The release candidate (RC1) version of OWASP (Open Web Application Security Project) Top Ten Web Vulnerabilities for 2017 has recently been published and it is currently undergoing a public comment period. OWASP Top 10 2017 has several changes and I deemed this a good chance to discuss the changes as well as reiterate some concepts. […]
Tag: web applications
The Real Impact of Cross-Site Scripting
Cross-site scripting (XSS) is probably the most prevalent high risk web application vulnerability nowadays, and yet it is still one of the most overlooked by developers and defenders alike. At Dionach we have experienced a few situations when reporting XSS in penetration test reports as a critical or high risk issue, and the client would […]
What is the Risk if You Don’t Fix Perceived Meaningless Vulnerabilities?
In a recent external penetration test, I was able to chain multiple vulnerabilities together allowing me to fully compromise one of the client’s servers. Whilst many of these vulnerabilities were low risk it is important to take care of every security vulnerability to minimise risk to systems. The scope was large and the organisation had […]
From 0 to 100: Innocuous Source Code to Web Server Compromise
Antonio Sánchez, Lead Consultant In a recent web application penetration test I was challenged with figuring out how to fully compromise a client’s website. The site was using the latest version of WordPress, and although they had a few plugins installed, they seemed to be patched as well. However, I did find an interesting web […]
A case of a misconfigured CORS implementation
During a recent penetration test I conducted against one of our client’s websites, I found an interesting case of a misconfigured CORS implementation that I would like to quickly showcase in this post. From Wikipedia, cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested […]
Risk based Application Penetration Testing
It is generally accepted within the information security world that penetration testing is a good way to provide assurance as to the security of applications or infrastructures. With numerous companies offering these testing services, how do you differentiate and evaluate which company uses the best approach for your organisation? At Dionach we perform a large […]
Should I allow my pentester on my IPS?
Should I allow my penetration tester’s IP address range on my intrusion prevention system? Variations of this question have featured in numerous information security forums and mailing lists. Unfortunately, the factors and variables in play here are considerable so a worthy response is unlikely to be short or universal. This blog post aims to highlight […]
Splunk Web Shell
Now and then, while performing internal penetration tests we come across Splunk default installs where system users can log in as “admin” and are granted the associated privileges without having to authenticate. Splunk is based on Django, and among the options it gives you when accessing the admin panel is one that is particularly attractive […]
Integrating Hydra with Nessus
Recently I spent a little time trying to integrate Hydra (THC-Hydra) into Nessus. I thought to share this so you might save a bit of time if you are trying to achieve the same thing. I have been told by the Nessus support team that if you have installed the latest version of Nessus, which […]
Umbraco CMS Local File Inclusion
Umbraco CMS <= 7.2.1 is vulnerable to local file inclusion (LFI) in the ClientDependency package included in a default installation. Whether this vulnerability is exploitable depends on a number of configuration options, and on the exact version of Umbraco installed. The ClientDependency package, used by Umbraco, exposes the “DependencyHandler.axd” file in the root of the […]