free Microsoft tool used to secure a Windows computer based on the guidelines
or specifications set by Microsoft.

 Using MBSA one can advance their security process by investigating a group of computers for any missing
updates, misconfiguration, and any security patches etc.
 Once the scanning of any system is done through MBSA, then it will present you with few solutions or suggestions
regarding fixing the vulnerabilities
 MBSA can only scan for service packs, security updates and update rollups keeping aside the Optional and Critical
updates
  MBSA is used by small-sized and medium-sized organizations for managing the security of their networks
Access the tool’s website from here.

#16) Secunia Personal Software Inspector

Secunia Personal Software Inspector is a free program used to find the security vulnerabilities on your PC and even
solving them fast.

 Secunia PSI is easy to use, quickly scans the system, enables the users to download the latest versions etc.
 Secunia PSI is mainly used to keep all the applications and programs of your PC updated
 One advantage of using this Secunia PSI is that it automatically scans the systems for updates or patches and
installs them
 Secunia PSI even identifies the insecure programs in your PC and notifies you
Explore the site from here for free download and more features on Secunia Personal Software Inspector.

Additional Vulnerability Assessment Scanning Tools

Below are a few more additional vulnerability tools that are used by a few other organizations.

#17) Nmap
Nmap (Network Mapper) is a free and an open source security scanner used to determine hosts and services on a
network by structuring the map of the computer network. Mainly used in an inventory of the networks, security auditing,
administrating the service promote agenda. For official website check here.
#18) Metasploit Framework
Metasploit is Rapid7’s penetration testing tool that works very closely with Nexpose. It is an open source framework that
validates the vulnerabilities found by Nexpose and strives in patching the same. For official website check here.
#19) Veracode
Veracode’s Vulnerability scanner is the most widely used and demanded a tool that guards your applications against
threats and attacks by conducting a deeper binary analysis. For official website check here.
#20) Nipper Studio
Nipper Studio is an advanced configuration tool used for security auditing. Using Nipper Studio one can quickly scan the
networks for vulnerabilities through which they can secure their networks and avert the attacks within minutes. For
official website check here.
#21) GFI LanGuard
GFI LanGuard is an easy-to-use administration tool for securing, condensing IT tasks, troubleshooting the networks
against vulnerabilities. This tool is used in patch management, network discovery, Port scanning and network auditing,
etc. For official website check here.
#22) Core Impact
Core Impact is an industry-leading framework used in vulnerability management activities like vulnerability scanning,
penetration security testing, etc. Using Core Impact we can allow simulated attacks across mobiles, web, and
networks. For official website check here.
#23) Qualys
Vulnerability management using Qualys helps in identifying and addressing security threats through cloud-based
solutions. Even the network auditing can be automated using Qualys. For official website check here.
#24) SAINT
SAINT (Security Administrator’s Integrated Network Tool) is used to scan computer networks for vulnerabilities and
abusing the same vulnerabilities. SAINT can even categorize and group the vulnerabilities based on their severity and
type. For official website check here.
#25) Safe3 Web Vulnerability Scanner
Safe3WVS is the most dominant and fast vulnerability scanner that uses web spider technology. This tool removes the
repeated pages while scanning which makes it a fast scanning tool. For official website check here.
#26) WebReaver
WebReaver is the security scanning tool for Mac operating system. It is a well-designed, simple, easy, automated and web
application security scanning tool. WebReaver is powered by Web security. For official website check here.
#27) Beyond Security's AVDS appliance
AVDS is a vulnerability assessment tool used to scan the networks with a large number of nodes like 50 to 2,00,000. With
this tool, each and every node is tested according to its characteristics and the respective report with its responses is
generated. For official website check here.
#28) AppScan
AppScan is powered by IBM Security for static and dynamic security auditing of applications throughout their lifecycle.
This tool is generally used to scan the web and mobile applications before deployment phase. For Official website
check here
#29) Clair
Clair is an open source program and automatic container vulnerability used for security scanning and static analysis of
vulnerabilities in apps and Docker container. For official website check here.
#30) OWASP Zed Attack Proxy
OWASP Zed Attack Proxy (ZAP) is the trendiest, admired, free and automatic security tool used for finding vulnerabilities
in web applications during its developing and testing stages. It is also used in manual security testing by pentester. For
official website check here.
#31) Burp Suite Free Edition
Burp Suite Free Edition is an open source, complete software toolkit used to execute manual security testing of web
applications. Using this tool the data traffic between the source and the target can be inspected and browsed. For official
website check here.