International Journal of Innovative Technology and Exploring Engineering (IJITEE)

ISSN: 2278-3075, Volume-8 Issue-10, August 2019

Web Application Penetration Testing

Nagendran K, Adithyan A, Chethana R, Camillus P, Bala Sri Varshini K B

Abstract: This paper describes the in-depth technical running on the server and their version related info, user
approach to perform manual penetration test in web applications information, passwords etc.
for testing the integrity and security of the application and also
serves as a guide to test OWASP top 10 security vulnerabilities. III. PENETRATION TESTING
The paper is more focused on providing detailed knowledge
about manual web application penetration testing methodologies Penetration testing and vulnerability assessment are two
in order to secure them from malicious black hat hackers. different terms. The latter includes uncovering the security
flaws and reporting it to the concerned security team
Keywords: Web pentesting, Website Hacking, OWASP testing whereas the former includes exploiting the discovered flaw
guide, web vulnerability scanning, bug hunting and attempting data ex-filtration or privilege escalation or
any other possible malignant action on the target host.
I. INTRODUCTION
Penetration testing helps the developers to find security
Information is Wealth. Each and every bit of information flaws in their application and maintain their application
has a cost in this digital world. All that information is stored secure. Performing realtime tests on web applications has
in the form of Data in Internet. There are two types of data, proven to be helpful in hardening the security of the
Public and Private. The public data are resources that are website3. Regular penetration testing is mandatory after
available publicly in the Internet. Ex: data that results from a making the application online to avoid potential risks.
Google search query. The private data are the resources that Because, new zero-day vulnerabilities are discovered day to
are bagged behind a wall of authentication. Ex: Your email day and its developer’s primary responsibility to have a keen
data. Emails are protected by wall of authentication which eye on what kind of third party services they are relying on.
requires your user name and password to authenticate Penetration testing is not only limited to web apps, but also
successfully. But what if someone can read your emails performed on IoT Devices, Networks, Computer Systems,
without authentication? Or what if someone can read your Mobile Applications etc. But in this paper, we will be
emails by acquiring your credentials from you without your discussing about the techniques used for testing web
knowledge? There comes the need for Web Application applications.
Security. Everything is web based now. Most of the
Softwares has their own web app version too. But all the IV. MANUAL TESTING VS AUTOMATED TOOLS
Web Applications are prone to Hacking. This is why, Web
Application Penetration emerge as need of the hour. Website Manual penetration testing needs lot of expertise in playing
need a defence in depth approach to mitigate against the with HTTP requests and response. An Expert penetration
security flaws1. It is essential to Penetration test every web tester would know the possible attacks that can be
application before it goes online and gets hacked by a Black performed on a particular end point by fuzzing the HTTP
Hat cyber warrior out there. Hackers constantly hunt for requests. The main drawback of using automated tools are
web app vulnerabilities5. The best way to mitigate against false positives. The automated tools work based on the use
the hacker attacks is to learn their methodologies2. Here, we cases coded by the developer. And every developer has their
discuss about the most mandatory penetration tests that has own testing technique. Some of them may be effective while
to be done before the application goes Online and some may not. So not all the automated tools result in
Techniques explaining how to perform those tests. success. It’s better to follow own strategy when it comes for
penetration testing. But automated tools play a vital role in
content discovery and reconnaissance and it helps in saving
II. CLASSIFICATION OF WEB ATTACKS
lot if time. Within few years, the whole Pentesting process
A. Client Side Attacks would be automated with integrated Penetration testing can
As the name refers, the client side attacks are deployed be broadly classified into five phases4.
by the attackers against the clients of a particular website to
1. Reconnaissance
steal their data. The most common attacks on client side
2. Scanning
include Cross Site Request Forgery (CSRF), Cross Origin
3. Exploitation
Resource Sharing (CORS), Cross Site Scripting (XSS),
Clickjacking, HTML Injection, etc. 4. Maintaining Access and Privilege Escalation
5. Clearing Tracks and Reporting
B. Server Side Attacks
V. RECONNAISSANCE
On the contrary, Server side attacks are deployed against
the web server. In server side attacks, the attacker targets a Reconnaissance is the foremost phase in Penetration Testing
vulnerable end-point of the web app and sends a malicious where the attacker gains necessary information about the
payload to the server. After the successful execution of target. This helps the attacker to gain foothold on what are
payload in the server, it responds to the attacker with the the technologies the
confidential data he requested with the payload. The application is using which
confidential data include Server information, Service further helps him to identify

