In this exercise, you will practice identifying common vulnerabilities in web applications. This will help you understand how to recognize potential security issues and apply the knowledge gained from previous modules.

• Identify common web application vulnerabilities.
• Understand the impact of these vulnerabilities.
• Learn to use tools and techniques to detect vulnerabilities.

Before starting the exercise, review the OWASP Top Ten vulnerabilities. This will refresh your memory on the types of vulnerabilities you need to look for.

Ensure you have a testing environment set up. You can use a vulnerable web application like OWASP Juice Shop or DVWA (Damn Vulnerable Web Application). These applications are designed to be intentionally vulnerable for educational purposes.

Use the following tools and techniques to identify vulnerabilities in the web application:

1. Manual Inspection

• Source Code Review: Look through the source code for common vulnerabilities such as SQL injection, XSS, and insecure deserialization.
• Configuration Files: Check configuration files for security misconfigurations.

2. Automated Scanning

• OWASP ZAP: Use OWASP ZAP to scan the web application for vulnerabilities.

  # Start OWASP ZAP
  zap.sh
  

  • Spider the Application: Use the spider tool to crawl the application.
  • Active Scan: Perform an active scan to identify vulnerabilities.

3. Specific Vulnerability Checks

• SQL Injection: Test input fields for SQL injection vulnerabilities.

  ' OR '1'='1
  

• Cross-Site Scripting (XSS): Test input fields for XSS vulnerabilities.

  <script>alert('XSS')</script>
  

• Broken Authentication: Check for weak password policies and session management issues.

Create a report documenting the vulnerabilities you have identified. Include the following details for each vulnerability:

• Description: A brief description of the vulnerability.
• Location: Where the vulnerability was found in the application.
• Impact: The potential impact of the vulnerability.
• Evidence: Screenshots or code snippets demonstrating the vulnerability.
• Recommendations: Suggestions for fixing the vulnerability.

Let's say you are reviewing the source code and find the following SQL query:

This query is vulnerable to SQL injection. An attacker could input ' OR '1'='1 as the username and bypass authentication.

Using OWASP ZAP, you perform an active scan and find an XSS vulnerability in the search field. The scan report shows:

This indicates that the application does not properly sanitize user input.

• Ignoring Low-Risk Vulnerabilities: Even low-risk vulnerabilities can be exploited in combination with other vulnerabilities.
• Overlooking Configuration Issues: Security misconfigurations can be just as dangerous as code vulnerabilities.
• Not Validating Findings: Always validate automated scan results manually to avoid false positives.

By completing this exercise, you should now be more proficient in identifying common web application vulnerabilities. This skill is crucial for maintaining the security of web applications and protecting sensitive data. In the next exercise, you will learn how to implement security controls to mitigate these vulnerabilities.