COMP08145 2018 Software Application Security Testing

General Details

Full Title
Software Application Security Testing
Transcript Title
Software Application Security
Code
COMP08145
Attendance
N/A %
Subject Area
COMP - 0613 Computer Science
Department
COEL - Computing & Electronic Eng
Level
08 - Level 8
Credit
05 - 05 Credits
Duration
Semester
Fee
Start Term
2018 - Full Academic Year 2018-19
End Term
9999 - The End of Time
Author(s)
John Weir, Shaun McBrearty
Programme Membership
SG_KSODV_H08 201800 Bachelor of Science (Honours) in Computing in Software Development SG_KCMPU_H08 201800 Bachelor of Science (Honours) in Computing SG_KSODV_K08 201800 Level 8 Honours Degree Add-on in Software Development SG_KSFTD_K08 201800 Bachelor of Science (Honours) in Computing in Software Development (Add On) SG_KSOFT_E08 201800 Certificate in Software Development SG_KSECU_E08 201800 Certificate in Secure IT and Deep/Machine Learning SG_KSOFT_E08 201900 Certificate in Software Development SG_KSFTD_K08 201900 Bachelor of Science (Honours) in Computing in Software Development (Add On) SG_KSODV_K08 201900 Level 8 Honours Degree Add-on in Software Development SG_KSODV_H08 201900 Bachelor of Science (Honours) in Computing in Software Development SG_KCMPU_H08 201900 Bachelor of Science (Honours) in Computing SG_KSOFT_E08 202000 Certificate in Software Development SG_KCMPU_H08 202000 Bachelor of Science (Honours) in Computing SG_KSODV_H08 202000 Bachelor of Science (Honours) in Computing in Software Development SG_KSFTD_K08 202000 Bachelor of Science (Honours) in Computing in Software Development (Add On) SG_KSODV_K08 202000 Level 8 Honours Degree Add-on in Software Development SG_KSODV_H08 202100 Bachelor of Science (Honours) in Computing in Software Development SG_KCMPU_H08 202100 Bachelor of Science (Honours) in Computing SG_KSODV_H08 202200 Bachelor of Science (Honours) in Computing in Software Development SG_KSFTD_K08 202200 Bachelor of Science (Honours) in Computing in Software Development (Add-on) SG_KSODV_K08 202200 Bachelor of Science (Honours) in Computing in Software Development (Add-on) SG_KCMPU_H08 202200 Bachelor of Science (Honours) in Computing SG_KSODV_H08 202400 Bachelor of Science (Honours) in Computing in Software Development SG_KSODV_K08 202400 Bachelor of Science (Honours) in Computing in Software Development SG_KSFTD_K08 202400 Bachelor of Science (Honours) in Computing in Software Development SG_KCMPU_H08 202400 Bachelor of Science (Honours) in Computing SG_KSECU_E08 202400 Certificate in Secure IT and Deep/Machine Learning SG_KSOFT_E08 202400 Certificate in Software Development
Description

The aim of this module is to provide learners with the skills to simulate malicious attacks against software applications from a black-hat hacker/black-box testing perspective using industry standard ethical-hacking tools.

Learning Outcomes

On completion of this module the learner will/should be able to;

1.

Locate and analyse relevant publicly available information with regard to the software application under test.

2.

Simulate attacks on a software application from a black-box perspective using industry standard ethical hacking tools.

3.

Evaluate automated testing tool results with respect to business impact and false positives.

4.

Compose exploits and countermeasures in response to vulnerabilities identified.

Teaching and Learning Strategies

Delivery of the module will comprise a one-hour lecture and a two-hour practical session.

The one-hour lecture will be used to introduce key concepts concepts relating to penetration testing of software applications. These concepts will later be applied practically in the subsequent two-hour practical session.

Additionally, flipped-learning and inquiry based learning will be used where appropriate.

Module Assessment Strategies

Continuous Assessment for the module comprises two pieces of work.

The first assessment see's the learner pen-test a Client-Server application - provided by the lecturer - in a two-hour class test.

With a view to promoting cross-module assesment with PRJ 400, it is envisioned that the second assessment will comprise a pen test of the software artefact produced by the learner as part of PRJ 400.

Repeat Assessments

Repeat exam and/or Continuous Assessment.

Indicative Syllabus

1) Locate and analyse relevant publicly available information with regard to the software application under test.

  • Organisation Profiling (Manual, Automated (Maltego)).
  • Infrastructure Profiling (Web Server Software, DNS Entries).
  • Application Profiling (Manual, Automatic (Google Hacking)).
  • Documenting Findings.
  • Countermeasures.

2) Simulate attacks on a software application from a black-box perspective using industry standard ethical hacking tools.

  • Obtaining Authorisation to Test.
  • Specifying Scope of Activities.
  • Testing Web/Client-Server Applications.
  • Testing Desktop Applications.
  • Testing Mobile Applications.
  • GUI Hacking.
  • URI Hacking.
  • Protocol Manipulation.
  • Manual Analysis.
  • Automated Analysis.
  • Documenting Findings.