Published By:
Retrieval Number J91730881019/2019©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.J9173.0881019 1029 & Sciences Publication
 Web Application Penetration Testing

the security vulnerabilities. For example, in order to hack and filtering technologies used by the target web
something, the attacker doesn’t always hack to find the server.
direct way to break in. He can even compromise the hosts
on which the target is relying on and then pivot into the  DNSRecon – scans all type of domain records
target. There are lot of websites as well as frameworks
available for performing reconnaissance. VI. SCANNING
Scanning is the second phase of penetration testing which
A. Online Apps for Recon uses the information gathered from recon and digg deep into
 pentest-tools.com – provide detailed information the services and contents. It involves host discovery, content
about the web server, frameworks, hosting panels, discovery, scanning ports and services, vulnerabilities, OS
font scripts, JavaScript frameworks used in the fingerprinting etc. The data gathered from the Scanning
application along with their version info. phase would give the attacker, enough knowledge select the
right end point to begin carrying out his exploitation phase.
 dnsdumpster.com – provides information about Similar to recon, both web apps and frameworks are
DNS servers, MX records, TXT records, Host available to do this yet, Frameworks do the best job in case
records and domain map of scanning. Some best frameworks for scanning include
 virustotal.com – checks for malicious files in the
website and supplies the DNS information and sub-  Nmap - most prominent and traditional tool for port
domain info. scanning and OS fingerprinting. Nmap has its own
scripting engine called Nmap Scripting Engine
 Hackertarget.com – offers basic functions like (NSE) which allows users to write their own script
reverse DNS lookup, TCP UDP port scan, reverse and automated their tasks. NSE scripts such as
IP lookup, and finding shared DNS servers. nmap-vulners,vulscan retrieves the CVE IDs
associated with the target port, operating system
 Shodan.io – helps the attackers to find internal
etc. Nmap supports different types of scan to detect
infrastructure of an organization which are exposed
and evade various types of IDS and Firewall. NSE
to the internet. Also, Shodan makes the job easier by
scripts like smtp-strangeport, dns-blacklist, http-
making a port scan on the target IP address.
enum are most commonly used for website
 Censys.io – similar to shodan but censys helps in scanning purposes.
asset discovery buy analyzing the SSL certificate
 Nikto - Open Source Web Vulnerability scanner
 Wayback.com – great place to find sensitive which scans for server misconfigurations and
information. Sometime, when you get a 403 insecure files. It supports features like URI
forbidden error, there are possibilities that back Encoding, premature URL ending, fake parameters.
then, the page may have been left accessible Also, it scans for common web vulnerabilities like
publicly. Similarly, when you find a 404 page not Clickjacking and looks out for interesting files on
found error, there are possibilities that back then, the web server.
there may be sensitive information left publicly on
that page.
 W3af - Automated open source scanner which tests
 Github.com – helps the attacker to find API keys for 200+ vulnerabilities written in python.
and other sensitive infos of an Organization and
employee email IDs  Acunetix - Most common vulnerability scanner
which tests for more than 4500 vulnerabilities. The
B. Recon Frameworks best part of acunetix is that it doesn't require any
 Recon-ng – a swiss army knife for web application expertise to handle the tools. It’s a GUI tool which
reconnaissance. It has various modules to perform comes handy with all the features and all you have
Open Source Intelligence (OSINT) gathering as well to do is just to enter the URL of your target
as reconnaissance. You’ve to configure the tool with website. No automated scanner can assure you 0%
API of respective source that the tool uses. false positive rate and acunetix no different.
 TIDoS framework – consists of 48 inbuilt modules There are lot of enterprise tools and other open source
for OSINT and recon process. In addition to this, it scanning tools used for scanning web vulnerabilities. Some
also contains modules for scanning and tools out there are specifically used to scan a particular
enumeration, vulnerability analysis, Exploitation vulnerability, like Knoxss which hunts only for Cross-Site-
and other auxiliary modules. Scripting attacks.
 Wappalyzer – a firefox plugin which helps attackers
to know about the technologies used by the target VII. EXPLOITATION
server along with their version info. Handy for Although automated tools do a decent work over recon and
finding the CMS (incase of any) used by the target scanning, they can’t compete with manual exploitation
domain and their plugins. techniques. A vulnerability can be exploited in thousand
 Recon Dog – a python based recon framework
which offers limited yet effective functions like
DNS lookup, Honeypot detection, Censys lookup,

Retrieval Number J91730881019/2019©BEIESP Published By:

DOI: 10.35940/ijitee.J9173.0881019 Blue Eyes Intelligence Engineering
1030 & Sciences Publication
 International Journal of Innovative Technology and Exploring Engineering (IJITEE)
ISSN: 2278-3075, Volume-8 Issue-10, August 2019

ways but manual testing finds the most appropriate way Now this query after execution displays the
contents from the table information_schema

 Error based – Error based SQL injection allows the

attackers to exfiltrate data from the error messages
thrown by the application. Errors are triggered
when the attacker sends an input that affects the
SQL query. E.g.: Semicolon, single quote, Double
quote and comment delimiters.

