Completed
APPROACH FOR PENETRATION TESTERS
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Web Application Firewall Bypassing - DefCamp - 2016
Automatically move to the next video in the Classroom when playback concludes
- 1 DefCamp Web Application Firewall Bypassing - an approach for pentesters SECURITY CONSULTANT EUROSEC - SECURITY SINCE 1998
- 2 NORMALIZATION FUNCTIONS Simplifies the writing of rules • No Knowledge about different forms of input needed
- 3 INPUT VALIDATION Security Models define how to enforce rules • Rules consist of regular expressions • Three Security Models: 1. Positive Security Model 2. Negative Security Model 3. Hybrid Security M…
- 4 Bypassing Methods and Techniques
- 5 SKIPPING PARAMETER VERIFICATION PHP removes whitespaces from parameter names or transforms them into underscores
- 6 APPROACH FOR PENETRATION TESTERS
- 7 PHASE O - DISABLE WAF Objective find security flaws in the application more easily assessment of the security level of an application is more accurate
- 8 RECONNAISSANCE Objective: Gather information to get a overview of the target - Basis for the subsequent phases Gather information about - web server programming language - WAF & Security Model - Inte…
- 9 ATTACKING THE PRE-PROCESSOR Objective make the WAF skip input validation • Identify which parts of a HTTP request are inspected by the WAF to develop an exploit: 1. Send individual requests that diff…
- 10 FINDING AN IMPEDANCE MISMATCH Objective make the WAF interpret a request differently than the back end and therefore not detecting it Knowledge about back end technologies is needed
- 11 BYPASSING THE RULE SET Objective. find a payload that is not blocked by the WAFs rule
- 12 OTHER VULNERABILITIES Objective find other vulnerabilities that can not be detected by the WAF • Broken authentication mechanism . Privilege escalation
- 13 AFTER THE PENTEST Objective: Inform customer about the vulnerabilities • Advise customer to fix the root cause of a vulnerability . For the time being the vulnerability should be virtually patched by…