DEV Community: sahil gupta

🔥 LazyRecon: A Powerful Tool for Web Reconnaissance 🔥

sahil gupta — Mon, 24 Apr 2023 13:30:00 +0000

Today I am sharing a tool that I have been using for a while, which has helped me automate some tedious tasks of reconnaissance and information gathering of web applications. The tool is called LazyRecon, and it was developed by nahamsec, a well-known bug bounty hunter and security researcher.

LazyRecon is a script that performs various subtasks such as subdomain enumeration, port scanning, and content discovery, and also grabs a screenshot of responsive hosts using different tools and techniques. It also generates interactive HTML report that you can use for further analysis or reporting. LazyRecon is fast and easy to use

If you are interested in trying out LazyRecon, you can find it on GitHub link

I hope you find this tool helpful.

XML External Entity (XXE) Vulnerability - Part 3 (Local DTD Enumeration)

sahil gupta — Thu, 22 Dec 2022 15:30:00 +0000

Exploring how to enumerate local Document Type Definitions (DTDs) and exploit XML External Entity (XXE) vulnerabilities can be a great way to identify and exfiltrate sensitive files and data.

XML External Entity (XXE) Vulnerability - Part 3 (Local DTD Enumeration)

learn how to enumerate Local DTDs and exploit them to exfiltrate sensitive files and data

blogs.appsecworld.com

Static Application Security Testing using SonarQube

sahil gupta — Wed, 21 Dec 2022 15:30:00 +0000

Learn how to use SonarQube to conduct Static Application Security Testing step-by-step, ensuring your codebase is secure and up-to-date with best practices.
In this blog, I explained step by step process of how to set up SonarQube and conduct Static Application Security testing using SonarQube.

Static Application Security Testing using SonarQube

set up SonarQube using docker and conduct Static Application Security testing using SonarQube

blogs.appsecworld.com

XML External Entity (XXE) Vulnerability - Part 2 (XXE Basics)

sahil gupta — Tue, 20 Dec 2022 15:57:00 +0000

Learning the basics of XML External Entity (XXE) Vulnerability help to understand advanced concepts of XXE
In the second part of the XXE vulnerability blog, I have explained the basic concept of XXE, like what XXE is and a basic example of XXE.

XML External Entity (XXE) Vulnerability - Part 2 (XXE Basics)

learn about the basic concept of XXE, like what XXE is and a basic example of XXE

blogs.appsecworld.com

XML External Entity (XXE) Vulnerability - Part 1 (XML Basics)

sahil gupta — Mon, 19 Dec 2022 15:30:00 +0000

XML External Entity (XXE) Vulnerability is an important security issue to understand. Knowing the basics of XML can help you identify and prevent potential risks associated with XXE attacks.
In the first part of the XXE vulnerability blog, I have explained some basics concept of XML, like structure, DTD (Internal and External), and entity (Internal and External)

XML External Entity (XXE) Vulnerability - Part 1 (XML Basics)

learn about some basics concept of XML, like structure, DTD (Internal and External), and entity (Internal and External)

blogs.appsecworld.com

Vulnerability databases that we can use as part of software supply chain security

sahil gupta — Wed, 07 Dec 2022 15:30:00 +0000

Vulnerability databases play an important role in software supply chain security. Vulnerability databases contain information about known third-party components/libraries vulnerabilities. By leveraging multiple vulnerability databases, we can identify potential vulnerable third-party components used in software development and also remediate those issues quickly.

Here is the list of free Vulnerability databases that we can use as part of software supply chain security.

NVD (National Vulnerability Database): https://nvd.nist.gov
GitHub advisory: https://github.com/advisories
Google OSV: https://osv.dev
Snyk Vulnerability Database: https://security.snyk.io
SonaType OSS Index: https://ossindex.sonatype.org

Free Learning Resources for Application Security and Penetration Testing

Learning portal for Application Security and DevSecOps Engineers. It contains well-written and in-depth articles on Software Security and DevSecOps

blogs.appsecworld.com

Plugins that allow you to automate the Authentication and Authorization Security Testin

sahil gupta — Tue, 06 Dec 2022 15:30:00 +0000

Authentication and Authorization security testing is an Important Test Case for any web application penetration testing. Authentication ensures that only authorized users can access the application functionality and its resources, while authorization ensures that users are only granted access to the resources and functions that are appropriate for their level of authorization.

Here are the Plugins that allow you to automate the Authentication and Authorization Security Testing.

Autorize (For Burp Suite):

Quitten / Autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

Autorize

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert. Autorize was designed to help security testers by performing automatic authorization tests. With the last release now Autorize also perform automatic authentication tests.

Installation

Download Burp Suite (obviously): http://portswigger.net/burp/download.html
Download Jython standalone JAR: http://www.jython.org/download.html
Open burp -> Extender -> Options -> Python Environment -> Select File -> Choose the Jython standalone JAR
Install Autorize from the BApp Store or follow these steps:
Download the Autorize.py file.
Open Burp -> Extender -> Extensions -> Add -> Choose Autorize.py file.
See the Autorize tab and enjoy automatic authorization detection :)

User Guide - How to use?

