RECONNAISSANCE
Web application reconnaissance is a crucial phase in understanding and mapping the technical and functional aspects of a web application before initiating any hacking activities. This process involves collecting data, analyzing APIs, identifying weak points, and mapping the application's structure and functionality. Legal implications and precautions are also highlighted to avoid potential risks during reconnaissance.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
RECONNAISSANCE Based mainly on the book Web Application Security: Exploitation and Countermeasures for Modern Web Applications by Andrew Hoffman (2020)
WEB APPLICATION RECONNAISSANCE Recon: military observation of a region to locate an enemy or ascertain strategic features Recon precedes the actual hacking of a web application. Understanding the application from a technical perspective. system architecture protocols Understanding the application from a functional/nontechnical perspective. Its users? How does the application generate revenue? (subscription, server ads, paid downloads, ) For what purpose do users select the application over competitors? Who are the competitors? What functionality is found in the application? 2
WEB APPLICATION RECONNAISSANCE (CONT.) Web application reconnaissance: collecting data and building a model that combines a web application s technical and functional details in a way that allows you to fully understand the purpose and usage of a web application. Without one or the other, a hacker cannot properly target their attacks. Web application reconnaissance is about generating a deeper understanding of a target web application. Who would perform web application recon? Typically performed by hackers, pen testers, or bug bounty hunters Also a way for security engineers to find weakly secured mechanisms in a web application 3
WEB APPLICATION RECONNAISSANCE (CONT.) The process Web application mapping Finding the subdomains Analyzing the APIs Identifying 3rd-party dependencies Identifying weak points in the application architecture Legal implications (Warnings!) Many of the recon techniques could get your IP flagged, potentially resulting in application bans or even legal action. Most recon techniques should only be performed against applications you own, or have written permission to test. 4
WEB APPLICATION MAPPING Web Application Mapping The process of building up a map that represents the structure, organization, and functionality of a web application. A map defines the data points collected regarding the code, network structure, and feature set of an application. How to map an application? Navigate, observe, and take notes A web application provides its user interface for the web browsers and other apps to use its services. Details about the access (user s access rights, privileged access rights) Rights to check account balance, transfer fund, deposit fund, withdraw fund, Rights to modify, create, and delete accounts (often privileged) Software components and their interaction system architecture, API endpoints 5
WEB APPLICATION MAPPING (CONT.) API Endpoints? API: Application Programming Interface a set of instructions and tools that enable programmers to make their applications talk to one another (https://www.wallarm.com/what/what-is-api) designed for communication between two different applications API Endpoints? When an application sends a data-fetching request to your API, the digital node/position you have got this request/call for is what we call API endpoint. 6
WEB APPLICATION MAPPING (CONT.) Web APIs (source: https://www.wallarm.com/what/what-is-api) Web APIs give you access to a particular website s data without having to write complicated code needed to access their data. On the other hand, if you were to create your own web application, you would need to create your own custom coding for interactions with data from a particular website. Web APIs are also useful because they take care of things like authentication and authorization on behalf of the developer. 7
WEB APPLICATION MAPPING (CONT.) To reverse engineerthe structure of an application s APIs and the payloads those APIs accept Some servers or APIs are not protected at all. Internal server configurations and API endpoints may be exposed to public access. Examples of API endpoints The code used in placing a request for a specific statistics page on the NBA's web site might read: GET https://stats.nba.com/stats/allstarballotpredictor If a Facebook developer wanted to request metrics on an Instagram Business or Creator Account, they could use the Instagram Graph API to query the Instagram metrics endpoint. GET graph.facebook.com/17841405822304914/insights ?metric=impressions,reach,profile_views &period=day 8
WEB APPLICATION MAPPING (CONT.) To record and organize the gathered information Simple scratch notes Structured notes (e.g., JSON-like notes) Hierarchical note-taking software (e.g., Notion) Mind-mapping software apps (e.g., XMind) 9
SUMMARY Recon techniques are valuable for developing a deep understanding of the technology and structure of a web application and the services that power that web application. It s important to document the findings in an organized manner. Mapping a web application is useful for both offensive and defensive purposes. 10
