May 15 2023

Salt Security Achieves AWS WAF Ready Designation

Category: App Security,Information Security,Web Securitydisc7 @ 9:30 am
Salt Security Achieves AWS WAF Ready Designation

Today, API security company Salt Security announced it is now an Amazon Web Service (AWS) Web Application Firewall (WAF) Ready Partner. This service helps customers discover Partner solutions validated by AWS Partner Network (APN) Solutions Architects that integrate with AWS WAF to accelerate adoption of an enhanced and holistic security approach. AWS WAF is available to all AWS customers and all AWS Regions and can be deployed directly from the AWS console.

This partnership differentiates Salt Security as an APN member with a product that works with AWS WAF and is generally available for AWS customers. AWS WAF Ready Partners help customers quickly identify easy-to-deploy solutions that can help detect, mitigate, and analyse some of the most common internet threats and vulnerabilities.

Today, businesses of all shapes and sizes are focused on ensuring that websites and applications are protected from external threats that can lead to a loss of revenue, loss of customer trust, and loss of brand reputation. Implementing a WAF can be a challenging task that requires deep security experience that can be expensive and hard to find in-house. AWS WAF Ready Partners offer customers a simpler solution to deploying and maintaining their application layer security solution through easy-to-deploy solutions in order to detect, mitigate, and analyze some of the most common internet threats and vulnerabilities.

Gilad Barzilay, head of business development, Salt Security said: “As an AWS Software Path Partner and member of AWS ISV Accelerate Program, Salt is proud to expand our existing relationship with AWS by becoming an AWS WAF Ready Partner. Many of our customers rely on Salt to secure their APIs on AWS. By achieving these designations, we make it easier and faster for businesses to protect the APIs running on their AWS environments. Our customers benefit from our unique cloud-scale API data lake architecture, which applies AI and ML for API discovery and threat protection.”

“Deploying the Salt platform took almost no effort,” said Jason Weitzman, senior application security engineer at Xolv Technology Solutions. “It integrated quickly with our existing Cloudflare, AWS, Jira and other systems. It also started identifying errors and delivering insights on how to craft better APIs within minutes.”

The Salt platform deploys out of band, to avoid any interference with application performance or availability. The Salt platform pairs with AWS WAF as an API traffic collection point and to block detected attackers. To support the seamless integration and deployment of solutions such as the Salt platform, AWS established the AWS Service Ready Program. The program helps customers identify solutions integrated with AWS services and spend less time evaluating new tools, and more time scaling their use of solutions that are integrated with AWS services.

APIs are a hot topic among cybersecurity professionals and C-suites at the moment due to their increasingly vital business roles. Earlier this year Salt released a new API report that showed a 400% Increase in Attackers, demonstrating the prevalence.

Security of services hosted in the Cloud with Le WAF: Web Application Firewall

 InfoSec tools | InfoSec services | InfoSec books

Tags: WAF, Web Application Firewall

May 05 2023

5 WAYS TO MAKE YOUR COMPANY WEBSITE MORE SECURE

Category: Web Securitydisc7 @ 9:48 am
5 Ways to Make Your Company Website More Secure

Your company website should be protected from bugs, hackers, and other online threats. If it isn’t, it might crash, your data will be put at risk, and the company might lose a lot of money. 

WAYS TO MAKE A WEBSITE SECURE INCLUDE:

  • Using anti-malware.
  • Obtaining a Secure Sockets Layer (SSL) certificate.
  • Setting tough passwords to crack.
  • Keeping the site updated.
  • Controlling who can leave comments. 

The first step is obtaining an SSL certificate. Anti-malware helps detect malicious agents and prevent attacks. 

Make sure you look out for phishing emails and other scams. Finally, it might be a good idea to accept comments manually if you wish to enable this function on your site. Don’t forget to run regular backups.

Below, each suggestion is explored in detail. 

1. USE ANTI-MALWARE TOOLS

Some providers of this type of software offer free plans, but the more effective ones are paid. They have features like malware detection and removal, web scanning, web application firewalls, DDoS protection, vulnerability patching, and PCI compliance. 

If you choose a reliable hosting platform for your website, it will do all the work around your site’s security for you. Many hosting services provide anti-malware tools and devices as part of their plans.

2. INSTALL AN SSL CERTIFICATE  

There are a few ways to get SSL installed. Your hosting company might have a free certificate with your plan. Platforms like WordPress typically have this option too. A high-quality website builder will have free SSL. 

Alternatively, you can opt for a basic Let’s Encrypt SSL and install it for free. However, an advanced certificate is imperative as a guarantee of the best security level possible. The prices of these certificates vary. You can purchase them from domain registrars and hosting providers. 

The free SSL version might suffice for a startup or small company. However, if you’re processing large volumes of personal or financial data or operating a big online store, free SSL will not suffice for your needs.

3. MAKE YOUR PASSWORDS STRONGER 

It’s tempting to use simple, but easy-to-guess passwords and passphrases. You should never reuse passwords for multiple profiles. Instead, opt for a password manager and use unique ones everywhere. 

You could combine a few random but memorable phrases or use a randomly generated character sequence. Use long passwords or passphrases, and don’t use personal information in them. 

You can create a truly uncrackable password using the above and other tips. Of course, you should never share passwords with anyone. It would help if you changed them occasionally too. 

4. DISABLE AUTOMATIC COMMENTS

If you wish to enable comments on your company blog, don’t let visitors post comments directly. This makes you vulnerable to malicious links, on which other visitors to your site might click, thereby installing malware or exposing personal data. Sometimes, comments are just plain annoying.

One option is setting up the website so that comments need to be manually approved before they appear. You can use an anti-spam plugin or software or obligate people to register to leave comments. 

After a few weeks have passed, you could turn off comments on posts. 

5. KEEP YOUR WEBSITE’S SOFTWARE UPDATED

Most website builders handle security issues and software updates, so this shouldn’t concern you if you’re using a reputable one. 

