Security Analysis of a Web Application: Vulnerability Assessment

Verified

Added on 2022/08/24

AI Summary

This assignment details a web application security analysis conducted by a junior security analyst using the vulnerable web application Mutillidae by OWASP. The environment is set up using XAMPP, and the analysis includes network scanning with Nmap to identify open ports and potential vulnerabilities. Wireshark is used to sniff network traffic, capturing packets and demonstrating how sensitive data can be intercepted. SQL injection techniques are explored using SQLMap to identify and exploit database vulnerabilities, including listing databases, tables, and retrieving user credentials. The assignment also covers web application security models such as firewalls, IDS/IPS, and encryption, providing an overview of their functionalities and importance in securing web applications. This assignment is a practical demonstration of common web application security threats and mitigation strategies, offering a valuable learning experience in identifying and addressing vulnerabilities.

Table of Contents
SETTING UP THE ENVIRONMENT.....................................................................................................2
Installing XAMPP..........................................................................................................................2
Installing the web application to localhost..................................................................................5
NMAP Scanning...............................................................................................................................6
Wireshark sniffing............................................................................................................................8
SQL Injection using SQLMAP..........................................................................................................11
Web application security models..................................................................................................15
firewall........................................................................................................................................15
IDS and IPS.................................................................................................................................15
Encryption..................................................................................................................................15
Figure 1 launching XAMPP installation............................................................................................2
Figure 2 choosing installation components.....................................................................................3
Figure 3 choosing installation path..................................................................................................3
Figure 4 installing XAMPP................................................................................................................4
Figure 5 Allow firewall to run the app.............................................................................................4
Figure 6 Xampp control panel.........................................................................................................5
Figure 7 creating a database............................................................................................................6
Figure 8 Scanning for connected networks.....................................................................................7
Figure 9 Open ports for available networks....................................................................................8
Figure 10 starting wireshark and choosing network interface........................................................8
Figure 11 capturing packets.............................................................................................................9
Figure 12 adding user......................................................................................................................9
Figure 13 creating new user..........................................................................................................10
Figure 14 packets sent through the network................................................................................10
Figure 15 showing captured data..................................................................................................11
Figure 16 Listing database in the server........................................................................................12
Figure 17 List of database found...................................................................................................12
Figure 18 Getting list of tables in mutillidae database..................................................................12
Figure 19 List of tables found........................................................................................................13
Figure 20 command to get the columns in a table........................................................................13
Figure 21 columns found in a table...............................................................................................14
Figure 22 command to get the username and password of account table..................................14

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SETTING UP THE ENVIRONMENT
A web application can only run on a server, this mean we need a running server to test if our
application is running. In this task I will use XAMPP a localhost server to test my application.
Installing XAMPP
We need to download XAMMP from the apache website and then install it on our local
machine. Below are the steps of installing XAMPP.
Step 1.
Double click the file you have downloaded to start XAMPP setup.
Figure 1 launching XAMPP installation
Click next to continue installation. Select all components and click next.

Figure 2 choosing installation components
Click next, and chose the installation folder. It’s advisable you use the default installation folder.
Figure 3 choosing installation path
Click next until the installation start.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Figure 4 installing XAMPP
Wait installation to finish. Allows the XAMPP app on firewall and finish the installation
Figure 5 Allow firewall to run the app

Open the XAMPP control panel and start the Apache and MySQL services. We will use Apache
as a localhost and MySQL to host the database.
Figure 6 Xampp control panel
Installing the web application to localhost.
For the task I will be using Mutillidae by OWASP as a test bed. We will save project on the root
folder of XAMPP installation. The root folder for XAMPP is called Htdocs, this is where all web
application are saved.
Configuring the database
The next step will be to create a database for our application. We will open the phpMyAdmin
page on the browser. We will configure the username and the password for the database and
create a new database with the name of mutillidae. Finally, we will set the tables for the
database by starting the mutilldae website. We run the localhost/mutillidae URL on our
browser. The database will be populated with tables shown in the figure below.

Figure 7 creating a database
NMAP Scanning
Nmap has different type of functions that it can perform. We will first start by scanning the host
on the connected network. This will allow us to get the IP address of the machine we are
targeting. If we have the IP address we can use it o access the web application.
We will use the Nmap -Pn 192.168.0.0/24 command to get the list of online host. This
command is fast as it will skip scanning or host (Jeff, 2019). Below is the result of that command

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Figure 8 Scanning for connected networks
The command shows the IP address of host connected to the network. Each host shows the
number of ports that are available. The ports has the state and the services they perform. We
can use this information to identify the host we will target.
The host with the IP address 192.168.0.14 has 7 open ports. We have port 80 which listens to
http request. The most interesting port is port 3306 which listens to MySQL requests. The port
is open meaning the host is vulnerable to attack.
Having identified the host and the ports that are vulnerable we can check for the operating
system being used by the target host. We have different command to identify the host OS. The
simple command is the use of -O command. We can use more advance option like osscan-guess
which will aggressively guess the OS.

Figure 9 Open ports for available networks
The command tried to guess the operating system of the host. The result was a window
operating system which matches the host operating system.
Having the host name, number of open ports on the host and the operating system. It can be
easy for us to plan for an attack (Jeff, 2019).
Wireshark sniffing
Wireshark is used to sniff the packets sent or received by http requests. We can use Wireshark
to track packet sent over the network. Having the knowledge of the host we are targeting we
can use the host IP address to trace the packets received or sent (Jeff, 2019).
We will use a vulnerable simple website to demonstrate how sniffing can be done using
Wireshark. First we need to start Wireshark (Jeff, 2019).
Figure 10 starting Wireshark and choosing network interface
We will start by choosing a network interface. We will choose WIFI interface because it is the
one, we are using to connect to our host (Wireshark.org, n.d.). Click the blue shark fin to begin
capturing.
Next open the website on your browser the one you want to capture data. Check your
Wireshark app to get the packets captured.

Figure 11 capturing packets
The figure represent the packets captured including the source and destination of the packets
the protocol used, length of each protocol and the time sent. We will use a simple website to
demonstrate how man in the middle can access data sent by users.
Figure 12 adding user
We will use the submit form to capture the data when users try to register.
We will capture the HTTP request by the source to the destination which is the machine am
using. We will use the data sent by user as shown in the figure below.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Figure 13 creating new user
On Wireshark, we can select the packet we want to view. Right click on it and follow. This will
show the packet sent.
Below is the packet captured by accessing the home page of the site
Figure 14 packets sent through the network
If we submit the form we can capture the data sent by the user. The figure below show the user
input that was submitted through a form.

Figure 15 showing captured data
The above figure shows the http method at the top which is the post method. It shows the
source of the packets which is 192.168.0.14. At the middle of the page before the beginning of
text with blue color, the packet shows the data sent by user. It includes the name which is
“great world” and the email problem@all.cor. This is a way of capturing sensitive data sent by
users. We can use wireshark to capture the source of the web pages which can be used to
create fake website.
SQL Injection using SQLMAP
SQLMap is an open source tool that automate the process of exploiting and detecting
vulnerabilities in SQL injection. Attackers can use SQL injection to manipulate data and to take
over the databases on the server.