Session Tokens represent confidential information because they tie the user identity with his own session. It's possible to
test if the session token is exposed to this vulnerability and try to create a replay session attack.
5. Session Management-005
Cross Site Request Forgery describes a way to force an unknowing user to execute unwanted actions on a web application
in which he is currently authenticated. This section describes how to test an application to find this kind of vulnerability.
Authorization is the concept of allowing access to resources only to those permitted to use them. Testing for Authorization
means understanding how the authorization process works, and using that information to circumvent the authorization
mechanism. Authorization is a process that comes after a successful authentication, so the tester will verify this point after
he holds valid credentials, associated with a well-defined set of roles and privileges. During this kind of assessment, it
should be verified if it is possible to bypass the authorization schema, find a path traversal vulnerability, or find ways to
escalate the privileges assigned to the tester.
The following are the steps I have done :
1. Authorization Testing-001
First, we test if it is possible to find a way to execute a path traversal attack and access reserved information.
2. Authorization Testing-002
This kind of test focuses on verifying how the authorization schema has been implemented for each role/privilege to get
access to reserved functions/resources.
type in url https://www.akakom.ac.id/admin/addUser.jsp
3. Authorization Testing-003
During this phase, the tester should verify that it is not possible for a user to modify his or her privileges/roles inside the
application in ways that could allow privilege escalation attacks.
Testing for business logic flaws in a multi-functional dynamic web application requires thinking in unconventional ways. If
an application's authentication mechanism is developed with the intention of performing steps 1,2,3 in order to
authenticate, what happens if you go from step 1 straight to step 3? In this simplistic example, does the application provide
access by failing open, deny access, or just error out with a 500 message? There are many examples that can be made, but
the one constant lesson is "think outside of conventional wisdom". This type of vulnerability cannot be detected by a
vulnerability scanner and relies upon the skills and creativity of the penetration tester. In addition, this type of vulnerability
is usually one of the hardest to detect, but, at the same time, usually one of the most detrimental to the application, if
exploited.
Tidak ada komentar:
Posting Komentar