4.0
1NSchAb
1NSchAb
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
173<br />
Web Application Penetration Testing<br />
• [28] [SSLAudit|https://code.google.com/p/sslaudit/]: a perl<br />
script/windows executable scanner which follows Qualys SSL<br />
Labs Rating Guide.<br />
• [29] [SSLScan | http://sourceforge.net/projects/sslscan/]<br />
with [SSL Tests|http://www.pentesterscripting.com/discovery/<br />
ssl_tests]: a SSL Scanner and a wrapper in order to enumerate<br />
SSL vulnerabilities.<br />
• [31] [nmap|http://nmap.org/]: can be used primary to identify<br />
SSL-based services and then to check Certificate and SSL/TLS<br />
vulnerabilities. In particular it has some scripts to check [Certificate<br />
and SSLv2|http://nmap.org/nsedoc/scripts/ssl-cert.html]<br />
and supported [SSL/TLS protocols/ciphers|http://nmap.org/<br />
nsedoc/scripts/ssl-enum-ciphers.html] with an internal rating.<br />
• [30] [curl|http://curl.haxx.se/] and [openssl|http://www.<br />
openssl.org/]: can be used to query manually SSL/TLS services<br />
• [9] [Stunnel|http://www.stunnel.org]: a noteworthy class of<br />
SSL clients is that of SSL proxies such as stunnel available at<br />
which can be used to allow non-SSL enabled tools to talk to SSL<br />
services)<br />
• [37] [socat| http://www.dest-unreach.org/socat/]: Multipurpose<br />
relay<br />
• [38] [testssl.sh| https://testssl.sh/ ]<br />
References<br />
OWASP Resources<br />
• [5] [OWASP Testing Guide - Testing for cookie attributes (OTG-<br />
SESS-002)|https://www.owasp.org/index.php/Testing_for_<br />
cookies_attributes_(OTG-SESS-002)]<br />
• [4][OWASP Testing Guide - Test Network/Infrastructure Configuration<br />
(OTG-CONFIG-001)|https://www.owasp.org/index.<br />
php/Test_Network/Infrastructure_Configuration_(OTG-CON-<br />
FIG-001)]<br />
• [6] [OWASP Testing Guide - Testing for HTTP_Strict_Transport_Security<br />
(OTG-CONFIG-007)|https://www.owasp.org/<br />
index.php/Test_HTTP_Strict_Transport_Security_(OTG-CON-<br />
FIG-007)]<br />
• [2] [OWASP Testing Guide - Testing for Sensitive information<br />
sent via unencrypted channels (OTG-CRYPST-003)|https://<br />
www.owasp.org/index.php/Testing_for_Sensitive_information_sent_via_unencrypted_channels_(OTG-CRYPST-003)]<br />
• [3] [OWASP Testing Guide - Testing for Credentials Transported<br />
over an Encrypted Channel (OTG-AUTHN-001)|https://www.<br />
owasp.org/index.php/Testing_for_Credentials_Transported_<br />
over_an_Encrypted_Channel_(OTG-AUTHN-001)]<br />
• [22] [OWASP Cheat sheet - Transport Layer Protection|https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet]<br />
• [23] [OWASP TOP 10 2013 - A6 Sensitive Data Exposure|https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure]<br />
• [24] [OWASP TOP 10 2010 - A9 Insufficient Transport<br />
Layer Protection|https://www.owasp.org/index.php/<br />
Top_10_2010-A9-Insufficient_Transport_Layer_Protection]<br />
• [25] [OWASP ASVS 2009 - Verification 10|https://code.google.<br />
com/p/owasp-asvs/wiki/Verification_V10]<br />
• [26] [OWASP Application Security FAQ - Cryptography/<br />
SSL|https://www.owasp.org/index.php/OWASP_Application_<br />
Security_FAQ#Cryptography.2FSSL]<br />
Whitepapers<br />
• [1] [RFC5246 - The Transport Layer Security (TLS) Protocol<br />
Version 1.2 (Updated by RFC 5746, RFC 5878, RFC 6176)|http://<br />
www.ietf.org/rfc/rfc5246.txt]<br />
• [36] [RFC2817 - Upgrading to TLS Within HTTP/1.1|]<br />
• [34] [RFC6066 - Transport Layer Security (TLS) Extensions:<br />
Extension Definitions|http://www.ietf.org/rfc/rfc6066.txt]<br />
• [11] [SSLv2 Protocol Multiple Weaknesses |http://osvdb.<br />
org/56387]<br />
• [12] [Mitre - TLS Renegotiation MiTM|http://cve.mitre.org/<br />
cgi-bin/cvename.cgi?name=CVE-2009-3555]<br />
• [13] [Qualys SSL Labs - TLS Renegotiation DoS|https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks]<br />
• [10] [Qualys SSL Labs - SSL/TLS Deployment Best Practices|https://www.ssllabs.com/projects/best-practices/index.<br />
html]<br />
• [14] [Qualys SSL Labs - SSL Server Rating Guide|https://www.<br />
ssllabs.com/projects/rating-guide/index.html]<br />
• [20] [Qualys SSL Labs - SSL Threat Model|https://www.ssllabs.com/projects/ssl-threat-model/index.html]<br />
• [18] [Qualys SSL Labs - Forward Secrecy|https://community.<br />
qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy]<br />
• [15] [Qualys SSL Labs - RC4 Usage|https://community.qualys.<br />
com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-brokennow-what]<br />
• [16] [Qualys SSL Labs - BEAST|https://community.qualys.<br />
com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls]<br />
• [17] [Qualys SSL Labs - CRIME|https://community.qualys.<br />
com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls]<br />
• [7] [SurfJacking attack|https://resources.enablesecurity.com/<br />
resources/Surf%20Jacking.pdf]<br />
• [8] [SSLStrip attack|http://www.thoughtcrime.org/software/<br />
sslstrip/]<br />
• [19] [PCI-DSS v2.0|https://www.pcisecuritystandards.org/<br />
security_standards/documents.php]<br />
• [35] [Xiaoyun Wang, Hongbo Yu: How to Break MD5 and<br />
Other Hash Functions| http://link.springer.com/chapter/10.1007/11426639_2]<br />
Testing for Padding Oracle (OTG-CRYPST-002)<br />
Summary<br />
A padding oracle is a function of an application which decrypts<br />
encrypted data provided by the client, e.g. internal session state<br />
stored on the client, and leaks the state of the validity of the<br />
padding after decryption. The existence of a padding oracle allows<br />
an attacker to decrypt encrypted data and encrypt arbitrary<br />
data without knowledge of the key used for these cryptographic<br />
operations. This can lead to leakage of sensible data or to privilege<br />
escalation vulnerabilities, if integrity of the encrypted data<br />
is assumed by the application.<br />
Block ciphers encrypt data only in blocks of certain sizes. Block<br />
sizes used by common ciphers are 8 and 16 bytes. Data where<br />
the size doesn’t match a multiple of the block size of the used<br />
cipher has to be padded in a specific manner so the decryptor is<br />
able to strip the padding. A commonly used padding scheme is<br />
PKCS#7. It fills the remaining bytes with the value of the padding<br />
length.