Difference between revisions of "Web Application Analysis"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
== Summary == | == Summary == | ||
Web Application Analysis is engaged in finding and vulnerabilities and if necessary to harden current security measures. The analysing process should be contemplated for every web application. It might reveal exploits that would cause devastating consequences. Unprotected websites and web applications are targeted by hackers and often lead to database leaks, theft of banking information and infringement of privacy. Many companies are not technically adept and therefore cannot evaluate the possible damage, hoping to save costs in the development phase by skipping the web application analysis. | Web Application Analysis is engaged in finding and vulnerabilities and if necessary to harden current security measures. The analysing process should be contemplated for every web application. It might reveal exploits that would cause devastating consequences. Unprotected websites and web applications are targeted by hackers and often lead to database leaks, theft of banking information and infringement of privacy. Many companies are not technically adept and therefore cannot evaluate the possible damage, hoping to save costs in the development phase by skipping the web application analysis. <ref name="def"> <ref name="def1"> | ||
== Web Application Security == | == Web Application Security == | ||
Web application analysis is a branch in the IT security field that deals with web vulnerabilities and how to find them. | |||
=== Security Threats === | === Security Threats === | ||
| Line 42: | Line 42: | ||
=== Commix === | === Commix === | ||
[https://commixproject.com/ Commix], which stands for '''[Comm]'''and '''[I]'''njection E'''[x]'''ploiter, is an open-source penetration testing tool. It is used to find and exploit command injection vulnerabilities in web applications. | [https://commixproject.com/ Commix], which stands for '''[Comm]'''and '''[I]'''njection E'''[x]'''ploiter, is an open-source penetration testing tool. It is used to find and exploit command injection vulnerabilities in web applications. <ref name="commix"> | ||
To install commix it needs to be cloned from its Github repository: | To install commix it needs to be cloned from its Github repository: | ||
| Line 60: | Line 60: | ||
=== Skipfish === | === Skipfish === | ||
[https://gitlab.com/kalilinux/packages/skipfish Skipfish] is a tool that allows quick scanning of websites and web applications for vulnerabilities and threats. After finishing the scan it presents its results in an interactable sitemap and lists the findings according to their importance. | [https://gitlab.com/kalilinux/packages/skipfish Skipfish] is a tool that allows quick scanning of websites and web applications for vulnerabilities and threats. After finishing the scan it presents its results in an interactable sitemap and lists the findings according to their importance. <ref name="skipfish"> | ||
It can only be used for information gathering and cannot be used to exploit vulnerabilities. Because it is written in C it runs very performant and handles many requests and responses without loading the CPU. | It can only be used for information gathering and cannot be used to exploit vulnerabilities. Because it is written in C it runs very performant and handles many requests and responses without loading the CPU. | ||
Revision as of 15:58, 4 January 2022
Summary
Web Application Analysis is engaged in finding and vulnerabilities and if necessary to harden current security measures. The analysing process should be contemplated for every web application. It might reveal exploits that would cause devastating consequences. Unprotected websites and web applications are targeted by hackers and often lead to database leaks, theft of banking information and infringement of privacy. Many companies are not technically adept and therefore cannot evaluate the possible damage, hoping to save costs in the development phase by skipping the web application analysis. Cite error: Closing </ref> missing for <ref> tag
[1]
[2]
[3]
[4]
[5]
[6]
</references>
- ↑ https://blog.stackpath.com/web-application/
- ↑ https://www.w4rri0r.com/hacking-tools-windows-os-x-linux-android-solaris-unixware/web-application-analysis.html
- ↑ https://www.imperva.com/learn/application-security/application-security-testing/
- ↑ https://www.kali.org/tools/commix/
- ↑ https://code.google.com/archive/p/skipfish/
- ↑ https://owasp.org/