Penetration testing is an activity performed to test the cyber security of the system of any organization. It is the process to detect any unauthorized access to the database of the company. Technically the organization itself creates a fake attack on the system in order to test the reaction under real attacks. The people involved in this testing method are known as Ethical hackers, although their work is similar to those black hat hackers the objective is to bring down the vulnerabilities.
Here are some of the vulnerabilities that can be tracked down with the help of the Ethical hackers.
- Vulnerability #1: Insecure Direct Object Reference
The very first step would be to map all the places where the user credentials are required to access any kind of data from the system. Next, by changing the objectives parameter of the objects and information it can be checked whether any other user login is able to access the data or not.
In more simpler terms, this vulnerability indicates that while a single user has logged in at that time if he or she can retrieve an object information without the authentication of the authorized user. For example, let’s say that two separate users have access to purchase information and messages of the organization than with the help of one user credentials the data can easily be accessed. And so, this allows the attackers to bypass the system and access the resources of the system.
- Vulnerability #2: Privilege Escalation
A vulnerability that is detected by following the user credential process is that the system fails to identify the authorized user and without validation allows them to perform actions in the system.
In privilege escalation there are two types one is vertical and another is horizontal. In case of vertical escalation, the attackers seek for higher privileges than those granted to the users. While in horizontal the attackers are allowed the privileges only up to the user credentials limit. The flaw is validated due to lack of control in the system.
Also Read: Top 10 Automation Tools to Ease Your Testing
- Vulnerability #3: Cross Site Scripting – Stored
One dangerous malicious attack, where the hacker can store all the inputs saved by entering in the fields of any forms or document. This stored information is then kept for later use to either hijack the user’s web browser or use the sensitive information in any other form that harms them.
We have detected this error in the system by applying the script to the system. These scripts are not properly filtered and thus putting the system through this test will detect how many input fields are affected by this vulnerability.
- Vulnerability #4: Cross Site Scripting – Reflected
One of the most common types of vulnerability which becomes successful at the stage when the attacker is able to reflect a malicious code in the HTTP browser. When the viewer opens any unauthorized or harmful link this code is injected into their system which can spread the virus in the user’s system.
This vulnerability comes into the picture when the tester put any malicious site on the testing ground and plays with the script to analyze the error.
- Vulnerability #5: URL Redirection
This vulnerability is the continuation of cross-site scripting where the hacker was able to get into the user’s system with the help of attacker-code. The person can now have access to victim’s sessions, login credentials and can redirect the user to any malicious site and if worst is to happen, the hacker might get remote shell access to victim’s system.
- Vulnerability: #6 HTML Injection
The cross-site scripting and HTML injection share quite a bit of characteristic. The only things that separate them are that here the attacker-code is injected in HTML tags. The hacker can control the inputs of the user and can have access to sensitive information entered by the victim in any of the fields. To detect this vulnerability our tester put some scripts into action for checking the extent of access a hacker can gain from such an attack.
- Vulnerability #7: Application Forced Via Unencrypted Channel
One common vulnerability that requires no specific detection by the testers is the use of unprotected network sites which have a known code. For example, any data transmitted through HTTPS or any other protected encryption is safe from harsh limitations and vulnerabilities, while HTTP sites can pose many security risks for the user.
For example, plain-text sent over HTTP, form-based credentials or input of any sensitive information can be accessed by the attacker through the unsecured network domain.
- Vulnerability #8: Session Fixation
This vulnerability starts right before even the user’s login to the session. Here the attacker tries to steal the session happening between the client and the user by hacking a valid user session. The hacker generates a valid user session ID which he or she might have access to and later induces the user to use the same ID. With these steps, the attacker is able to use the victim’s information.
Every time the user logs in a new session ID is created and even the cookie expiration is set for 8 days so the attacker can have easy access to the user’s sensitive information.
- Vulnerability #9: E-Mail Bombing
The act of Email bombing is done to overflow the mail system of the victim be sending spam emails. This could lead the system to become the victim of Denial of Service attack. Under this attack, the hacker can victimize several numbers of computers simultaneously. There are 3 types of email bombing.
1. Mass emailing
Sending a number of duplicate email to the server might send start sending the emails in the spam folder of the user.
2. Link Listing
Under this attack, the user signs up a particular mail address for receiving mail subscriptions. The user needs to unsubscribe from the unwanted emails as some of them could lead to injecting a virus attack in the system.
3.Zip Bombing
It is a variant of mail bombing introduced to overcome the solution of anti-virus software which was adopted by the large companies. In this kind of attack, the sender mails only a recurring alphabet like “Z” which compresses the file making it hard for the software to detect.
- Vulnerability #10: Directory Listing
Under this vulnerability, the attacker can have the access to the directory files of the user if they have not created an Index page. As under this circumstances, the hacker is able to identify the resource path which allows him to directly attack the system files. Thus, any sensitive file kept in the directory comes into the access of the hacker. This can be prevented by creating an index page as well as removing the sensitive files from the directory.
- Vulnerability #11: Account Lockout Policy not enforced
The hacker might attempt access your account by brute forcing where he or she may enter the incorrect password multiple numbers of times, where at the end the system fails then the user is unable to access his own account. Thus, this intends that the login gateway has no mechanism over the number of attempts done.
- Vulnerability #12: Same Site Scripting
Under this vulnerability it possible that the subdomain may have loopbacks and the user while entering a particular email address be directed to another local host. This happens in case the user is already using the localhost with the same address and can only be fixed upon stopping the services of the localhost. Our developers put this vulnerability to test and after pinging the localhost the system received successful replies.
- Vulnerability #13: Browser Cache Management – Back button issue on Logout
This is a system error and does not take place because of an attacker accessing the system. Under this vulnerability, it was noticed that on pressing the browser’s back button on the website the user session is not terminated even after having logged out. This exposes the threat of any person having the access to the logged in user’s account and using any sensitive information kept inside.
- Vulnerability #14: Autocomplete Enabled
The autocomplete feature fills the form automatically in the browser where the system has stored the username, passwords, and other contact information. With this stored data the fields of the form can be filled automatically upon repeated visits of the consumer. In case the system comes in control of any unauthorized party this great feature can turn into a vulnerability causing the misuse of sensitive information.
- Vulnerability #15: Weak Password Policy
The weak password issue can be eliminated by enforcing every user to create a password policy which follows an appropriate length and the complex level of the passwords should not be predictable even by the access of brute forces or dictionary attacks. A password should not form part of dictionary words as the attacker can easily gain access to your application.
- Vulnerability #16: Missing Security headers
Our developers checked the security header for content security policy which prevents attacks such as Cross-site Scripting (XSS) and other attacks which can be injected by code in the system.
Along with which the header for x-XSS protection is also verified which also prevents cross-site scripting (XSS) supported by Internet Explorer, Chrome, and Safari.
And the last header strict-transport-security which restricts the users to browse the sites having only the HTTPS tag. This ensures the safety of the system and no connection will be established under the HTTP tag as it is considered insecure.
- Vulnerability #17: Sensitive Information Disclosure
This vulnerability occurs when an application fails to sensitive information from any third party who does not have access to the user’s system information. This type of attack is very crucial for small business organizations and thus this security testing issue must not be ignored after developing any specific application.
For any queries !! Just fill up the contact form and our experts will get back to you soon.