COMP08145 2018 Software Application Security Testing
The aim of this module is to provide learners with the skills to simulate malicious attacks against software applications from a black-hat hacker/black-box testing perspective using industry standard ethical-hacking tools.
Learning Outcomes
On completion of this module the learner will/should be able to;
Locate and analyse relevant publicly available information with regard to the software application under test.
Simulate attacks on a software application from a black-box perspective using industry standard ethical hacking tools.
Evaluate automated testing tool results with respect to business impact and false positives.
Compose exploits and countermeasures in response to vulnerabilities identified.
Teaching and Learning Strategies
Delivery of the module will comprise a one-hour lecture and a two-hour practical session.
The one-hour lecture will be used to introduce key concepts concepts relating to penetration testing of software applications. These concepts will later be applied practically in the subsequent two-hour practical session.
Additionally, flipped-learning and inquiry based learning will be used where appropriate.
Module Assessment Strategies
Continuous Assessment for the module comprises two pieces of work.
The first assessment see's the learner pen-test a Client-Server application - provided by the lecturer - in a two-hour class test.
With a view to promoting cross-module assesment with PRJ 400, it is envisioned that the second assessment will comprise a pen test of the software artefact produced by the learner as part of PRJ 400.
Repeat Assessments
Repeat exam and/or Continuous Assessment.
Indicative Syllabus
1) Locate and analyse relevant publicly available information with regard to the software application under test.
- Organisation Profiling (Manual, Automated (Maltego)).
- Infrastructure Profiling (Web Server Software, DNS Entries).
- Application Profiling (Manual, Automatic (Google Hacking)).
- Documenting Findings.
- Countermeasures.
2) Simulate attacks on a software application from a black-box perspective using industry standard ethical hacking tools.
- Obtaining Authorisation to Test.
- Specifying Scope of Activities.
- Testing Web/Client-Server Applications.
- Testing Desktop Applications.
- Testing Mobile Applications.
- GUI Hacking.
- URI Hacking.
- Protocol Manipulation.
- Manual Analysis.
- Automated Analysis.
- Documenting Findings.
3) Evaluate automated testing tool results with respect to business impact and false positives.
- Utilise Industry Standard Ethical Hacking/Penetration Testing Tools.
- Risk Analysis and Prioritisation.
- Identification of False Positives.
4) Compose Exploits and Countermeasures in response to Vulnerabilities identified.
- Utilise Industry Standard Exploit Framework.
- Evaluate Potential Countermeasures.
Coursework & Assessment Breakdown
Coursework Assessment
Title | Type | Form | Percent | Week | Learning Outcomes Assessed | |
---|---|---|---|---|---|---|
1 | Pen Test Existing Client-Server Application | Coursework Assessment | Assessment | 30 % | Week 8 | 1,2,3,4 |
2 | Pen Test PRJ 400 Artefact | Coursework Assessment | Individual Project | 30 % | OnGoing | 1,2,3,4 |
End of Semester / Year Assessment
Title | Type | Form | Percent | Week | Learning Outcomes Assessed | |
---|---|---|---|---|---|---|
1 | Final Exam | Final Exam | Closed Book Exam | 40 % | End of Semester | 1,2,3,4 |
Full Time Mode Workload
Type | Location | Description | Hours | Frequency | Avg Workload |
---|---|---|---|---|---|
Lecture | Computer Laboratory | Lecture | 1 | Weekly | 1.00 |
Practical / Laboratory | Computer Laboratory | Practical | 2 | Weekly | 2.00 |
Independent Learning | Not Specified | Independent Learning | 4 | Weekly | 4.00 |
Online Learning Mode Workload
Type | Location | Description | Hours | Frequency | Avg Workload |
---|---|---|---|---|---|
Lecture | Distance Learning Suite | Lecture | 1.5 | Weekly | 1.50 |
Directed Learning | Not Specified | Directed Learning | 1.12 | Weekly | 1.12 |
Independent Learning | Not Specified | Independent Learning | 4.5 | Weekly | 4.50 |
Required & Recommended Book List
2015-01-09 Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition McGraw-Hill Education
Cutting-edge techniques for finding and fixing critical security flaws
Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 12 new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Fourth Edition explains the enemys current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-deploy testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource.