After installation, the Autorize tab will be added to Burp.
Open the configuration tab (Autorize -> Configuration).
Get your low-privileged user authorization token header (Cookie / Authorization) and copy it into the…

View on GitHub

Access Control Testing add-on (For OWASP ZAP):

zaproxy.org

Free Learning Resources for Application Security and Penetration Testing

Learning portal for Application Security and DevSecOps Engineers. It contains well-written and in-depth articles on Software Security and DevSecOps

blogs.appsecworld.com

OWASP API Security Top 10 API6:2019 Mass Assignment with Example

sahil gupta — Fri, 02 Dec 2022 15:30:00 +0000

Mass Assignment vulnerability leads to an attack that occurs when an attacker is able to send data to an API that is then used to automatically populate multiple fields in the system. This can be used to bypass security controls, change data, or perform other malicious actions.

In this blog, I have explained about the OWASP API Security Top 10 API6:2019 Mass Assignment with Example.

OWASP API Security Top 10 API6:2019 Mass Assignment with Example

learn about the OWASP API Security Top 10 API6:2019 Mass Assignment, its impact, an example, and remediation.

blogs.appsecworld.com

Cloud Storage Security

sahil gupta — Thu, 01 Dec 2022 15:30:00 +0000

Organizations heavily use Cloud storage to store sensitive data. However, if access control settings are not properly configured or the storage key is leaked, then data may be exposed to unauthorized individuals.
This could lead to the leakage of sensitive data, data being tampered with, or unauthorized access to cloud storage systems.

Here are the tools to identify cloud buckets URLs and Storage Keys in Web Application responses

Burp-AnonymousCloud: Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities.
(https://github.com/portswigger/anonymous-cloud)

Cloud Storage Tester: This extension can identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues.
(https://portswigger.net/bappstore/04adbe101f544c88b2497a9a25ffaab4)

Free Learning Resources for Application Security and Penetration Testing

Learning portal for Application Security and DevSecOps Engineers. It contains well-written and in-depth articles on Software Security and DevSecOps

blogs.appsecworld.com

OWASP API Security Top 10 API5:2019 Broken Function Level Authorization with an Example

sahil gupta — Wed, 30 Nov 2022 15:30:00 +0000

A flaw in the design or implementation of an API that allows a user to bypass intended access controls, such as authentication or authorization checks. This can occur when the API does not properly enforce the intended security controls or when it fails to properly check the user's permissions before allowing them to access the API

In this blog, I have explained about the OWASP API Security Top 10 API5:2019 Broken Function Level Authorization with an Example.

OWASP API Security Top 10 API5:2019 Broken Function Level Authorization with Example

learn about the OWASP API Security Top 10 API5:2019 Broken Function Level Authorization, its impact, an example, and remediation.

blogs.appsecworld.com

Content Security Policy (CSP)

sahil gupta — Tue, 29 Nov 2022 15:30:00 +0000

Content Security Policy (CSP) is a security measure that can be implemented through a Content-Security-Policy response header or equivalent element. It allows developers to restrict the sources from which resources, such as JavaScript, CSS, images, files, etc., are loaded. CSP can be an effective defense against some types of attacks, such as cross-site scripting (XSS) and Clickjacking.

Here are the tools that can help you to audit and generate CSP

CSP-evaluator: https://csp-evaluator.withgoogle.com/
CSP Auditor: https://portswigger.net/bappstore/35237408a06043e9945a11016fcbac18
Content Security Policy (CSP) Generator Chrome extension: https://chrome.google.com/webstore/detail/content-security-policy-c/ahlnecfloencbkpfnpljbojmjkfgnmdc

Content Security Policy (CSP) Generator Firefox extension: https://addons.mozilla.org/en-US/firefox/addon/csp-generator/

Free Learning Resources for Application Security and Penetration Testing

Learning portal for Application Security and DevSecOps Engineers. It contains well-written and in-depth articles on Software Security and DevSecOps

blogs.appsecworld.com

OWASP API Security Top 10 API4:2019 Lack of Resources & Rate Limiting With an Example

sahil gupta — Sun, 27 Nov 2022 19:18:42 +0000

Improper configuration of resources and rate limiting can lead to attackers being able to overload a system with re``quests, causing APIs to fail or become unresponsive. Rate and resource limiting are measures that can be taken to help mitigate this risk. It involves limiting the number of requests that a user can make in a given period of time. This can prevent attackers from being able to send a large number of requests and overwhelm the system.

In this blog, I have explained about the OWASP API Security Top 10 API4:2019 Lack of Resources & Rate Limiting With an Example.

OWASP API Security Top 10 API4:2019 Lack of Resources & Rate Limiting With Example

learn about the OWASP API Security Top 10 API4:2019 Lack of Resources & Rate Limiting, its impact, an example, and remediation.

blogs.appsecworld.com