Security Analysis of a Web Application: Vulnerability Assessment

Verified

Added on 2022/08/24

AI Summary

This assignment details a web application security analysis conducted by a junior security analyst using the vulnerable web application Mutillidae by OWASP. The environment is set up using XAMPP, and the analysis includes network scanning with Nmap to identify open ports and potential vulnerabilities. Wireshark is used to sniff network traffic, capturing packets and demonstrating how sensitive data can be intercepted. SQL injection techniques are explored using SQLMap to identify and exploit database vulnerabilities, including listing databases, tables, and retrieving user credentials. The assignment also covers web application security models such as firewalls, IDS/IPS, and encryption, providing an overview of their functionalities and importance in securing web applications. This assignment is a practical demonstration of common web application security threats and mitigation strategies, offering a valuable learning experience in identifying and addressing vulnerabilities.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Table of Contents
SETTING UP THE ENVIRONMENT.....................................................................................................2
Installing XAMPP..........................................................................................................................2
Installing the web application to localhost..................................................................................5
NMAP Scanning...............................................................................................................................6
Wireshark sniffing............................................................................................................................8
SQL Injection using SQLMAP..........................................................................................................11
Web application security models..................................................................................................15
firewall........................................................................................................................................15
IDS and IPS.................................................................................................................................15
Encryption..................................................................................................................................15
Figure 1 launching XAMPP installation............................................................................................2
Figure 2 choosing installation components.....................................................................................3
Figure 3 choosing installation path..................................................................................................3
Figure 4 installing XAMPP................................................................................................................4
Figure 5 Allow firewall to run the app.............................................................................................4
Figure 6 Xampp control panel.........................................................................................................5
Figure 7 creating a database............................................................................................................6
Figure 8 Scanning for connected networks.....................................................................................7
Figure 9 Open ports for available networks....................................................................................8
Figure 10 starting wireshark and choosing network interface........................................................8
Figure 11 capturing packets.............................................................................................................9
Figure 12 adding user......................................................................................................................9
Figure 13 creating new user..........................................................................................................10
Figure 14 packets sent through the network................................................................................10
Figure 15 showing captured data..................................................................................................11
Figure 16 Listing database in the server........................................................................................12
Figure 17 List of database found...................................................................................................12
Figure 18 Getting list of tables in mutillidae database..................................................................12
Figure 19 List of tables found........................................................................................................13
Figure 20 command to get the columns in a table........................................................................13
Figure 21 columns found in a table...............................................................................................14
Figure 22 command to get the username and password of account table..................................14

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

SETTING UP THE ENVIRONMENT
A web application can only run on a server, this mean we need a running server to test if our
application is running. In this task I will use XAMPP a localhost server to test my application.
Installing XAMPP
We need to download XAMMP from the apache website and then install it on our local
machine. Below are the steps of installing XAMPP.
Step 1.
Double click the file you have downloaded to start XAMPP setup.
Figure 1 launching XAMPP installation
Click next to continue installation. Select all components and click next.

Figure 2 choosing installation components
Click next, and chose the installation folder. It’s advisable you use the default installation folder.
Figure 3 choosing installation path
Click next until the installation start.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Figure 4 installing XAMPP
Wait installation to finish. Allows the XAMPP app on firewall and finish the installation
Figure 5 Allow firewall to run the app

Open the XAMPP control panel and start the Apache and MySQL services. We will use Apache
as a localhost and MySQL to host the database.
Figure 6 Xampp control panel
Installing the web application to localhost.
For the task I will be using Mutillidae by OWASP as a test bed. We will save project on the root
folder of XAMPP installation. The root folder for XAMPP is called Htdocs, this is where all web
application are saved.
Configuring the database
The next step will be to create a database for our application. We will open the phpMyAdmin
page on the browser. We will configure the username and the password for the database and
create a new database with the name of mutillidae. Finally, we will set the tables for the
database by starting the mutilldae website. We run the localhost/mutillidae URL on our
browser. The database will be populated with tables shown in the figure below.

Figure 7 creating a database
NMAP Scanning
Nmap has different type of functions that it can perform. We will first start by scanning the host
on the connected network. This will allow us to get the IP address of the machine we are
targeting. If we have the IP address we can use it o access the web application.
We will use the Nmap -Pn 192.168.0.0/24 command to get the list of online host. This
command is fast as it will skip scanning or host (Jeff, 2019). Below is the result of that command

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Figure 8 Scanning for connected networks
The command shows the IP address of host connected to the network. Each host shows the
number of ports that are available. The ports has the state and the services they perform. We
can use this information to identify the host we will target.
The host with the IP address 192.168.0.14 has 7 open ports. We have port 80 which listens to
http request. The most interesting port is port 3306 which listens to MySQL requests. The port
is open meaning the host is vulnerable to attack.
Having identified the host and the ports that are vulnerable we can check for the operating
system being used by the target host. We have different command to identify the host OS. The
simple command is the use of -O command. We can use more advance option like osscan-guess
which will aggressively guess the OS.