WordPress and other free platforms tend to leave updates to the user. It depends on what type of hosting you choose. Managed hosting is more expensive, but the hosting provider will run updates when necessary. Unmanaged hosting is more affordable, but you’ll be responsible for the updates for your core software as well as for any installed plugins. 

  InfoSec tools | InfoSec services | InfoSec books

Tags: COMPANY WEBSITE

Apr 28 2023

YOU DON’T HAVE TO BE A SUPER HACKER TO HACK INTO MILLIONES OF WEBSITES, THIS CPANEL FLAW MAKES IT EASY FOR ANYONE

Category: Hacking,Web SecurityDISC @ 1:49 pm
You don’t have to be a super hacker to hack into milliones of websites, this cPanel flaw makes it easy for anyone

The software known as cPanel is used extensively online as a control panel for web hosting. At the time this blog article was being written, there were precisely 1.4 million exposed cPanel installations on the public internet.

The researchers found a vulnerability known as reflected cross-site scripting, which could be exploited without the need for any authentication. Additionally, the XSS vulnerability could be exploited even if the cPanel management ports (2080, 2082, 2083, and 2086) were not open to the outside world. This was the case regardless of whether or not they were exposed. This means that if your website is hosted by cPanel and runs on ports 80 and 443, it was also susceptible to the cross-site scripting vulnerability.

An invalid webcall ID that may include XSS content is at the heart of CVE-2023-29489, the vulnerability that it causes. When this content is displayed on the error page for cpsrvd, it is not appropriately escaped, thus enabling the XSS attack.

The repercussions of being susceptible to these dangers are quite concerning. Using cPanel with its default configuration allows malicious actors to run arbitrary JavaScript pre-authentication on almost any port on a web server. This is as a result of the proxy rules that enable access to the /cpanelwebcall/ directory even on ports 80 and 443, which were previously inaccessible.

The effect of this vulnerability is that they are able to run arbitrary JavaScript, including scripts that need pre-authentication, on practically every port of a webserver that is using cPanel with its default configuration.

The proxy restrictions  are to blame for this situation. Even though it is being proxied to the cPanel administration ports by Apache on ports 80 and 443, they were still able to access the /cpanelwebcall/ directory.

Because of this, an adversary may launch attacks not only against the administrative ports of cPanel but also against the apps that are operating on ports 80 and 443.

How to do professional vulnerability assessment on your website for free using Juice Shop?

An adversary may employ this cross-site scripting attack to take over the cPanel session of a legitimate user if the cPanel administration ports were exposed to the assault in the first place.

After successfully authenticating as a user of cPanel, it is often quite simple to upload a web shell in order to get command execution privileges for oneself.

Proof of Concept

For the purpose of demonstrating the vulnerability, the researchers supplied the following proof of concept URLs:

  • http://example.com/cpanelwebcall/<img%20src=x%20onerror=”prompt(1)”>aaaaaaaaaaaa
  • http://example.com:2082/cpanelwebcall/<img%20src=x%20onerror=”prompt(1)”>aaaaaaaaaaaa
  • http://example.com:2086/cpanelwebcall/<img%20src=x%20onerror=”prompt(1)”>aaaaaaaaaaaa
  • http://example.com:2082/cpanelwebcall/<img%20src=x%20onerror=”prompt(1)”>aaaaaaaaaaaa

Please don’t be concerned if you believe that this vulnerability may be affecting your website. Because the majority of cPanel installations on the internet have the auto-update capability activated, it’s possible that you are no longer at risk of being exploited even if you don’t apply a patch. Upgrading to any of the following versions of cPanel or above will eliminate the risk associated with this vulnerability:

11.109.9999.116
11.108.0.13
11.106.0.18
11.102.0.31

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Hacking Websites

Apr 20 2023

DANGEROUS 0 DAY VULNERABILITY IN GOOGLE CHROME

Category: Security vulnerabilities,Web SecurityDISC @ 7:56 am
Dangerous 0 day vulnerability in Google Chrome : CVE-2023-2136

DANGEROUS 0 DAY VULNERABILITY IN GOOGLE CHROME : CVE-2023-2136

The previous week, Google put out an emergency security fix for its browser, and today, the company rolled out another emergency security update to address a vulnerability that is being exploited in the wild.
The update is now available for desktop versions of Google Chrome as well as the Android version of Chrome. Users are encouraged to install updates as soon as they are made available in order to safeguard their devices against prospective attacks that exploit these vulnerabilities.

Google has listed five of the eight security problems that were addressed in the most recent version to Google Chrome. Google says that these issues have been handled. The official Chrome Releases blog has provided documentation of these recent improvements. On the other hand, Google does not make publicly known the security flaws that were found during the company’s own internal investigations.

Out-of-bounds memory access in the Service Worker API is a high-risk vulnerability (CVE-2023-2133).

Out-of-bounds memory access in the Service Worker API is a high-risk vulnerability (CVE-2023-2134).


Use after free in DevTools is a high-risk vulnerability (CVE-2023-2135).

Integer overflow in Skia, a high-risk vulnerability( CVE-2023-2136).


Heap buffer overflow in sqlite, rated as medium severity (CVE-2023-2137).


According to Google’s findings, the security flaw CVE-2023-2136 is being actively exploited in the wild.

A 2D graphics library called Skia, which is frequently used in web browsers, operating systems, and other software applications, has a flaw known as CVE-2023-2136, which is an integer overflow vulnerability. An integer overflow happens when an arithmetic operation results in a number that is more than the maximum limit of the integer type. This causes the value to wrap around and become either much smaller or much bigger than what was meant for it to be. An integer overflow may be avoided by ensuring that the maximum limit of the integer type is not exceeded.

New Zero Day Heap buffer overflow in GPUVulnerability in Google Chrome

This indicates that threat actors have already started exploiting this vulnerability in order to target systems and breach them. The results of a successful exploit may be somewhat variable, but they almost always involve at least one of the following: unauthorized access to sensitive information; data corruption; or even a total system takeover.

The Chrome Stable channel has been updated to version 112.0.5615.137 for Windows and Mac, and it has been updated to version 112.0.5615.135 for Android; these updates will roll out over the next few days or weeks.

