1
00:00:00,580 --> 00:00:06,730
‫Before starting to learn about finding vulnerabilities and exploiting them, let's see some terminologies

2
00:00:06,730 --> 00:00:09,610
‫and standards used in web application platforms.

3
00:00:10,570 --> 00:00:16,240
‫To be able to understand if there is a vulnerability on an input field, you should send thousands of

4
00:00:16,240 --> 00:00:17,270
‫different payloads.

5
00:00:17,740 --> 00:00:24,340
‫For example, you have to try hundreds of payloads to be sure that there is not an SQL injection vulnerability

6
00:00:24,340 --> 00:00:25,030
‫in a field.

7
00:00:25,180 --> 00:00:29,470
‫There might be tens or hundreds of input fields in a web application.

8
00:00:29,950 --> 00:00:35,510
‫If you want to test the application manually, you may spend months to make it faster.

9
00:00:35,530 --> 00:00:37,450
‫You should use automated tools.

10
00:00:37,960 --> 00:00:40,750
‫There are a lot of automated tools you can choose.

11
00:00:41,530 --> 00:00:47,050
‫Some of them are commercial, such as apps scan, fortify, Acuna Tech's Nets marker.

12
00:00:47,560 --> 00:00:53,050
‫In addition, there are some free tools such as W3, F and Z Attack Proxy.

13
00:00:53,890 --> 00:00:59,920
‫And as a side note, some of the commercial tools have a free trial period so that you can see if they're

14
00:00:59,920 --> 00:01:00,610
‫right for you.

15
00:01:01,060 --> 00:01:03,640
‫Now, let's see how the automated tools work.

16
00:01:04,180 --> 00:01:07,780
‫The automated tool sends a request prepared for a purpose.

17
00:01:08,470 --> 00:01:16,060
‫The application returns a reply for the request, and then the tool analyzes the response to see if

18
00:01:16,060 --> 00:01:20,320
‫there's a weakness, they can send tens of requests in seconds.

19
00:01:21,100 --> 00:01:27,520
‫The first step to understand how the web applications work is to know client server architecture.

20
00:01:27,550 --> 00:01:34,150
‫Systems that want to get services are called clients and the systems to serve the client and to host

21
00:01:34,150 --> 00:01:37,070
‫the application or call server's clients.

22
00:01:37,090 --> 00:01:39,190
‫In most cases are web browsers.

23
00:01:40,220 --> 00:01:46,310
‫In some cases, you can see client side applications other than browsers communicating with the servers

24
00:01:46,310 --> 00:01:48,230
‫using web protocols.

25
00:01:48,800 --> 00:01:51,680
‫These applications are called thick clients.

26
00:01:52,580 --> 00:01:58,400
‫Now, even though there is a thick client on the client side, it's still a web application and you

27
00:01:58,400 --> 00:02:00,800
‫will be able to hack it at the end of this course.

28
00:02:01,100 --> 00:02:03,860
‫Usually there is a database server at the back end.

29
00:02:04,430 --> 00:02:09,020
‫In this slide, you see some of the technologies and standards used in each layer.

30
00:02:09,410 --> 00:02:14,780
‫You don't need to know everything about the technology in detail, but it's better to know which are

31
00:02:14,780 --> 00:02:16,250
‫used in the application.

32
00:02:16,550 --> 00:02:19,550
‫So we're able to focus on the technology used.

33
00:02:20,120 --> 00:02:26,870
‫For example, if we try to exploit a sequel injection flaw and know what the database management system

34
00:02:26,870 --> 00:02:28,790
‫is, suppose that it's Oracle.

35
00:02:29,210 --> 00:02:33,770
‫Then we just use the keywords and methods of Oracle makes sense.

36
00:02:34,840 --> 00:02:42,820
‫Hypertext markup language HD html is the standard markup language for creating Web pages and web applications.

37
00:02:42,850 --> 00:02:51,940
‫The building blocks of HTML pages are HTML elements, and HTML elements are delineated by tags written

38
00:02:51,940 --> 00:02:53,460
‫using angle brackets.

39
00:02:53,470 --> 00:02:59,530
‫Browsers do not display the HTML tags, but use them to interpret the content of the page.

40
00:03:00,400 --> 00:03:08,200
‫Here you'll see some of the HTML elements important for us, and you can see here how to reach resources.

41
00:03:08,860 --> 00:03:10,030
‫Input fields.

42
00:03:11,190 --> 00:03:13,620
‫And tags to use scripts.

43
00:03:14,430 --> 00:03:21,270
‫This is a simple HTML page example, if you look at the source of this page, you will see the page

44
00:03:21,270 --> 00:03:24,930
‫source contains the tags shown in the second frame.

45
00:03:25,530 --> 00:03:29,610
‫Each one is for header bigger and bolder.

46
00:03:30,210 --> 00:03:32,190
‫P is for the paragraph.

47
00:03:32,700 --> 00:03:36,330
‫U L is to start a bulleted list.

48
00:03:36,800 --> 00:03:41,940
‫L I is for the list items you URL.

49
00:03:42,420 --> 00:03:49,830
‫Uniform Resource Locator is a reference to a web resource that specifies its location on a computer

50
00:03:49,830 --> 00:03:52,380
‫network and a mechanism for retrieving it.

51
00:03:53,040 --> 00:03:59,400
‫The components of a typical URL R scheme is the protocol used by the application.

52
00:04:00,330 --> 00:04:08,730
‫Schemes occur most commonly to reference web pages, but are also used for transferring files, emailing

53
00:04:08,730 --> 00:04:10,140
‫and many other applications.

54
00:04:10,830 --> 00:04:16,140
‫Host consists of either a registered name, hostname or an IP address.

55
00:04:16,800 --> 00:04:23,610
‫A typical hostname consists of subdomain, domain and top level domain name.

56
00:04:24,910 --> 00:04:28,690
‫Port is separated from the host name by a colon.

57
00:04:29,900 --> 00:04:32,870
‫This is the port number where the application is served.

58
00:04:33,500 --> 00:04:40,680
‫If it's not given that if all port numbers are used, the default port numbers are eighty four HTP.

59
00:04:41,150 --> 00:04:46,220
‫Four four three four TDPs and 21 for FTP.

60
00:04:46,880 --> 00:04:55,460
‫Path is usually organized in hierarchical form that appears as a sequence of segments separated by slashes.

61
00:04:56,180 --> 00:05:02,780
‫Query is separated from the preceding part by a question mark and contains a query string.

62
00:05:02,960 --> 00:05:10,100
‫A query is most often a sequence of attribute value pairs separated by a delimiter, and the delimiter

63
00:05:10,400 --> 00:05:12,740
‫might be an ampersand or semicolon.

64
00:05:13,590 --> 00:05:19,950
‫Parameters, which will probably determine the response are sent to the server in this section fragment

65
00:05:20,370 --> 00:05:23,010
‫is separated from the preceding part by hash.

66
00:05:23,490 --> 00:05:30,210
‫The fragment contains a fragment identifier providing direction to a secondary resource, such as a

67
00:05:30,210 --> 00:05:34,920
‫section heading in an article identified by the remainder of the Yuri.