Difference between revisions of "Web Application Analysis"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 1: Line 1:
== Summary ==  
== Summary ==  


Web Application Analysis is engaged in finding and vulnerabilities and if necessary to harden current security measures. The analysing process should be contemplated for every web application. It might reveal exploits that would cause devastating consequences. Unprotected websites and web applications are targeted by hackers and often lead to database leaks, theft of banking information and infringement of privacy. Many companies are not technically adept and therefore cannot evaluate the possible damage, hoping to save costs in the development phase by skipping the web application analysis.
Web Application Analysis is engaged in finding and vulnerabilities and if necessary to harden current security measures. The analysing process should be contemplated for every web application. It might reveal exploits that would cause devastating consequences. Unprotected websites and web applications are targeted by hackers and often lead to database leaks, theft of banking information and infringement of privacy. Many companies are not technically adept and therefore cannot evaluate the possible damage, hoping to save costs in the development phase by skipping the web application analysis. <ref name="def"> <ref name="def1">


== Web Application Security ==
== Web Application Security ==


'''Web Application Security''' describes a branch in the information security  
Web application analysis is a branch in the IT security field that deals with web vulnerabilities and how to find them.


=== Security Threats ===
=== Security Threats ===
Line 42: Line 42:
=== Commix ===
=== Commix ===


[https://commixproject.com/ Commix], which stands for '''[Comm]'''and '''[I]'''njection E'''[x]'''ploiter, is an open-source penetration testing tool. It is used to find and exploit command injection vulnerabilities in web applications.
[https://commixproject.com/ Commix], which stands for '''[Comm]'''and '''[I]'''njection E'''[x]'''ploiter, is an open-source penetration testing tool. It is used to find and exploit command injection vulnerabilities in web applications. <ref name="commix">


To install commix it needs to be cloned from its Github repository:
To install commix it needs to be cloned from its Github repository:
Line 60: Line 60:
=== Skipfish ===
=== Skipfish ===


[https://gitlab.com/kalilinux/packages/skipfish Skipfish] is a tool that allows quick scanning of websites and web applications for vulnerabilities and threats. After finishing the scan it presents its results in an interactable sitemap and lists the findings according to their importance.  
[https://gitlab.com/kalilinux/packages/skipfish Skipfish] is a tool that allows quick scanning of websites and web applications for vulnerabilities and threats. After finishing the scan it presents its results in an interactable sitemap and lists the findings according to their importance. <ref name="skipfish">


It can only be used for information gathering and cannot be used to exploit vulnerabilities. Because it is written in C it runs very performant and handles many requests and responses without loading the CPU.
It can only be used for information gathering and cannot be used to exploit vulnerabilities. Because it is written in C it runs very performant and handles many requests and responses without loading the CPU.

Revision as of 15:58, 4 January 2022

Summary

Web Application Analysis is engaged in finding and vulnerabilities and if necessary to harden current security measures. The analysing process should be contemplated for every web application. It might reveal exploits that would cause devastating consequences. Unprotected websites and web applications are targeted by hackers and often lead to database leaks, theft of banking information and infringement of privacy. Many companies are not technically adept and therefore cannot evaluate the possible damage, hoping to save costs in the development phase by skipping the web application analysis. Cite error: Closing </ref> missing for <ref> tag [1] [2] [3] [4] [5] [6]

</references>