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Google Chrome

Apr 10 2023

What is Server-Side Request Forgery (SSRF)?

Category: Web SecurityDISC @ 8:38 am

Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Bible-1Download

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: SSRF, SSRF cheatsheet

Apr 03 2023

Tor Project Creates New Privacy-Focused Browser using VPN Layer

Category: Information Privacy,Web SecurityDISC @ 3:18 pm
Tor Project Creates New Privacy-Focused Browser using VPN Layer

The Tor browser guarantees that your communication remains operational through a decentralized network of transfers maintained by volunteers located worldwide.

It safeguards your internet connection from prying eyes by preventing any individual from monitoring the websites you visit, shields your physical location from being disclosed to the websites you browse, and enables access to blocked websites.

Numerous reasons exist for why individuals may seek to share files anonymously, with the most prominent being the case of whistleblowers or political activists striving to avoid persecution.

When a user initiates Tor, it initially passes through the first node in the circuit chosen from a pool of 2500 out of 7000 computers referred to as the “Entry Guard.” These nodes are known for their high uptime and availability.

New Mullvad Browser

A new browser was launched today, featuring an alternative infrastructure that includes a layer of VPN support in place of the Tor network.

With the new Mullvad Browser, anyone can fully utilize the privacy features developed by the Tor Project.

“Mullvad Browser, a free, privacy-preserving web browser to challenge the all-too-prevalent business model of exploiting people’s data for profit,” Torproject said.

This could be another privacy-focused browser that does not require extensions or plugins to bolster its privacy features.

“Our goal was to give users the privacy protections of Tor Browser without Tor. For instance, the Mullvad Browser applies a “hide-in-the-crowd” approach to online privacy by creating a similar fingerprint for all of its users.”

The Mullvad Browser has a default private mode that obstructs third-party trackers and cookies while providing convenient cookie deletion options.

Mullvad aims to handle all of that for you, allowing you to open the browser with the assurance that you are not easily traceable.

“Our mission at the Tor Project is to advance human rights by building technology that protects people’s privacy, provides anonymity and helps them bypass censorship.”

“We want to free the internet from mass surveillance and a VPN alone is not enough to achieve privacy. From our perspective there has been a gap in the market for those who want to run a privacy-focused browser as good as the Tor Project’s but with a VPN instead of the Tor Network,” says Jan Jonsson, CEO at Mullvad VPN.

The Tor Project has released a statement affirming that the Tor Browser will continue to evolve and enhance its capabilities.

Dark Web Onion Sites For Anonymous Online Activities: Browse The Dark Web Safely And Anonymously

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: dark web, Privacy-Focused Browser, Tor Project

Mar 23 2023

APACHE TOMCAT VULNERABILITY LEAKS APPLICATION SESSION COOKIE TO ATTACKERS

Category: Web SecurityDISC @ 2:10 pm
Apache Tomcat vulnerability leaks application session cookie to attackers

One of the most popular and widely used web servers for Java is Apache Tomcat. It is small, simple to install, and highly pleasant for constructing Java web applications. It can also be used to create applications that are a bit more sophisticated than the conventional JSP application online since it can include JSF implementations like MyFaces, Primefaces, RichFaces, and others (standard library, defined in J2EE for the development of dynamic web applications using Java).

All of this is very beneficial, and in fact, many web application developers use it on their computers in order to be able to develop quickly and to be able to focus on what really interests them: ensuring that the logic of their Java pages and classes works as it should. All of this is very beneficial. It really is that straightforward… a software developer typically does not worry about the safety of the Tomcat server that he has installed on the computer that his employer has provided for him. In fact, the concept of security is so foreign to him that it does not even enter his mind very often. “pure Java” HTTP web server environments are made available by the Apache Tomcat server, which incorporates the technologies of Jakarta Servlet, Jakarta Expression Language, and WebSocket. These technologies allow Java code to be executed in these environments. Because of this, it is a frequently chosen option among developers who want to use Java to build online apps.

Flaw in Apache Tomcat forces server to perform DoS attacks against itself & the network

Up to and including versions 8.5.85/9.0.71/10.1.5/11.0.0-M2 of Apache Tomcat have been determined to have a vulnerability that has been rated as problematic (Application Server Software). An unidentified feature of the component known as RemoteIpFilter Handler is broken as a result of this bug. The manipulation using an unknown input results in a vulnerability involving the unsecured transmission of credentials. The user name and password are not adequately protected when they are being sent from the client to the server via the login pages, which are not using suitable security measures.

Session cookies generated by Apache Tomcat versions 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute when used in conjunction with requests received from a reverse proxy over HTTP and which had the X-Forwarded-Proto header set to https. Because of this, the user agent could send the session cookie through an unsecured connection. Hence, this might be dangerous.

The vulnerability was disclosed on March 22nd, 2023. The advisory is now available for download at lists.apache.org, where it is also shared. Since March 21st, 2023, this vulnerability has been assigned the identifier CVE-2023-28708. There is neither a technical description nor an exploit that is readily accessible to the public. The attack method has been given the designation of T1557 by the MITRE ATT&CK project.

This vulnerability may be remedied by upgrading to version 8.5.86, 9.0.72, 10.1.6, or 11.0.0-M3 respectively.

Tags: APACHE TOMCAT

Mar 14 2023

TWO VERY CRITICAL VULNERABILITIES PATCHED IN NEW APACHE HTTP SERVER UPDATE

Category: Security vulnerabilities,Web SecurityDISC @ 8:22 am
Two very critical vulnerabilities patched in new Apache HTTP Server update

Apache HTTP Server is one of the web servers that is used the most often throughout the globe. It is responsible for providing power to millions of websites and apps. Recent vulnerabilities found in the server, on the other hand, have the ability to disclose sensitive information and make it easier for attackers to carry out further attacks. The Apache HTTP Server has recently been found to contain two significant vulnerabilities, both of which are detailed below. It is imperative that you rapidly upgrade Apache HTTP Server to the most recent version in order to protect your system against the vulnerabilities described.