Figure 9 Open ports for available networks
The command tried to guess the operating system of the host. The result was a window
operating system which matches the host operating system.
Having the host name, number of open ports on the host and the operating system. It can be
easy for us to plan for an attack (Jeff, 2019).
Wireshark sniffing
Wireshark is used to sniff the packets sent or received by http requests. We can use Wireshark
to track packet sent over the network. Having the knowledge of the host we are targeting we
can use the host IP address to trace the packets received or sent (Jeff, 2019).
We will use a vulnerable simple website to demonstrate how sniffing can be done using
Wireshark. First we need to start Wireshark (Jeff, 2019).
Figure 10 starting Wireshark and choosing network interface
We will start by choosing a network interface. We will choose WIFI interface because it is the
one, we are using to connect to our host (Wireshark.org, n.d.). Click the blue shark fin to begin
capturing.
Next open the website on your browser the one you want to capture data. Check your
Wireshark app to get the packets captured.

Figure 11 capturing packets
The figure represent the packets captured including the source and destination of the packets
the protocol used, length of each protocol and the time sent. We will use a simple website to
demonstrate how man in the middle can access data sent by users.
Figure 12 adding user
We will use the submit form to capture the data when users try to register.
We will capture the HTTP request by the source to the destination which is the machine am
using. We will use the data sent by user as shown in the figure below.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Figure 13 creating new user
On Wireshark, we can select the packet we want to view. Right click on it and follow. This will
show the packet sent.
Below is the packet captured by accessing the home page of the site
Figure 14 packets sent through the network
If we submit the form we can capture the data sent by the user. The figure below show the user
input that was submitted through a form.

Figure 15 showing captured data
The above figure shows the http method at the top which is the post method. It shows the
source of the packets which is 192.168.0.14. At the middle of the page before the beginning of
text with blue color, the packet shows the data sent by user. It includes the name which is
“great world” and the email problem@all.cor. This is a way of capturing sensitive data sent by
users. We can use wireshark to capture the source of the web pages which can be used to
create fake website.
SQL Injection using SQLMAP
SQLMap is an open source tool that automate the process of exploiting and detecting
vulnerabilities in SQL injection. Attackers can use SQL injection to manipulate data and to take
over the databases on the server.

We will start by running the following command that will try to list all databases in the database
server (sqlmap.org, n.d.).
$ python sqlmap.py -u https://192.168.0.13/shopping/product.php?id=3 –dbs
Figure 16 Listing database in the server
When running the command it will try to connect to the database. It will retrieve the all
databases if the provided URL is correct and it has an active connection. Below is the result of
above command.
Figure 17 List of database found
The command has listed all available databases in the server. The next step will be to find the
tables in a specific databases. We will try to get list of tables in in mutillidae database.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Figure 18 Getting list of tables in mutillidae database
Figure 19 List of tables found
We now have the name of tables in the database mutillidae. The next step will to find the
columns in a table. The account table looks like it have some important data that we can use to
manipulate the database (Hacker Market, 2019).
Figure 20 command to get the columns in a table

Figure 21 columns found in a table
We will try to retrieve the list of usernames and their passwords in the accounts table using the
command below.
Figure 22 command to get the username and password of account table
Now we will use the data we have found to login to the website.

Web application security models
firewall
Firewall is a security model designed to prevent unauthorized access from a private network.
Firewall is implemented in form of hardware or software or combining both hardware and
software. Firewall examines the message sent to the private network to check if they meet the
criteria. It accepts only those message that pass the criteria and blocks those that don’t meet
(Indiana university, 2019).
There are several types of firewall, Packet filtering which filter packets sent and received by the
network. The user can set rules in which the firewall can apply to filter packets. If the packet
sent does not meet the rules sent firewall rejects the packets and accept the packets if they
meet set rules (Indiana university, 2019).
IDS and IPS
IDS/IPS is a network infrastructure that is used to compare packets sent with those saved in a
cyberthreat database (Petters, 2018). IDS is only used to detect the packets by comparing them
with the cyber threat database while IPS is which is on the same network deny the network
traffic that pose a threat to the system.
Encryption
Encryption is used to transform plain text to secret codes to hide the true meaning of the text.
Encryption provides confidentiality by encoding the data, authentication to prove the origin of
the data, and integrity which proves the content of data has not changed (Rouse, 2019).
References
Hacker Market, 2019. SQLMap Tutorial. [Online]
Available at: https://hackertarget.com/sqlmap-tutorial/
[Accessed 17 March 2020].
Indiana university, 2019. Knowledge Base. [Online]
Available at: https://kb.iu.edu/d/aoru
[Accessed 16 March 2020].
Jeff, P., 2019. How to Use Nmap: Commands and Tutorial Guide. [Online]
Available at: https://www.varonis.com/blog/nmap-commands/
[Accessed 13 March 2020].
Jeff, P., 2019. How to Use Wireshark: Comprehensive Tutorial + Tips. [Online]
Available at: https://www.varonis.com/blog/how-to-use-wireshark/
[Accessed 13 march 2020].