Introduction to Web Application Firewall (WAF) ~ Website Security

What is WAF?WAF is expanded as Web Application Firewall. WAF is server side application that controls the input and output(filter the HTTP communication).  It controls network traffic on any OSI Layer up to Application Layer.  The main purpose of WAF is to provide better protection over the top Wep Application vulnerability such as XSS(Cross Site Scripting), SQL Injection,RFI.  Daily lot of websites hacked because of these vulnerability.  Read Our Security News Section to know about the Security Risks in Interent.  Standard firewall blocks Non-HTTP attacks(restriction of ports,access..).  This WAF blocks HTTP attack.

The Most common Web Application Vulnerabilities:

• SQL Injection(SQLi)
• Cross-Site Scripting (XSS)
• Broken Authentication and Session Management
• Insecure Direct Object References
• Cross-Site Request Forgery (CSRF)
• Security Misconfiguration
• Insecure Cryptographic Storage
• Failure to Restrict URL Access
• Insufficient Transport Layer Protection
• Unvalidated Redirects and Forwards

The Wep Application Firewall(WAF) must meat the following features:

• Protection Against Top Vulnerability(XSS,SQLi,..etc)
• Very Few False Positives (i.e., should NEVER disallow an authorized request)
• Strength of Default (Out of the Box) Defenses
• Power and Ease of Learn Mode
• Types of Vulnerabilities it can prevent.
• Detects disclosure and unauthorized content in outbound reply messages, such as credit-card and Social Security numbers.
• Both Positive and Negative Security model support.
• Simplified and Intuitive User Interface.
• Cluster mode support.
• High Performance (milliseconds latency).
• Complete Alerting, Forensics, Reporting capabilities.
• Web Services\XML support.
• Brute Force protection.
• Ability to Active (block and log), Passive (log only) and bypass the web trafic.
• Ability to keep individual users constrained to exactly what they have seen in the current session
• Ability to be configured to prevent ANY specific problem (i.e., Emergency Patches)
• Form Factor: Software vs. Hardware (Hardware generally preferred)

Top 10 Open Source Web Application Firefwall(WAF):

1. ModSecurity (Trustwave SpiderLabs)
2. AQTRONIX WebKnight
3. ESAPI WAF
4. WebCastellum
5. BinarySec
6. Guardian@JUMPERZ.NET
7. OpenWAF
8. Ironbee
9. Profense
10. Smoothwall

Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer

What is Blind SQL Injection:

Some Websites are vulnerable to SQL Injection but the results of injection are not visible to the attacker.  In this situation, Blind SQL Injection is used. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered.

There are plenty of automated Blind Sql Injection tool available. Here i am introducing one of Tool named as bsqlbf(expanded as Blind Sql Injection Brute Forcer).

This tool is written in Perl and allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections

Supported Database:

• MS-SQL
• MySQL
• PostgreSQL
• Oracle

The tool supports 8 attack modes(-type switch):-

Type 0: Blind SQL Injection based on true and false conditions returned by back-end server

Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Type 2: Blind SQL Injection in "order by" and "group by".

Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)

Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)

Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit

Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs

-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first

Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions

-cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first

For Type 4(O.S code execution) the following methods are supported:

-stype: How you want to execute command:

SType 0 (default) is based on java..will NOT work against XE.

SType 1 is against oracle 9 with plsql_native_make_utility.

SType 2 is against oracle 10 with dbms_scheduler.

Download Now

Disclaimer:

This Article is for Education purpose only.  The above mentioned software is developed for Penetration testers to test their own Web application Vulnerability. 

THC-ipv6 Toolkit – Attacking the IPV6 Protocol

A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches, tools and feedback to the thc-ipv6 project.


Tools Included :

• parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
• alive6: an effective alive scanng, which will detect all systems listening to this address
• dnsdict6: parallized dns ipv6 dictionary bruteforcer
• fake_router6: announce yourself as a router on the network, with the highest priority
• redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
• toobig6: mtu decreaser with the same intelligence as redir6
• detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
• dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
• trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
• flood_router6: flood a target with random router advertisements
• flood_advertise6: flood a target with random neighbor advertisements
• fuzz_ip6: fuzzer for ipv6
• implementation6: performs various implementation checks on ipv6
• implementation6d: listen daemon for implementation6 to check behind a FW
• fake_mld6: announce yourself in a multicast group of your choice on the net
• fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
• fake_advertiser6: announce yourself on the network
• smurf6: local smurfer
• rsmurf6: remote smurfer, known to work only against linux at the moment
• sendpees6: a tool by willdamn@gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy.

Download

What is Aircrack-ng? WEP and WPA-PSK Cracking Tool

What is Aircrack-ng?
          Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks. 

PDF Unlocker - PDF Password Removal and Unlocker Tool

 

What is PDFUnlocker?

PDFUnlocker is free software that remove the passwords from the password protected PDF.  If you forget the password of your PDF file or you are forensic engineer, this tool will be very useful to remove the protection of the PDF .