URL Traversing

Prevention is better than cure ;)

Resources

 Folder structure a) Naming convention b) Use of Non-conventional names

 Storage Check the location of a) Static files b) Files uploaded by authenticated users

 Validate the resources a) Input files / types / size b) Check for read, write, execute permissions of the files

Errors

 404 - Page not found Record and remove un-used resources Are your error messages a give away?

Build new pages

 based on requests harvested

Link rot

 What next? - Under construction - Removed

Repository

 Live links Dead links Harvested links

Logs

Use logs to detect lurking threats

 How to use the logs? a) Test what is recorded in the log files b) Harvest the necessary details to build new pages. c) Check if sensitive information is leaked. d) Ease of use e) Types of logs and accessibility f) Define roles / responsibilities to access logs

Usability

 Locatable URL's

 User friendly URL's

 SEO friendly URL's

 Ease of traceability Example: contact, index, home, archive, oldarchive

 Based on the context - Mask / hide the details that which is not essential to be shared with the unauthorized users

Path / Directory traversal

Plant an attack

 Spider / Web Crawler HTTrack Website Copier

 ../ directive

 Trial and error methods

 Browser add-on - Hack bar

 Escape codes

 robots.txt

Known Vulnerabilities

 Check for known vulnerabilities References: a) OWASP b) Exploit-db.com c) Google dorks Read i) Articles ii) Recent / past directory / path traversal attacks iii) Web Server Authentication Mechanisms iv) Privileges to Access Control Lists (ACL)

Test

 Test Coverage: - Test to not check that the system can be vulnerable, but also test to show the exact information that can be leaked Test Goal: - To restrict the execution of commands outside the root directory. - To provide read / write/ execute permissions to the ACL accordingly. - To revise robots.txt

Preventive Measures

 Validate browser inputs from unauthorized users

 Web server software is updated

 Blocking URL's with executable and escape codes

 Acunetix Web Vulnerability Scanner

 Clearing browser cache / history Use of Incognito, Inprivate browsing, private window when browsing

 Keep a check on: - Access allowed - Softwares downloaded - Permissions granted - Social engineering attacks -- Dumpster diving -- Shoulder surfing - Password strength - Log access

 Antivirus and security patches Operating system Client and server system Browser are up to date

 Use of The Onion Router [TOR] Revisions of web crawler policies