Our Blog

We always make sure you get the latest updates from devEngineering therefore we have crafted a well organized blog to share what we are planning for you.

Blackbox security testing of WEB applications

In this short article I would like to share my knowledge about blackbox security testing of web applications. First of all, lets split blackbox security testing into two categories:

1) Passive analysis - actions, which simple internet user can do.  

  • DNS/whois/network

in this case we can find and analyze subdomains/subfolders.

E.g. use DNSmap, Dnsmap is a small C based tool that perform brute-forcing of domains. The tool can use an internal wordlist, or work with an external dictionary file.

Here is the screenshot how DNSmap looks like 

according to this screen, we get information about subdomains like accounts, ap and their IP's

  • check component versions

very often developers do not apply security updates for modules/core OR security patches on time. By analyzing the code we can find out versions of modules or core are used. For example look at this screenshot from a wordpress site, as we can see this site is using WP(v.4.5.7), plugin Contact Form(v.4.4.1), etc. What we need, is just find and learn security release notes for those plugins or core. 

  • check search engines

Search engines, like google, can help to find some security issues for web applications. For example:

site: example.com error

can give us information on what program languages are used(e.g. PHP error) on the server and paths where those errors occur(/var/mysite/backend/myfunctionality/test.php), etc

  • analyze code

just open the source of the page in firebug or analyze javascript/css and I am 100% sure you will find some interesting comments, very often we can find commented php code,etc. It may help you find issues with some functionality. 

  • analyze sitemap

in a sitemap we can find some private URLs, etc

  • analyze robots.txt

very often developers want to hide important private folders from search engines but in this case they share them with the public.

2) Active analysis - some user actions which can be detected by a site owner(scanners - many connections, brute force, etc)

  • portscan - we can use Nmap Network Scanning to find open ports and then, for example, try to connect to the mysql server with an empty or common password, etc
  • file search - we can find some folders/files, for example using DirBuster, the multi threaded java application designed to brute force directories and file names on web/application servers. Or as an option use search engine with the query:
site:example.com Index Of
  • use other security tools like ZAP