Lets learn "About web application security"

-

 


“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”

– Kevin Mitnick

Any web application developer should be familiar with the fundamentals of web application security because any loophole in a web application can help the hacker to get unauthorized access to your precious resources .





So in this tutorial we will discuss the fundamentals of web application security , we'll discuss the tools required to check the vulnerablities before deployment of any web application and list the vulnerabilities that we'll cover in a couple of tutorials .


So Let's Get Started , Get Ready to enter into Security ....

Coming to the tools first ...

The most important tool we'll use is BurpSuite . BurpSuite is a proxy tool which allows the user to intercept the requests, modify the requests, repeat the requests and analyse the response .

To install burpsuite : -

You can download the free version of burpsuite from here .

Starting burpsuite -

For Ubuntu :-
If shell file is downloaded start using command sh path_to_file/burp_suite_filename.sh
OR if jar file is downloaded start it using command java -jar path_to_file/burp_suite_filename.jar

For Windows :-
You'll get an icon to launch burpsuite after installation .


Let's move to next step :-
Hope you are now able to launch the burpsuite .

You'll see something like this ...



Now click on next button .



Now start the Burp using Start Burp Button .

You'll see something like this ...




Now enter to the proxy tab and
Disable the intercept button which is currently ON .



Now all the requests which goes from your PC (Once the browsers are configured) can be shown in the HTTP history tab .




To see how to configure your browser to work with burpsuite , you can visit here and then come back here again.


Hope you have now configured your browser to work with burpsuite .

Now all the internet requests made by your PC will pass through burpsuite (that is what proxy do) . You can drop or intercept (i.e modifying request before forwarding to internet) it by going to intercept tab and enable the intercept button .



You can get the details of any request (about the headers, parameters passed, response) by clicking on it .

If you dont know about the different parts of http request , you can find it here .

---------------------------------------------------------------------------------------------

Hope now you are at the position to view and analyse every internet requests going from your PC to the world of internet . 

Comments

Post a Comment

Popular posts from this blog

Lets learn "About kube proxy in iptables mode"

-
Image
In this tutorial, we'll learn about the Kube-proxy in iptables mode. Basically, we'll see how Kube-proxy create iptables that help in load balancing and service discovery. If you are not familiar with Linux IPTables I would recommend to check out my tutorial on IPTables here  first and then come back to read this tutorial. Kube-proxy Kube-proxy when running in iptables mode basically watch kube-apiserver for new endpoints and create corresponding iptables rules and iptables are fully responsible for service discover and proper routing of traffic to corresponding pods. Kube-proxy needs to run on all k8s worker nodes. Below is a small video describing the working of kube-proxy in iptables mode.  src:  https://www.slideshare.net/CJCullen/kubernetes-networking-55835829 Now that we know what Kube-proxy is and how it Kube-proxy works, let deep dive into the types of iptables Kube-proxy adds to the firewall. Kube-proxy added IPTables To learn this let's consider an example. Consid
Read more

Lets learn "System design for paste bin (or any text sharing website)"

-
Image
  In this tutorial, we'll learn about the system design for PasteBin. If you don't know what Pastebin is here goes its definition. Pastebin is a type of online content hosting service where users can store texts to share with others over the internet.  Pastebin system design requirements  Functional Basic - User should be able to paste the text, generate the link and share the link with other users. There should be the max size of the text that our system will support (say 10Mb) Users should be able to provide the custom URL path for the link created. Like if a user wants to create the links  www.pb.com/letlearn, he can give this URL and pastebin should create a link using this URL to share with others. The link or paste expiry feature should be there for each stored text. There can be default expiry time say 1 year but this should be configurable. Personalization means the user should be able to login to track all the pastes created by him and manage them. Non-Functional Durab
Read more

Lets learn "Factory design pattern"

-
 In this tutorial, we'll learn about the factory design pattern as in what it is, in which use cases this is being used and how it works. If you've are not familiar with what are software design patterns and what are its different types check out this tutorial. Introduction A factory design pattern is a creational design pattern that is related to object creation. In this pattern, we'll have a method to create an object without exposing its creation logic to the client. If a class method is creating an object it has to be static.  The idea is to create a static method ( factory method ) which instantiates a class without exposing its logic to the client and the client can use that method every time it needs to create an object of the class. The reason why the factory pattern is useful is that as it does not expose the logic of object creation, so if logic is changed, the client code need not to be changed. Usecases The place where this pattern is mostly used is library cod
Read more