Apache HTTP Server request splitting vulnerability, CVE-2023-25690. This vulnerability is brought about by an issue that occurs in mod proxy whenever it is activated with a RewriteRule or ProxyPassMatch of some kind. This vulnerability might be used by a remote attacker to overcome access constraints in the proxy server, route undesired URLs to existing origin servers, and poison cache. Attacks using HTTP Request Smuggling are possible on Apache HTTP Server versions 2.4.0 through 2.4.55, if the server is configured with certain mod proxy settings. It occurs when mod proxy is enabled along with some form of RewriteRule or ProxyPassMatch. In these configurations, a non-specific pattern matches some portion of the user-supplied request-target (URL) data, and the matched data is then re-inserted into the proxied request-target utilizing variable substitution. This causes CVE-2023-25690 to be triggered. This might result in requests being split or smuggled, access rules being bypassed, and unwanted URLs being proxied to existing origin servers, all of which could lead to cache poisoning.

Zerobot botnet can now hack into Apache, Apache Spark servers

Versions of the Apache HTTP Server ranging from 2.4.30 to 2.4.55 are impacted by the problem. This attack is carried out by introducing unusual characters into the header of the origin response, which has the potential to either truncate or divide the response that is sent to the client. An attacker might take use of this vulnerability to inject their own headers into the request, causing the server to produce a split response.

Secure By Design

Tags: Apache HTTP Server

Mar 07 2023

3 simple steps to evaluate a web vulnerability scanner

Category: Web SecurityDISC @ 3:38 pm

There are many web vulnerability scanners available on the market and their performance varies widely. Here we show you how you can quickly and objectively evaluate web vulnerability scanners, to help you find the best product for detecting security issues in your web applications.

Evaluating a web vulnerability scanner can be a complex task, but here are some key factors to consider:

  1. Accuracy: The most important factor to consider is the accuracy of the scanner. A good scanner should be able to detect all types of vulnerabilities accurately, without generating false positives or negatives.
  2. Coverage: The scanner should be able to scan all areas of the web application, including dynamic and static content, as well as all types of input fields, including cookies and hidden fields.
  3. Speed: The scanner should be fast and efficient, with the ability to scan large web applications quickly.
  4. Ease of use: The scanner should be easy to use, with a user-friendly interface and clear reporting of vulnerabilities.
  5. Reporting: The scanner should generate detailed reports of vulnerabilities, with clear descriptions of each vulnerability, its severity, and recommendations for remediation.
  6. Integration: The scanner should be able to integrate with other tools, such as bug tracking systems and penetration testing tools.
  7. Support: The vendor should provide good technical support and regularly update the scanner with new vulnerability signatures and features.

It’s also important to test the scanner against known vulnerabilities to see how it performs in real-world scenarios. Additionally, comparing multiple scanners against the same web application can help identify strengths and weaknesses of each scanner.

Burp Vulnerability Scanner | Bugcrowd

It’s easy – follow these 3 simple steps:

1. Choose a web app that will make testing easy

2. Select web vulnerability scanners and scan your apps

3. Determine how well the scanners performed

https://portswigger.net/burp/enterprise/resources/how-to-evaluate-a-web-vulnerability-scanner

Previous posts on Web Security

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: web vulnerability scanner

Mar 06 2023

Browser Security report reveals major online security threats

Category: Information Security,Web SecurityDISC @ 12:27 pm
browser safety report 2022

LayerX has published its annual browser security report in which the company highlights the most prominent browser security risks of 2022. The report includes predictions and recommendations for 2023 as well.

The report focuses on Enterprise environments, but several of its key takeaways apply to small business and home environments as well. The browser security threats of 2022 make up the largest part of the document, but users find predictions, recommendations and an interesting monthly overview of major security events in the report as well.

The nine major threats that LayerX identified in 2022 were the following ones:

  • Phishing attacks via high reputation domains.
  • Malware distribution via file sharing systems.
  • Data leakage through personal browser profiles.
  • Outdated browsers.
  • Vulnerable passwords.
  • Unmanaged devices.
  • High-risk extensions.
  • Shadow SaaS.
  • MFA bypass with AiTM attacks.

Some of these are quite clear, others may require explanation. For phishing attacks, the researchers discovered that threat actors are hosting phishing URLs on legitimate SaaS platforms at an alarming rate. The rate of phishing attacks that use these legitimate platforms has increased by 1100% when compared to 2021, according to a Palo Alto Networks study.

LayerX conducted tests on how well browsers and network security tools protected against 1-day phishing sites. According to the test, the best performing browser had a catch rate of just 36%. Network security software blocked 48% of threats.

Similarly, malware is distributed via sanctioned services such as Google Drive and Microsoft OneDrive, to overcome blocks that may be in place for lesser known services and sites.

An analysis of data leakage in browsers concluded that 29% of users connected work browsers to personal profiles, and that 5.8% of identities were exposed in data breaches.

Outdated browsers are another threat to security, according to LayerX’s report. Ana analysis of 500 Chrome browsers revealed that a good number was either critically outdated or vulnerable to 1-day attacks.

Weak passwords and the reuse of passwords continue to be major issues. According to LayerX’s report, 29% of users use weak or medium strength passwords, and 11% of users reuse passwords regularly. The company noticed that 29% browser profiles were personal and set to sync.

Web browser extensions are another attack vector, as they “can grant excessive permissions once installed”. A recent Incogni study found that almost half of the analysed browser extensions posted either a high security or privacy risk.

The report includes an overview of browser security highlights of the year 2022. It is an interesting account that lists major security events in 2022. Some of these involved attacks, like the January 2022 video player attack that stole credit card information from over a hundred sites. Others highlight security advances, like the passwordless logins announcement by major tech companies in May, or the end of Internet Explorer in June.

The report ends with four predictions and recommendations. Predictions include that browsers will become “the main attack surface”, that attacks will “be increasingly SaaS-based and less file-based”, and that malicious web pages “will become more sophisticated”.

