Posts

Featured Post

SAML Security Test Cases

Signature Exclusion Attack -Test whether or not the SP accepts an Assertion without a Signature  Signature Spoofing attack -Test whether SP accepts fake signature or using previously generated/invalid signature Signature Wrapping Attack (8 Different Ways)-Test whether or not the SP is susceptible to Signature Wrapping XML Injection -Test if can inject malicious code into the SAML response from IDP, allowing them to execute arbitrary code on the SP server. XML Entity Expansion (XEE)/XXE -Test whether or not the SP is vulnerable to XML External Entities Replay attacks -Test if previously generated SAML response from IDP can be accepted by SP Certificate Faking/Self signed certificate -Test whether or not the SP verifies that the Assertion came from a trusted IDP/Test if SP accepts self-signed certificate XSLT Injection -Test whether or not the SP is vulnerable to XSLT Predictable signature -Test whether IDP generating guessable signature SAML message expiration -Test whether SP accepts
Post a Comment
Read more

File Upload Security Testing Checklists

  Security Checklist Are filenames reflected back on the page? If so, are they HTML Entity encoded (XSS via file names)? Does it accept .zip files? Try a  ZipSlip If it processes an image, check for  Image Tragick (CVE-2016-3714) Can you bypass file type restrictions by changing the content-type value? Can you bypass file type restrictions by  forging valid magic bytes ? Can you upload a file with a less-common extension (such as .phtml)? Try playing with the filename in the request, a potential vector for traversal or SQL injection. Check for the acceptance of double extensions on uploaded files. Test for  null-byte injection . Is the server windows? Try adding a  trailing  .  to bypass extension blacklists , this dot will be removed automatically by the OS. Can you upload an  SVG for XSS ? If supported by the webserver, can you  upload .htaccess files ? Does the backend process the image with the  PHP GD library ? Is the app vulnerable to the  infamous ffmpeg exploit ? Can custom pol
Post a Comment
Read more

JWT security test cases

Image
 
Post a Comment
Read more

10 Essential Tips for Personal Cybersecurity

Introduction : Cybersecurity is a critical aspect of our digital lives. As we rely more on the internet for work, communication, and entertainment, the need to protect ourselves from cyber threats becomes increasingly important.  In this blog post, we will share ten essential tips to enhance your personal cybersecurity and keep your digital life safe.  1. Strong Passwords : Use complex, unique passwords for each online account. Consider using a password manager to generate and store passwords securely.  2. Two-Factor Authentication (2FA) : Enable 2FA wherever possible to add an extra layer of security to your accounts. Use authentication apps or physical security keys for 2FA.   3. Keep Software Updated : Regularly update your operating system, applications, and antivirus software to patch vulnerabilities.   4. Be Wary of Phishing Attacks: Learn to recognize phishing emails and messages. Never click on suspicious links or download attachments from unknown sources.  5. Use a Secure
Post a Comment
Read more

Test Cases for Payment Gateway Security Testing

  Threats Test Page Test Name An adversary can tamper with parameters in HTTP requests and responses to manipulate transactions Pages between Merchant and Payment Gateway page Tamper the amount value in request to Payment Gateway Change the amount as well as its generated hash value with lesser amount and its corresponding hash value. Change the quantity of the product to a higher value check if amount value is encoded or encrypted. If encoded, decode the amount, change it and encode it again or replace it with lower value encoded amount. Change the product (through product id or description) to a higher value product. Is hash/integrity verification done only on limited parameters? Any where in site Check if sensitive information is being disclosed in error page or source code. An adversary can manipulate transactions made through a payment gateway Pages before the payment gateway Change the amount that is to be paid before the request hits the payment gateway. Page/Request after the p
Post a Comment
Read more

Simulating SYN Flooding Attack(DOS)

Image
  Basic 3 way TCP Handshake: State during Sync flooding attack   Example of DDOS attack with hping3  and kali linux: Note:  In this case both attacker’s system and victim server are in same network . Step#1: Victim server: 192.168.1.100 Step#2: Attacker’s system: 192.168.1.102 Step#3: Install hping3 in kali using below command # sudo apt-get install hping3 Step#4: Now, attacker will use hping3 or another tool to spoof IP random addresses, The using below command start and direct the SYN flood attack to our target (192.168.1.100): # hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.1.100 Now SYN flooding attack has started. Let’s explain in detail the above command: -c 150000 : Indicates that we are sending 15000 packets -d 120 : Indicates each packet is of 120 bytes -S : Specifying SYN flag should be enabled. -w 64: Indicates TCP window size of 64 -p 80: Specifying port to attack victims webserver at port 80 --rand-source: Used to generate spoofed IP address
Post a Comment
Read more

Directory Traversal and Source code disclosure vulnerability

Image
 (What's the main issue in the application?) The web server exposes a Source Code via version control system - Git. The Directory Listing feature that was enabled on the server side is discloses the directories that stores sensitive files that are related to the Source Code (Who can access? What are the possible risks) An external attacker may download the source code and disclose sensitive information regarding the development and possibly other sensitive data. In the application I found two ways of disclosing source code. Instance#1: After performing nikto I found directories as shown  An attacker may use automated tools to discover, download and extract git repositories. https://github.com/internetwache/GitTools Note: Due to the fact that the server has Directory Listing feature enabled, makes even easier to download the git repositories using simple wget command. wget --mirror -I .git TARGET.COM/.git/ Instance#2:  The attacker may run Directory Fuzzing attack and disclose direc
Post a Comment
Read more