3) Evaluate automated testing tool results with respect to business impact and false positives.

  • Utilise Industry Standard Ethical Hacking/Penetration Testing Tools.
  • Risk Analysis and Prioritisation.
  • Identification of False Positives.

4) Compose Exploits and Countermeasures in response to Vulnerabilities identified.

  • Utilise Industry Standard Exploit Framework.
  • Evaluate Potential Countermeasures.

Coursework & Assessment Breakdown

End of Semester / Year Formal Exam
100 %

Coursework Assessment

Title Type Form Percent Week Learning Outcomes Assessed
1 Pen Test Existing Client-Server Application Coursework Assessment Assessment 30 % Week 8 1,2,3,4
2 Pen Test PRJ 400 Artefact Coursework Assessment Individual Project 30 % OnGoing 1,2,3,4
             

End of Semester / Year Assessment

Title Type Form Percent Week Learning Outcomes Assessed
1 Final Exam Final Exam Closed Book Exam 40 % End of Semester 1,2,3,4
             
             

Full Time Mode Workload


Type Location Description Hours Frequency Avg Workload
Lecture Computer Laboratory Lecture 1 Weekly 1.00
Practical / Laboratory Computer Laboratory Practical 2 Weekly 2.00
Independent Learning Not Specified Independent Learning 4 Weekly 4.00
Total Full Time Average Weekly Learner Contact Time 3.00 Hours

Online Learning Mode Workload


Type Location Description Hours Frequency Avg Workload
Lecture Distance Learning Suite Lecture 1.5 Weekly 1.50
Directed Learning Not Specified Directed Learning 1.12 Weekly 1.12
Independent Learning Not Specified Independent Learning 4.5 Weekly 4.50
Total Online Learning Average Weekly Learner Contact Time 1.50 Hours

Required & Recommended Book List

Recommended Reading
2015-01-09 Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition McGraw-Hill Education

Cutting-edge techniques for finding and fixing critical security flaws

Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 12 new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Fourth Edition explains the enemys current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-deploy testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource.

  • Build and launch spoofing exploits with Ettercap and Evilgrade
  • Induce error conditions and crash software using fuzzers
  • Hack Cisco routers, switches, and network hardware
  • Use advanced reverse engineering to exploit Windows and Linux software
  • Bypass Windows Access Control and memory protection schemes
  • Scan for flaws in Web applications using Fiddler and the x5 plugin
  • Learn the use-after-free technique used in recent zero days
  • Bypass Web authentication via MySQL type conversion and MD5 injection attacks
  • Inject your shellcode into a browser's memory using the latest Heap Spray techniques
  • Hijack Web browsers with Metasploit and the BeEF Injection Framework
  • Neutralize ransomware before it takes control of your desktop
  • Dissect Android malware with JEB and DAD decompilers
  • Find one-day vulnerabilities with binary diffing

Recommended Reading
2012-07-23 Hacking Exposed 7: Network Security Secrets and Solutions McGraw-Hill Education

The latest tactics for thwarting digital attacks

Our new reality is zero-day, APT, and state-sponsored attacks. Today, more than ever, security professionals need to get into the hackers mind, methods, and toolbox to successfully deter such relentless assaults. This edition brings readers abreast with the latest attack vectors and arms them for these continually evolving threats. --Brett Wahlin, CSO, Sony Network Entertainment

Stop taking punches--lets change the game; its time for a paradigm shift in the way we secure our networks, and Hacking Exposed 7 is the playbook for bringing pain to our adversaries. --Shawn Henry, former Executive Assistant Director, FBI

Bolster your systems security and defeat the tools and tactics of cyber-criminals with expert advice and defense strategies from the world-renowned Hacking Exposed team. Case studies expose the hackers latest devious methods and illustrate field-tested remedies. Find out how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications, and fortify UNIX networks. Hacking Exposed 7: Network Security Secrets & Solutions contains all-new visual maps and a comprehensive countermeasures cookbook.

  • Obstruct APTs and web-based meta-exploits
  • Defend against UNIX-based root access and buffer overflow hacks
  • Block SQL injection, spear phishing, and embedded-code attacks
  • Detect and terminate rootkits, Trojans, bots, worms, and malware
  • Lock down remote access using smartcards and hardware tokens
  • Protect 802.11 WLANs with multilayered encryption and gateways
  • Plug holes in VoIP, social networking, cloud, and Web 2.0 services
  • Learn about the latest iPhone and Android attacks and how to protect yourself

Recommended Reading
2015-11-12 Google Hacking for Penetration Testers Syngress

Google is the most popular search engine ever created, but Googles search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web, including social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers, Third Edition, shows you how security professionals and system administratord manipulate Google to find this sensitive information and "self-police" their own organizations.

You will learn how Google Maps and Google Earth provide pinpoint military accuracy, see how bad guys can manipulate Google to create super worms, and see how they can "mash up" Google with Facebook, LinkedIn, and more for passive reconnaissance.