Closing Words

The report offers insights on the browser threat landscape of 2022, and how threats will evolve in 2023 and beyond. While most of it is aimed at Enterprise and large business environments, it may still be of interest to home users and small businesses alike.

The recommendations focus on SaaS and Enterprise-grade protections, but all users may use the listed threats to improve security. For example, outdated browsers may be updated more frequently, and weak or reused passwords may be replaced with unique strong passwords.

The report is available for download here, but a short form needs to be filled out before the download link is made available.

Source:

https://www.ghacks.net/2023/03/05/browser-security-report-reveals-major-online-security-threats/

Previous posts on Web Security

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Web App Security

Tags: browser security

Feb 16 2023

How to Find Web Server Vulnerabilities With Nikto Scanner

Category: Security Tools,Web SecurityDISC @ 10:55 am
How to Find Web Server Vulnerabilities With Nikto Scanner

Find Web Server Vulnerabilities with Nikto Scanner.

Nikto is an open source web server vulnerabilities scanner, written in Perl languages. It function is to scan your web server for vulnerabilities.

Nikto scan for over 6700 items to detect misconfiguration, risky files, etc. and some of the features include:

  • You can save report in HTML, XML, CSV
  • It supports SSL and Full HTTP Proxy
  • Scan multiple ports on the server
  • Find subdomain
  • Apache user enumeration
  • Checks for outdated components
  • Detect parking sites
  • Server and software misconfigurations
  • Default files and programs
  • Insecure files and programs
  • Outdated servers and programs

Lets get started with the installation and how to use this tool

This can be installed on Kali Linux or other OS (Windows, Mac OSX, Redhat, Debian, Ubuntu, BackTrack, CentOS, etc.), which support Perl.

Also Read- Kali Linux Commands Cheatsheet

In this article, I will explain how to use Nikto on Kali Linux .

Firstly we will install the Nikto tool from Github or Using apt install command on terminal.

Using help manual of Nikto we can see various options or parameters on how we can use this tool very efficiently.

Firstly we will use the basic syntax to check the vulnerability of the website.

However, Nikto is capable of doing a scan that can go after SSL and port 443, the port that HTTPS websites use (HTTP uses port 80 by default). So we’re not just limited to scanning old sites, we can do vulnerability assessments on sites that use SSL, which is pretty much a requirement these days to be indexed in search results.

If we know it’s an SSL site that we’re targeting, we can specify it in Nikto to save some time on the scan by adding -ssl to the end of the command.

So by using this tool we can analyze the vulnerability of the website.

Previous posts on Security Tools

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Nikto Scanner

Jan 21 2023

Is this website Safe : How to Check Website Safety to Avoid Cyber Threats Online

Category: Dark Web,Web SecurityDISC @ 9:41 am
Is this website Safe : How to Check Website Safety to Avoid Cyber Threats Online

is this website safe ? In this digital world, Check website safety is most important concern since there are countless malicious websites available everywhere over the Internet, it is very difficult to find a trustworthy websiteWe need tobrowse smart and need to make sure the site is not dangerous by using Multiple approaches.

In general, it is good to type the website URL instead of copy-paste or clicking an URL. Also, check to see the website working with HTTP OR HTTPS.

Is this website Safe : How to Check Website Safety to Avoid Cyber Threats Online

Investigating: is this website safe

In order to find, is this website safe , we need to figure it out if the URL received from an unknown source and we would recommend cross-checking the URL before clicking on it. Copy the URL to analyzers that available over the Internet and ensure it’s Integrity. 

If it is a shortened URL you can unshorten itwith the siteand then analyze the actual URL.

Methods to analyze Websites

To check website safety, the first and the most recommended method is to check online page scanners, which uses the latest fingerprinting technology to show web applications are up to date or infected by malware.

Like this number of scanners available

Website reputation check needs to be done to find the trustworthiness of website with WOT .

pis

Ensure SSL is there before making a purchase

In order to check website safety, Ensure the website availability with https before entering the payment card details. We can audit the HTTPS availability with the SSL analyzer URL’s available over the internet.

Also, there is a range of certificates available over the Internet from low assured (domain validation) to the Most trusted Extended validation certificates, you can refer the URL for more details. 

Moreover, we can verify their prompt installation with various popular checkers available

Google Safe Browsing: is this website safe

According to Google, in order to check, is this website Safe, Browsing is a service that Google’s security team built to identify unsafe websites across the web and notify users and webmasters of potential harm.

In this Transparency Report, Google discloses details about the threats we detect and the warnings we show to users.

We share this information to increase awareness about unsafe websites, and we hope to encourage progress toward a safer and more secure web.

Safe Browsing also notifies webmasters when their websites are compromised by malicious actors and helps them diagnose and resolve the problem so that their visitors stay safer.

Safe Browsing protections work across Google products and power safer browsing experiences across the Internet.

Check the Browsing Website have Any unsafe Content or not –   Google Safe Browsing

To Report Malicious websites

Please report the dangerous URL to the services mentioned below. They are arranged in categories which should make it relatively easy to decide which services you should report the site to.

Services which blacklist Dangerous sites

Check the Blacklist IP Address 

There are some awesome tools to Check the website IP Address has been listed in the Global Blacklist Database.

Multirblis a free multiple DNSBL (DNS BlackList aka RBL) lookup and FCrDNS (Forward Confirmed reverse DNS aka iprev) check tool to confirm,  is this website Safe.

Check the Website Safety & Reputation

analyzes a website through multiple blacklist engines and online reputation tools to facilitate the detection of fraudulent and malicious websites. This service helps you identify websites involved in malware incidents, fraudulent activities, and phishing websites.

Important tools for Check the Website Reputation and confirm is this website Safe

Conclusion

Cyber criminals are using various sophisticated techniques to fool online users to drop malware and other cyber threats to cause unbearable damages. so beware of the malicious website, don’t blindly open the website and check the website safety before open it.