- Build and launch spoofing exploits with Ettercap and Evilgrade
- Induce error conditions and crash software using fuzzers
- Hack Cisco routers, switches, and network hardware
- Use advanced reverse engineering to exploit Windows and Linux software
- Bypass Windows Access Control and memory protection schemes
- Scan for flaws in Web applications using Fiddler and the x5 plugin
- Learn the use-after-free technique used in recent zero days
- Bypass Web authentication via MySQL type conversion and MD5 injection attacks
- Inject your shellcode into a browser's memory using the latest Heap Spray techniques
- Hijack Web browsers with Metasploit and the BeEF Injection Framework
- Neutralize ransomware before it takes control of your desktop
- Dissect Android malware with JEB and DAD decompilers
- Find one-day vulnerabilities with binary diffing
2012-07-23 Hacking Exposed 7: Network Security Secrets and Solutions McGraw-Hill Education
The latest tactics for thwarting digital attacks
Our new reality is zero-day, APT, and state-sponsored attacks. Today, more than ever, security professionals need to get into the hackers mind, methods, and toolbox to successfully deter such relentless assaults. This edition brings readers abreast with the latest attack vectors and arms them for these continually evolving threats. --Brett Wahlin, CSO, Sony Network Entertainment
Stop taking punches--lets change the game; its time for a paradigm shift in the way we secure our networks, and Hacking Exposed 7 is the playbook for bringing pain to our adversaries. --Shawn Henry, former Executive Assistant Director, FBI
Bolster your systems security and defeat the tools and tactics of cyber-criminals with expert advice and defense strategies from the world-renowned Hacking Exposed team. Case studies expose the hackers latest devious methods and illustrate field-tested remedies. Find out how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications, and fortify UNIX networks. Hacking Exposed 7: Network Security Secrets & Solutions contains all-new visual maps and a comprehensive countermeasures cookbook.
- Obstruct APTs and web-based meta-exploits
- Defend against UNIX-based root access and buffer overflow hacks
- Block SQL injection, spear phishing, and embedded-code attacks
- Detect and terminate rootkits, Trojans, bots, worms, and malware
- Lock down remote access using smartcards and hardware tokens
- Protect 802.11 WLANs with multilayered encryption and gateways
- Plug holes in VoIP, social networking, cloud, and Web 2.0 services
- Learn about the latest iPhone and Android attacks and how to protect yourself
2015-11-12 Google Hacking for Penetration Testers Syngress
Google is the most popular search engine ever created, but Googles search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web, including social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers, Third Edition, shows you how security professionals and system administratord manipulate Google to find this sensitive information and "self-police" their own organizations.
You will learn how Google Maps and Google Earth provide pinpoint military accuracy, see how bad guys can manipulate Google to create super worms, and see how they can "mash up" Google with Facebook, LinkedIn, and more for passive reconnaissance.
This third edition includes completely updated content throughout and all new hacks such as Google scripting and using Google hacking with other search engines and APIs. Noted author Johnny Long, founder of Hackers for Charity, gives you all the tools you need to conduct the ultimate open source reconnaissance and penetration testing.
- Third edition of the seminal work on Google hacking
- Google hacking continues to be a critical phase of reconnaissance in penetration testing and Open Source Intelligence (OSINT)
- Features cool new hacks such as finding reports generated by security scanners and back-up files, finding sensitive info in WordPress and SSH configuration, and all new chapters on scripting Google hacks for better searches as well as using Google hacking with other search engines and APIs
2016-10-28 Mastering Modern Web Penetration Testing Packt Publishing
Key Features
- This book covers the latest technologies such as Advance XSS, XSRF, SQL Injection, Web API testing, XML attack vectors, OAuth 2.0 Security, and more involved in today's web applications
- Penetrate and secure your web application using various techniques
- Get this comprehensive reference guide that provides advanced tricks and tools of the trade for seasoned penetration testers
Book Description
Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web application security.
We will cover web hacking techniques so you can explore the attack vectors during penetration tests. The book encompasses the latest technologies such as OAuth 2.0, Web API testing methodologies and XML vectors used by hackers. Some lesser discussed attack vectors such as RPO (relative path overwrite), DOM clobbering, PHP Object Injection and etc. has been covered in this book.
