Security Assessment of an Online Judge Web Application
Abstract: A website is a compilation of web pages and related material that is accessible through a single domain name and made available on at least one web server. Web sites have an identity called Domain name and a URL to find. Though the website is related to the collection of some web pages, there are many more in it. A website’s structure is always changing as new technologies and features are added in order to improve the user experience and produce high-quality results. When an object is created there is always a risk of being destroyed or damaged. Web sites also have the risk of it. Attacks on websites happen frequently every day. A website vulnerability is a flaw or improper configuration in the code of a website or online application that enables an attacker to take some level of control over the website and maybe the hosting server. To prevent this here comes Web security. Web security consists of objectives that can help to ensure security for a web site. Vulnerability is a software problem, configuration error, or other weakness in the website/web application, its elements, or its procedures constitutes a website vulnerability. Attackers can get unauthorized access to an organization’s systems, processes, and mission-critical assets thanks to web application flaws.
- Introduction:
The internet is ever-expanding, and there are currently around 2 billion different websites in total. On average, just 5% of websites on the internet are active. The remaining 4–5 are inactive, which means they haven’t had any updates or new postings in a while. The typical person spends a large portion of their day on websites. The typical internet user in the US visits more than 100 different websites per day. According to estimates, cybercrime costs the American economy $3.5 billion annually. According to some estimates, between 30 000 and 50 000 websites are hacked daily. Small firms are the target of 43% of cyber-attacks. Daily growth in both the population and the necessity of website security are both trends. Automated tools like vulnerability scanners and botnets are used to automatically exploit the majority of vulnerabilities. Cybercriminals use specialized programs that trawl the internet for certain Systems, such as Word Press or Joomla searching for widespread and well-known vulnerabilities. Once identified these flaws are subsequently used to gain access to vulnerable websites and steal data, send spam and other undesirable information, or deface them. Websites can be infected, data can be collected, and in certain situations, computer resources can even be taken over by malicious software. When an attacker gains access to a site, they can use it to reroute traffic and infect users with malicious software. This means that if your website is not secured, hackers may exploit it to infect users with malware. Because of all of this, every day, the need for internet security grows, making it crucial to safeguard your website and the data it contains right away. Our work is to use those scanners on our targeted website and find the vulnerabilities of that website, then research how to prevent them to make our targeted website secure.
2.Objectives:
Every piece of work has goals. That refers to the actions we will do, the lessons we will acquire from doing this work, and the advantages of doing this work. This work’s primary goals are also listed. In the security industry, “Vulnerability Assessment” is the term used to describe the work we undertake. An assessment of a network’s vulnerabilities seeks to identify them and provide the best mitigation or remedy to lessen or eliminate the risks. Utilizing automated network security scanning technique. An information system’s security flaws are systematically examined during a vulnerability assessment. It determines whether the system is vulnerable to any known flaws, rates their seriousness, and, as necessary, makes remedy or mitigation recommendations. Examples of threats that vulnerability assessment can include:
Code injection attacks include SQL injection, XSS, and others.
Increase in privileges as a result of inadequate authentication methods.
Software that includes default settings that aren’t secure, like admin passwords that are easy to guess.
Vulnerability assessment is to protect the system’s and website’s privacy. The owner of the system might not be aware of a vulnerability in it. These can be used by hackers to access the server and do damage. In order to prevent those vulnerabilities from appearing on our targeted website, we must first identify the high threat vulnerabilities, research how they operate, and identify their primary purposes.
3. System Model:
Every website includes a blueprint for how the operation will be managed and the data flow diagram will develop. We can get a clear sense of how the process works on the website from the model, and we’ll use that to determine the operating order. That is also present on our target website, MBSTU Online Judge. That shows the process flow of that website.
4. Vulnerability Scanning Vulnerability:
scans examine particular areas of your network for faults that threat actors are likely to use to gain access or conduct a recognized sort of cyber-attack. When utilized appropriately, they can add a crucial layer of protection to assist protect the sensitive data held by your firm. The purpose of external scanning is to determine what a hacker would see if he attempted to probe the website MBSTU Online Judge. Tool use is necessary for the vulnerability scan. The tool used to scan MBSTU Online Judge are: Nmap & Acunetix.