Web Application Security: Exploitation and Countermeasures for Modern Web Applications

Checkout our previous posts on Web Security

InfoSec books | InfoSec tools | InfoSec services

Tags: Website Safety

Jan 17 2023

Car companies massively exposed to web vulnerabilities

Category: Security vulnerabilities,Web SecurityDISC @ 11:51 am

From a detailed report – compiled by security researcher Sam Curry – the findings are an alarming indication that in its haste to roll out digital and online features, the automotive industry is doing a sloppy job of securing its online ecosystem. https://lnkd.in/gdAXGjaN

The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) vendors, and fleet operators were riddled with security holes, security researchers warn.

In a detailed report, security researcher Sam Curry laid out vulnerabilities that run the gamut from information theft to account takeover, remote code execution (RCE), and even hijacking physical commands such as starting and stopping the engines of cars. The findings are an alarming indication that in its haste to roll out digital and online features, the automotive industry is doing a sloppy job of securing its online ecosystem.

From web portals to car locks

Around six months ago, Curry and a few friends stumbled on a vulnerability in the mobile app of a scouter fleet at the University of Maryland, which caused the horns and headlights on all the scooters in the campus to turn on and stay on for 15 minutes. Curry subsequently became interested in doing further investigation along with researchers Neiko RiveraBrett BuerhausMaik RobertIan CarrollJustin Rhinehart, and Shubham Shah.

“We thought it’d be awesome to dump a ton of time into hacking different car companies to see how many ‘horns we could honk’, but it quickly turned into hacking telematics infrastructure and things outside of the telematics APIs,” Curry told The Daily Swig.

The researchers’ findings, detailed on Curry’s blog, highlight an alarming number of critical vulnerabilities across different systems. For example, a poorly configured API endpoint for generating one-time passwords for the web portals of BMW and Rolls Royce potentially enabled attackers to take over the accounts of any employee and contractor, thereby gaining access to sensitive customer and vehicle information.

A misconfiguration in the Mercedes-Benz single sign-on (SSO) system enabled the researchers to gain access to several internal company assets, including private GitHub repositories and internal communication tools. Attackers could pose as employees, allowing them to access sensitive information, send commands to customer vehicles, perform RCE attacks, and use social engineering to escalate their privileges across the Mercedes-Benz infrastructure.

Elsewhere a vulnerability in Kia’s web portal for dealers could have allowed attackers to create a fake session, register an account, associate it with any arbitrary vehicle VIN number, and gain access to lock, unlock, and remote start/stop mechanisms, as well as vehicle locations and vehicle camera feeds.

A poorly implemented SSO functionality in Ferrari’s web applications allowed the researchers to gain unrestricted access to the JavaScript code of several internal applications. The source code contained internal API keys and usage patterns, allowing potential attackers to create and modify users or (worse yet) give themselves super-user permissions. The vulnerabilities effectively allowed attackers to take ownership of Ferrari cars.

Other vulnerabilities granted full remote control over the locks, engine, horn, headlights, and trunk of Hyundai and Genesis vehicles made after 2012. The researchers were also able to obtain full remote access to Honda, Nissan, Infiniti, and Acura vehicles.

Dangerous bug in telematics portal

Curry and his colleagues found a SQL injection vulnerability in the admin portal of Spireon, the parent company of several car telematics and fleet management vendors that collectively service 15 million vehicles. Curry described this as their “most alarming finding” because the vulnerability allowed them to gain administrator access to the company’s platform.

“Using our access, we could access all user accounts, devices (vehicles), and fleets,” he said. “Some of the fleets on the website included ambulances, police cruisers, and large trucks. Using the Spireon access, we could send fully arbitrary commands and update device configurations.”

The researchers found they were able to lock starters, unlock vehicles, track vehicles, and send rogue dispatch addresses to vehicles like police cars and ambulances. The researchers further suspect the security shortcomings made it possible to install backdoors and run arbitrary commands on Spireon devices.

Half-baked

“There were some car companies where you’d own one, then copy the exact same methodology to another car company and get in with the same vulnerability,” Curry said.

The researchers found that some flaws existed across the platforms of several companies, including tons of exposed actuators (vehicle component control), debug endpoints, and administrative functionality for managing vehicles, purchase contracts, and telematic devices.

“From what it seems, car companies really rushed to install these devices,” Curry said. “Currently, these installations mostly have limited functionality so you can only do things like track, unlock, and start the vehicle, but with companies like Tesla and Rivian building more connected vehicles which can actually be controlled remotely, I’m worried that market pressure will force these companies to build half-baked solutions which are open to attack.”

Checkout our latest posts on API security…

Contact DISC InfoSec

InfoSec books | InfoSec tools | InfoSec services

Tags: Car Security

Jan 13 2023

Credential Stealing Flaw in Google Chrome Impacted 2.5 Billion Users

Category: Web SecurityDISC @ 10:01 am
Credential Stealing Flaw in Google Chrome Impacted 2.5 Billion Users

The vulnerability (CVE-2022-3656), allowed remote attackers to steal sensitive user data like cloud service provider credentials and crypto wallet details.

The cyber security researchers at Imperva Red Team have shared details of a recently discovered and patched vulnerability that impacted over 2.5 billion Google Chrome users and all Chromium-based browsers, including Opera and Edge.

Vulnerability Details

The vulnerability is tracked as CVE-2022-3656, allowing remote attackers to steal sensitive user data like cloud service provider credentials and crypto wallet details. Further probe revealed that the issue emerged due to how the Chrome browser interacted with symlinks while processing directories and files.

As per Imperva’s researcher Ron Masas, the browser didn’t check whether the symlink pointed to a location that wasn’t accessible, encouraging the stealing of sensitive files. Google characterized it as a medium-severity vulnerability caused due to inadequate data validation in File System. The company released a fix in the Chromium versions 107 and 108 released in Oct and Nov 2022, respectively.

What is SymStealer?

In their report, Imperva researchers named the flaw SymStealer. The issue occurs when the attacker exploits the File System to evade program restrictions and access unauthorized files. Imperva’s analysis revealed that when a user drags and drops a folder directly onto a file input element, the browser recursively resolves all symlinks without displaying a warning.