This third edition includes completely updated content throughout and all new hacks such as Google scripting and using Google hacking with other search engines and APIs. Noted author Johnny Long, founder of Hackers for Charity, gives you all the tools you need to conduct the ultimate open source reconnaissance and penetration testing.

  • Third edition of the seminal work on Google hacking
  • Google hacking continues to be a critical phase of reconnaissance in penetration testing and Open Source Intelligence (OSINT)
  • Features cool new hacks such as finding reports generated by security scanners and back-up files, finding sensitive info in WordPress and SSH configuration, and all new chapters on scripting Google hacks for better searches as well as using Google hacking with other search engines and APIs

Recommended Reading
2016-10-28 Mastering Modern Web Penetration Testing Packt Publishing

Key Features

  • This book covers the latest technologies such as Advance XSS, XSRF, SQL Injection, Web API testing, XML attack vectors, OAuth 2.0 Security, and more involved in today's web applications
  • Penetrate and secure your web application using various techniques
  • Get this comprehensive reference guide that provides advanced tricks and tools of the trade for seasoned penetration testers

Book Description

Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web application security.

We will cover web hacking techniques so you can explore the attack vectors during penetration tests. The book encompasses the latest technologies such as OAuth 2.0, Web API testing methodologies and XML vectors used by hackers. Some lesser discussed attack vectors such as RPO (relative path overwrite), DOM clobbering, PHP Object Injection and etc. has been covered in this book.

We'll explain various old school techniques in depth such as XSS, CSRF, SQL Injection through the ever-dependable SQLMap and reconnaissance.

Websites nowadays provide APIs to allow integration with third party applications, thereby exposing a lot of attack surface, we cover testing of these APIs using real-life examples.

This pragmatic guide will be a great benefit and will help you prepare fully secure applications.

What you will learn

  • Get to know the new and less-publicized techniques such PHP Object Injection and XML-based vectors
  • Work with different security tools to automate most of the redundant tasks
  • See different kinds of newly-designed security headers and how they help to provide security
  • Exploit and detect different kinds of XSS vulnerabilities
  • Protect your web application using filtering mechanisms
  • Understand old school and classic web hacking in depth using SQL Injection, XSS, and CSRF
  • Grasp XML-related vulnerabilities and attack vectors such as XXE and DoS techniques
  • Get to know how to test REST APIs to discover security issues in them

About the Author

Prakhar Prasad is a web application security researcher and penetration tester from India. He has been a successful participant in various bug bounty programs and has discovered security flaws on websites such as Google, Facebook, Twitter, PayPal, Slack, and many more. He secured the tenth position worldwide in the year 2014 at HackerOne's platform. He is OSCP and OSWP certified, which are some of the most widely respected certifications in the information security industry. He occasionally performs training and security assessment for various government, non-government, and educational organizations.

Table of Contents

  1. Common Security Protocols
  2. Information Gathering
  3. Cross-Site Scripting
  4. Cross-Site Request Forgery
  5. Exploiting SQL Injection
  6. File Upload Vulnerabilities
  7. Metasploit and Web
  8. XML Attacks
  9. Emerging Attack Vectors
  10. OAuth 2.0 Security
  11. API Testing Methodology

Recommended Reading
2017-06-28 Mastering Kali Linux for Web Penetration Testing: The ultimate defense against complex organized threats and attacks Packt Publishing

Master the art of exploiting advanced web penetration techniques with Kali Linux 2016.2

About This Book

  • Make the most out of advanced web pen-testing techniques using Kali Linux 2016.2
  • Explore how Stored (a.k.a. Persistent) XSS attacks work and how to take advantage of them
  • Learn to secure your application by performing advanced web based attacks.
  • Bypass internet security to traverse from the web to a private network.

Who This Book Is For

This book targets IT pen testers, security consultants, and ethical hackers who want to expand their knowledge and gain expertise on advanced web penetration techniques. Prior knowledge of penetration testing would be beneficial.

What You Will Learn

  • Establish a fully-featured sandbox for test rehearsal and risk-free investigation of applications
  • Enlist open-source information to get a head-start on enumerating account credentials, mapping potential dependencies, and discovering unintended backdoors and exposed information
  • Map, scan, and spider web applications using nmap/zenmap, nikto, arachni, webscarab, w3af, and NetCat for more accurate characterization
  • Proxy web transactions through tools such as Burp Suite, OWASP's ZAP tool, and Vega to uncover application weaknesses and manipulate responses
  • Deploy SQL injection, cross-site scripting, Java vulnerabilities, and overflow attacks using Burp Suite, websploit, and SQLMap to test application robustness
  • Evaluate and test identity, authentication, and authorization schemes and sniff out weak cryptography before the black hats do

In Detail

You will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess.

By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers' web applications.

Style and approach

An advanced-level guide filled with real-world examples that will help you take your web application's security to the next level by using Kali Linux 2016.2.

Module Resources

Journal Resources

---

URL Resources

---

Other Resources

------

Additional Information

---