4.1 Nmap scanning:
Network Mapper is referred to as Nmap. A network’s IP addresses and ports can be scanned with this free and open-source Linux commandline tool in order to find installed programs. Network administrators can use Nmap to identify the devices that are connected to their network, find open ports and services, and find security holes. For this website we tried Nmap host discovery and then Namp Vulnerability scanner.
Nmap port scan shows the report of which ports are active in the network or website. From the report we see that there are two ports open in that website, one is 22/TCP which state is OPEN and the service defined to SSH. Secure Shell (SSH) is a network protocol that allows users to access the server remotely. SSH protocol’s default settings are to listen on TCP port 22 for connections. Other one is 80/TCP which state is open and it accepts HTTP service. Hypertext Transfer Technology, a widely used internet communication protocol, is assigned port number 80. (HTTP). Unencrypted web pages are transmitted and received using this network port by default. It indicates that utilizing this port, uuencoded data transmission occurs between the user’s browser and the server. From this there is a security issue arrives which we indicate as Insecure Http login process. And we search for vulnerability using Nmap, and lot of report arrived, further we scan through Acunetix for a better and specified view.
The sole distinction between the two protocols is that HTTPS. Employs TLS (SSL) to encrypt and digitally sign requests and answers made using regular HTTP. Public key cryptography is a technique used by TLS; it consists of two keys — a public key and a private key — with the public key being distributed to client devices via the server’s SSL certificate. The public and private keys are used by the client and server to agree on new session keys to encrypt subsequent communications once the client and server establish a connection. Then, using these session keys, all HTTP requests and responses are encrypted so that anyone intercepting communications can only see a random string of characters rather than the plaintext. Since both the http request and response are in plain text, this is already known. In order to open a user account on this website, we enable a packet capturing session. Then, after examining the http packet, we discovered the plain-text versions of our username and password. Even though there is no vulnerability here, if someone attempts to capture a packet using this site while still on the same network, they will discover someone else’s credentials. So, security is a concern here. This is the reason why our team included it in the vulnerability assessment.
4.1.1 Http Insecure login process:
A crucial element discovered for a website in the modern era when scanning the MBSTU Online Judge with Nmap. This site uses http port, not an https one, as we can see. Due to the wide range of attacks that can be used to extract a user’s password from them, serving login forms over HTTP is particularly risky. By sniffing the network or altering the served page while it is being transmitted, network eavesdroppers could steal a user’s password. We know that with encryption and authentication, HTTPS equals HTTP.
4.1.2 How to fix this issue:
Install and set up an SSL/TLS certificate on your server to resolve this problem. Numerous businesses offer both free and paid certificates. It’s possible that the cloud platform you’re using has its own methods for turning on HTTPS.
After selecting and following this login ok 200 http stream, we can see the actual stream that passed through the network to the server.
We found that without encoded HTTP request, that passes to the website. Here the username and password is visible. If people from the same network capture and monitors the packets, the credential will be visible.
4.2 Acunetix scanning Acunetix is an automated tool for assessing the security of web applications, auditing your web apps for exploitable flaws like SQL Injection and Cross-Site Scripting. In order to counter the growth in threats at the web application layer, it is an automated web application security testing. Through a series of attacks
4.2.1 Vulnerability Found
SQL injection
Cross-Site Scripting (XSS)
Vulnerable Java-script Library
Clickjacking X-frame options header
We have found 2 high level vulnerability and many medium and low level vulnerability. Those medium and Low level vulnerabilities are not so harmful for a website like the High level vulnerabilities. So in this assessment, we will discuss only about the High level vulnerabilities
4.3 SQL Injection: SQL injection attacks, also called SQLi attacks, are a type of vulnerability in the code of websites and web apps that allows attackers to hijack back-end processes and access, extract, and delete confidential information from databases. A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete),execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.
4.3.1 What Can Attackers Do With a SQL Injection Attack? SQLi attacks make use of vulnerabilities in code at the point where it accesses a database. By hijacking this code, attackers are able to access, modify, and even delete secured data. When SQLi attacks are successful, attackers can:
• Log in to an app or a website front end without a password.
• Access, extract, and delete stored data from secured databases.
• Create their own database records or modify existing records, opening the door for further attacks.