For your information, a symlink is also called a symbolic link. It is a file that points to a directory or file and lets the OS treat it as if it was stored at the symlink’s location. Usually, this feature helps users in creating shortcuts, file organisation, and redirect file paths.

But Imperva’s research revealed that this feature could be exploited to introduce vulnerabilities such as this one that emerged due to how browsers interacted with symlinks for file/directories processing. This issue is also called symbolic link following.

Attack Scenario

Through this weakness, the attacker can trick a victim into accessing a compromised website and download a ZIP archive file that contains the symlink to a valuable folder or file present on the device e.g. wallet keys. When this file is uploaded back to this site as an infection chain component like a crypto wallet service, the user is prompted to upload their recovery keys.

The attacker can now traverse the symbolic link and access the original file storing the key phrase. Imperva researchers devised a proof-of-concept using CSS trickery to modify the file input element’s size so that the file uploads regardless of where the folder drops on the page and information is stolen successfully.

It is important to always keep your software up to date in order to protect against the latest vulnerabilities and ensure that your personal and financial information remains secure.

Imperva

Information Assurance Directorate: Deploying and Securitign Google Chrome in a Windows Enterprise

Tags: Credential Stealing Flaw, Google Chrome

Dec 23 2022

WEB APPLICATION PENTESTING CHECKLIST

Category: App Security,Pen Test,Web SecurityDISC @ 11:37 am
This image has an empty alt attribute; its file name is image-20.png

Web Pentesting Checklist Cyber Security News

WEB-APPLICATION-PENTESTING-Checklist-1Download

PenTesting Titles

Penetration Testing: Protecting Networks and Systems

Pentesting Training

Penetration Testing – Exploitation

Penetration Testing – Post Exploitation

Infosec books | InfoSec tools | InfoSec services

Tags: WEB APPLICATION PENTESTING CHECKLIST

Dec 19 2022

Is this website Safe : How to Check Website Safety to Avoid Cyber Threats Online

Category: App Security,Cyber Threats,Web SecurityDISC @ 10:58 am
Is this website Safe : How to Check Website Safety to Avoid Cyber Threats Online

is this website safe ? In this digital world, Check website safety is most important concern since there are countless malicious websites available everywhere over the Internet, it is very difficult to find a trustworthy websiteWe need tobrowse smart and need to make sure the site is not dangerous by using Multiple approaches.

In general, it is good to type the website URL instead of copy-paste or clicking an URL. Also, check to see the website working with HTTP OR HTTPS.

Investigating: is this website safe

In order to find, is this website safe , we need to figure it out if the URL received from an unknown source and we would recommend cross-checking the URL before clicking on it. Copy the URL to analyzers that available over the Internet and ensure it’s Integrity. 

If it is a shortened URL you can unshorten itwith the siteand then analyze the actual URL.

Methods to analyze Websites

To check website safety, the first and the most recommended method is to check online page scanners, which uses the latest fingerprinting technology to show web applications are up to date or infected by malware.

Like this number of scanners available

Website reputation check needs to be done to find the trustworthiness of website with WOT .

pis

Ensure SSL is there before making a purchase

In order to check website safety, Ensure the website availability with https before entering the payment card details. We can audit the HTTPS availability with the SSL analyzer URL’s available over the internet.

Also, there is a range of certificates available over the Internet from low assured (domain validation) to the Most trusted Extended validation certificates, you can refer the URL for more details. 

Moreover, we can verify their prompt installation with various popular checkers available

Google Safe Browsing: is this website safe

According to Google, in order to check, is this website Safe, Browsing is a service that Google’s security team built to identify unsafe websites across the web and notify users and webmasters of potential harm.

In this Transparency Report, Google discloses details about the threats we detect and the warnings we show to users.

We share this information to increase awareness about unsafe websites, and we hope to encourage progress toward a safer and more secure web.

Safe Browsing also notifies webmasters when their websites are compromised by malicious actors and helps them diagnose and resolve the problem so that their visitors stay safer.

Safe Browsing protections work across Google products and power safer browsing experiences across the Internet.

Check the Browsing Website have Any unsafe Content or not –   Google Safe Browsing

To Report Malicious websites

Please report the dangerous URL to the services mentioned below. They are arranged in categories which should make it relatively easy to decide which services you should report the site to.

Services which blacklist Dangerous sites

Check the Blacklist IP Address 

There are some awesome tools to Check the website IP Address has been listed in the Global Blacklist Database.

Multirblis a free multiple DNSBL (DNS BlackList aka RBL) lookup and FCrDNS (Forward Confirmed reverse DNS aka iprev) check tool to confirm,  is this website Safe.

Check the Website Safety & Reputation

analyzes a website through multiple blacklist engines and online reputation tools to facilitate the detection of fraudulent and malicious websites. This service helps you identify websites involved in malware incidents, fraudulent activities, and phishing websites.

Important tools for Check the Website Reputation and confirm is this website Safe

Conclusion

Cyber criminals are using various sophisticated techniques to fool online users to drop malware and other cyber threats to cause unbearable damages. so beware of the malicious website, don’t blindly open the website and check the website safety before open it.

Is this website Safe : How to Check Website Safety to Avoid Cyber Threats Online

Web Application Security: Exploitation and Countermeasures for Modern Web Applications

Security Analysis with search engines:

Image preview

Tags: #Pentesters, Security Analysis, Web Application Security, Website Safety

Nov 10 2022

Malicious Chrome Plugin Let Remote Attacker Steal keystroke and Inject Malicious Code

Category: Malware,Web SecurityDISC @ 11:38 am
Malicious Chrome Plugin Let Remote Attacker Steal keystroke and Inject Malicious Code

Researchers at Zimperium zLabs recently identified a new Chrome browser botnet called ‘Cloud9’ that is intent on stealing the following information using malicious extensions:-

  • Online accounts credentials
  • Log keystrokes
  • Inject ads
  • Inject malicious JS code
  • Enroll the victim’s browser in DDoS attacks

This method is becoming increasingly attractive for malware developers to target web browsers as they contain the most valuable information about a user.