We'll explain various old school techniques in depth such as XSS, CSRF, SQL Injection through the ever-dependable SQLMap and reconnaissance.
Websites nowadays provide APIs to allow integration with third party applications, thereby exposing a lot of attack surface, we cover testing of these APIs using real-life examples.
This pragmatic guide will be a great benefit and will help you prepare fully secure applications.
What you will learn
- Get to know the new and less-publicized techniques such PHP Object Injection and XML-based vectors
- Work with different security tools to automate most of the redundant tasks
- See different kinds of newly-designed security headers and how they help to provide security
- Exploit and detect different kinds of XSS vulnerabilities
- Protect your web application using filtering mechanisms
- Understand old school and classic web hacking in depth using SQL Injection, XSS, and CSRF
- Grasp XML-related vulnerabilities and attack vectors such as XXE and DoS techniques
- Get to know how to test REST APIs to discover security issues in them
About the Author
Prakhar Prasad is a web application security researcher and penetration tester from India. He has been a successful participant in various bug bounty programs and has discovered security flaws on websites such as Google, Facebook, Twitter, PayPal, Slack, and many more. He secured the tenth position worldwide in the year 2014 at HackerOne's platform. He is OSCP and OSWP certified, which are some of the most widely respected certifications in the information security industry. He occasionally performs training and security assessment for various government, non-government, and educational organizations.
Table of Contents
- Common Security Protocols
- Information Gathering
- Cross-Site Scripting
- Cross-Site Request Forgery
- Exploiting SQL Injection
- File Upload Vulnerabilities
- Metasploit and Web
- XML Attacks
- Emerging Attack Vectors
- OAuth 2.0 Security
- API Testing Methodology
2017-06-28 Mastering Kali Linux for Web Penetration Testing: The ultimate defense against complex organized threats and attacks Packt Publishing
Master the art of exploiting advanced web penetration techniques with Kali Linux 2016.2
About This Book
- Make the most out of advanced web pen-testing techniques using Kali Linux 2016.2
- Explore how Stored (a.k.a. Persistent) XSS attacks work and how to take advantage of them
- Learn to secure your application by performing advanced web based attacks.
- Bypass internet security to traverse from the web to a private network.
Who This Book Is For
This book targets IT pen testers, security consultants, and ethical hackers who want to expand their knowledge and gain expertise on advanced web penetration techniques. Prior knowledge of penetration testing would be beneficial.
What You Will Learn
- Establish a fully-featured sandbox for test rehearsal and risk-free investigation of applications
- Enlist open-source information to get a head-start on enumerating account credentials, mapping potential dependencies, and discovering unintended backdoors and exposed information
- Map, scan, and spider web applications using nmap/zenmap, nikto, arachni, webscarab, w3af, and NetCat for more accurate characterization
- Proxy web transactions through tools such as Burp Suite, OWASP's ZAP tool, and Vega to uncover application weaknesses and manipulate responses
- Deploy SQL injection, cross-site scripting, Java vulnerabilities, and overflow attacks using Burp Suite, websploit, and SQLMap to test application robustness
- Evaluate and test identity, authentication, and authorization schemes and sniff out weak cryptography before the black hats do
In Detail
You will start by delving into some common web application architectures in use, both in private and public cloud instances. You will also learn about the most common frameworks for testing, such as OWASP OGT version 4, and how to use them to guide your efforts. In the next section, you will be introduced to web pentesting with core tools and you will also see how to make web applications more secure through rigorous penetration tests using advanced features in open source tools. The book will then show you how to better hone your web pentesting skills in safe environments that can ensure low-risk experimentation with the powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. After establishing how to test these powerful tools safely, you will understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess.
By the end of this book, you will be well-versed with the web service architecture to identify and evade various protection mechanisms that are used on the Web today. You will leave this book with a greater mastery of essential test techniques needed to verify the secure design, development, and operation of your customers' web applications.
Style and approach
An advanced-level guide filled with real-world examples that will help you take your web application's security to the next level by using Kali Linux 2016.2.
Module Resources
---
---
------
---