Types of Web Application Attacks

Penetration Testing Wiki

Server-Side Attacks

Client-Side Attacks

  • XSS (Cross-Site Scripting)
  • CSRF (Cross-Site Request Forgery)

HTTP headers security

  • HSTS (HTTP Strict Transport Security) Protects against Man-in-the-Middle, downgrade attacks and cookie hijacking in the webbrowser
  • CORS (Cross-origin resource sharing) Protects cross-domain XHR calls to prevent XSS in the webbrower
  • CSP (Content Security Policy) https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy Controls which origins and scripts the user agents loads to prevent XSS in the webbrowser

Authentication protocols

SAML Atacks

SAML: Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. As its name implies, SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). The single most important use case that SAML addresses is web browser single sign-on (SSO).

Attacks on SAML protocol

PHP Attacks

Payloads to test injections:

{phpinfo()}.txt
{${phpinfo()}}.txt
{sleep(5)}.txt
NULL byte in octal: \400
NULL byte in hex: \x00

Tricky php file uploads extensions for bypassing restrictions:

.php3
.php4
.php5
.pht

JavaScript Attacks

Meteor Framework

Meteor.connection._methodHandlers

Reference:
https://www.offensive-security.com/offsec/wekan-authentication-bypass/

More payloads: https://github.com/defensahacker/spinfuzz (Fuzzing lists for webapp pentesting)