In the course of everyday activities, we can find out a lot about ourselves through our keystrokes or session cookies. A breach of security or a violation of privacy can be caused by having access to such information.

Cloud9 botnet is a RAT that affects all Chromium-based web browsers, which are popular among consumers like Chrome and Microsoft Edge. Moreover, threat actors could exploit this RAT to remotely execute arbitrary commands.

Technical Analysis

The official Chrome web store doesn’t host this malicious Chrome extension, so it cannot be downloaded from there. 

The distribution channel of this malware relies on communities that are operated by threat actors, wherein the malware will be hidden by users of the tool before it gets delivered to the victims by the tool itself.

In terms of the Javascript files that make up the extension, there are only three. While the primary functionality of the extension can be located in a file called “campaign.js” which contains most of its functionality.

According to the report, During the initialization of campaign.js, the window.navigator API is used to identify the system’s operating system. Once the target has been identified, a Javascript file is injected into the victim’s computer system as a method to mine cryptocurrency using the resources of the victim’s computer system.

Next, for further proceedings, it injects another script known as cthulhu.js which comprises a full-chain exploit for the following flaws:-

  • CVE-2019-11708 (Firefox)
  • CVE-2019-9810 (Firefox)
  • CVE-2014-6332 (Internet Explorer)
  • CVE-2016-0189 (Internet Explorer)
  • CVE-2016-7200 (Edge)

As soon as the vulnerabilities are exploited, Windows malware is automatically installed on the host machine and executed. This gives attackers even more opportunities to compromise systems and carry out even more severe malware attacks.

While one of the sophisticated inclusion of this malware is “Clipper,” a module that keeps scanning the clipboard of the system for copied data like:-

  • Passwords
  • Credit cards details

In addition to injecting ads into webpages silently, Cloud9 is also capable of generating revenue for its operators by generating ad impressions.

Cloud9 Botnet Functionalities

<strong>Malicious Chrome Plugin Let Remote Attacker Steal keystroke and Inject Malicious Code</strong>

Tags: Malicious Chrome Plugin

Nov 08 2022

Researchers Found Website Scanner “Urlscan.io” Leaking Sensitive Private Data

Category: Web SecurityDISC @ 11:50 am
Researchers Found Website Scanner “Urlscan.io” Leaking Sensitive Private Data

Researchers from Positive Security uncovered a website scanner called “Urlscan” that unintentionally leaking sensitive URLs and data due to misconfiguration.

It appears that a third party accidentally leaked the GitHub Pages URLs, and this incident happened while a metadata analysis was being conducted.

“This information could be used by spammers to collect email addresses and other personal information,” Bräunlein, Co Founder Positive security said. “It could be used by cyber criminals to take over accounts and run believable phishing campaigns.”

The URLscan.io service is described as a sandbox for the web and has been referred to as a web scanner. Several security solutions integrate with its API in order to make their solutions more secure and feature-rich.

The idea behind it is to allow users to identify possible malicious websites with ease and confidence using a simple, straightforward tool. A wide range of open-source projects and enterprise customers are supported by the engine.

Sensitive data can be mined

It was discovered that users who enabled Github Pages as a hosting method for a private repository leaked the name of the repository. There does not seem to have been any public official acknowledgment of this breach as of yet.

There is a possibility that an anonymous user could easily search for and retrieve a vast amount and variety of sensitive data within the API integration. 

This is because the API is equipped with several varieties of security tools that run scans on incoming emails and conduct Urlscans on every link that is received.

Several types of information are provided with each scan result that is returned by the service, including:-

  • Password reset links
  • Unsubscribe links
  • Account creation URLs
  • API keys
  • Information about Telegram bots
  • DocuSign signing requests
  • Amazon gift delivery links
  • Shared Google Drive links
  • Dropbox file transfers
  • Invite links to SharePoint
  • Invite links to Discord
  • Government Zoom invites
  • PayPal invoices
  • Paypal money claim requests
  • Links to Cisco Webex meeting recordings
  • Package tracking links

It has been noted that some API integrations use generic Python requests that use the python-requests/2.X.Y module. This would lead to scans being mistakenly submitted as public if user agents ignored account visibility settings.

Integrations

A list of 26 commercial security solutions have integrated urlscan.io’s API and the security solutions include are:-

Tags: Website Scanner

Oct 04 2022

Chrome 106 Released – Google Fixed 20 Security Bugs – Update Now!

Category: Web SecurityDISC @ 1:54 pm
Chrome 106 Released – Google Fixed 20 Security Bugs – Update Now!

The Chrome web browser was recently updated to a new stable version released by Google. Google Chrome’s updated version Chrome 106 offers a number of brand-new features and improvements, and it also includes a number of security updates.

The new version of Chrome 106 has been already released by Google to the stable channel for all the major platforms:-

  • Windows (Chrome 106.0.5249.61/62)
  • Mac (Chrome 106.0.5249.61)
  • Linux (Chrome 106.0.5249.61)

In the course of hours, days, or even weeks, the update will be rolled out to all devices throughout the world in phases. 

Security fixes

This update contains 20 security fixes that have been applied to Chrome 106 Stable so far. As usual, the official release notes only include a list of security issues that were reported externally to the developers. 

There are different levels of security ratings, the highest being high. There have been at least five security issues that have been publicly disclosed. These five flaws were rated as high, while the remaining have been rated between medium and low.

Here below we have mentioned those five high severity security vulnerabilities:-

  • CVE-2022-3304: Use after free in CSS.
  • CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools.
  • CVE-2022-3305: Use after free in Survey.
  • CVE-2022-3306: Use after free in Survey.
  • CVE-2022-3307: Use after free in Media.

There seem to be no exploits in the wild that take advantage of any of the issues. The release notes for this version do not mention anything about that.

Update Now

To speed up the installation of the Chrome 106 update, Chrome users can load the following URL in the address bar of the browser:-

  • chrome://settings/help

Whenever you open this webpage in Chrome, it will display the current version and automatically check for any updates that have been released.

Chrome 106 Released – Google Fixed 20 Security Bugs – Update Now!

Tags: chrome bugs

Next Page »