4.3.2 Examples of SQL:
In SQL: select id, firstname, lastname from authors. If one provided: Firstname: evil’ex and Lastname: Newman. The query string becomes: Select id, firstname, lastname from authors where firstname = ‘evil’ex’ and lastname =’newman’ Which the database attempts to run as: Incorrect syntax near il’ as the database tried to execute evil. A safe version of the above SQL statement could be coded in Java as:
4.3.3 Preventing SQL Injection Attacks Despite the significant dangers posed by SQLi attacks, they’re easy to prevent once you learn some secure coding best practices that include foundational procedures:
- Discover vulnerabilities
- Repair vulnerabilities
- Remediate vulnerabilities
- Mitigate impact
Testing is the key to discovering vulnerabilities in code. Opt for robust tools like dynamic analysis (DAST) that looks at the app from the outside in as an attacker would, and static analysis tools (SAST) that looks for vulnerabilities at the code level. Look for areas where the app connects to a database and try to pass it unusual values. For example, if you put in a value that contains a single quote, does the program treat that character as user data, or does it treat it as code? If we include a tautological test (like ‘ OR ‘1=1’) in we input, are you able to gain access as though we entered a valid password? Once you have discovered vulnerabilities, it’s time to repair them. The best way to do this is by using parameters any time you need to make SQL queries to a database, entering placeholder values in your statements and then passing userinputted values to the statements at the time of execution. If your programming language does not support parameters, you can remediate your code by sanitizing or escaping input before passing it to a database. This lets your app know that user input is data rather than code it should execute. Mitigation is also an important process to help reduce risk, but without addressing the underlying flaw. As an example, rather than looking to your app’s code, you might mitigate a flaw by examining database accounts used by your app and making sure that they have the smallest amount of privileges needed to read or insert data to your database.
4.4 Cross Site Scripting (XSS):
Cross site scripting (also known as XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk. A successful cross site scripting attack can have devastating consequences for an online business’s reputation and its relationship with its clients. Depending on the severity of the attack, user accounts may be compromised, Trojan horse programs activated and page content modified, misleading users into willingly surrendering their private data. Finally, session cookies could be revealed, enabling a perpetrator to impersonate valid users and abuse their private accounts
4.4.1 How Does Cross Site Scripting Work?
XSS is an injection attack that exploits the fact that browsers cannot differentiate between valid scripts and attacker-controlled scripts. XSS attacks bypass the same-origin policy, which is designed to prevent scripts that originate in one website from interacting with other scripts from different websites. When the same-origin policy is not properly enforced, attackers can inject a script that modifies the web page. For example, the script can allow an attacker to impersonate a preauthenticated user. It also allows attackers to input malicious code, which is then executed by the browser, or execute JavaScript that modifies content on the page. XSS can cause serious issues. Attackers often leverage XSS to steal session cookies and impersonate the user. Attackers can also use XSS to deface websites, spread malware, phish for user credentials, support social engineering techniques, and more.
4.4.2 Impact of Cross Site Scripting (XSS)
When attackers succeed in exploiting XSS vulnerabilities, they can gain access to account credentials. They can also spread web worms or access the user’s computer and view the user’s browser history or control the browser remotely. After gaining control to the victim’s system, attackers can also analyze and use other intranet applications. By exploiting XSS vulnerabilities, an attacker can perform malicious actions, such as: • Hijack an account.
Spread web worms.
Access browser history and clipboard contents.
Control the browser remotely.
Scan and exploit intranet appliances and applications.
4.4.1 How to Prevent XSS attack
Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data. In general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures: Filter input on arrival: At the point where user input is received, filter as strictly as possible based on what is expected or valid input. Encode data on output: At the point where usercontrollable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, JavaScript, and CSS encoding. Use appropriate response headers: To prevent XSS in HTTP responses that aren’t intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend. Content Security Policy: As a last line of defense, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.
Conclusion
To successfully manage the network security, regular vulnerability assessments are crucial. By demonstrating which portions of your network require patching and where to begin, they assist in reducing security breaches. In this article, we test a website for vulnerabilities. On this website, we ran a scanner to look for vulnerabilities and threat levels. We conducted study on high levels of vulnerabilities, discovered the reasons why they occur, and finally demonstrated the steps we should take to prevent those vulnerabilities
Authors:
Sabuj Kumar Modak
Md Minhazul Islam
Ruddro Mohammad Khorshad Aziz
University of Information Technology & Sciences
Department of IT
#Security #vulnerabilities #Assessment #web