(i.e. the way which has the highest impact & severity). The
severity of the vulnerabilities is represented in different
terms depending upon the organisation. OWASP
summarizes the vulnerabilities from A0 to A10 according to
their severity. Similarly, Online Crowdsourcing platform
like BugCrowd has their own vulnerability rating taxonomy
where each vulnerability is assigned a value from P1 - P5
depending upon the Vulnerability severity and impact.
HackerOne makes use of Industrial standardized severity
calculator like Common Vulnerability Scoring System
(CVSS).  Blind Injection – can be divided into two types 1)
Time based 2) Boolean based. Both of these
Let’s begin from most common vulnerabilities that are
techniques exploit the application by asking
exploited widely all around the globe.
Yes/No question. For example, consider a query
A. SQL Injection
select exp_date when cvv=’cvv’ then pg_sleep(10) else
SQL database are used by almost 70% of the web NULL end from Credit_Card where user_id=20110
applications that has the need of storing data. Injecting
malicious queries via data input fields and accessing the The above query on execution returns quick if the condition
unauthorized data is referred to as SQL injection. SQL is false and takes 10 seconds if the condition is right. Using
database has roles and permissions for each user. But if an this attack, the attacker can exfiltrate binary answers from
attacker executes a malicious query and the server performs the response.
the attacker requested action due to improper query
validation6, the attacker may leverage this to attain SQL injection can also be used to bypass the Login forms if
administrative rights which would then let him to have user input is not sanitized properly. For example, let's
complete access over the database7. He can even shut down consider that a web application has a login page which
the database after attaining the administrative privileges. requires username and password for authenticating the user.
The attacker vector deviates with the type of the SQL The username and password are requested from the user as
database the target application is using. The below testing inputs and the application generates genuine SQL queries to
techniques are used for testing MySQL database. The sql the backend DBMS. Now, the attacker injects a fragment of
injections are classified into the following types: a SQL instruction in the username or password field and
passes it to the application. The application then combines
 Union based – the UNION statement in SQL the malicious SQL statement given as input by the attacker
allows to combine two queries which has the same with a Valid SQL statement and queries the Database. The
structure. By leveraging this, the attacker can insert database then responds to the input query. For example,
the UNION statement in an input field of the consider a PHP query which the application requests to the
application and execute his own query. For database after receiving the input from the user.
example, consider an e-commerce web application
that lists Products based on category. The URL $query = “select CreditCard, CVV, Exp from Users where
would look something like username='”.$_POST[“username”].”' and password='”
www.redacted.com/products.php?category=10 $_POST[“password”].”'”
The SQL query would look like
Assume that the Application takes and places the input
select item_name, item_info, item_cost from products where directly in the query without any validation. If user provides
category=1 the credentials Username = REDACTED & Password =
PASSWORD, the PHP query would look like this
After injection malicious union statements in the
URL, the query sent by the application to the $query = “select CreditCard, CVV, Exp from Users where
database would look like username='REDACTED' and password='PASSWORD'

select item_name, item_info, item_cost from products where Now, the attacker after
category=1 union select 1 from information_schema.tables understanding the flow of the

Published By:
Retrieval Number J91730881019/2019©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.J9173.0881019 1031 & Sciences Publication
 Web Application Penetration Testing

querying process of the application would start testing his keyword such as Book name, Author name etc. The
payloads one by one. For example, let’s assume that the attacker first inserts a search query and tests for
attacker fills the input with Username = Jhon'; -- and reflections form the site. If his input is reflected
Password = WhoCares. The Query would now look like somewhere in the response, the attacker tries to
escape his input outside the tag which is reflecting
$query = “select CreditCard, CVV, Exp from Users where the input and eventually gets his payload executed
username='Jhon'; -- and password='WhoCares' by the browser.
2. Stored XSS – It’s the most powerful and persistent
When the above query is executed, the attacker will be attack. Here, the attacker’s payload gets stored in
presented with the Credit card information of the user Jhon. the server and served to all the users who visit the
Let’s analyse the input of the attacker. The Jhon part of the application. This is how MySpace worm affected a
input completes the username part because the colon gets million+ users. This attack takes place when the
closed after Jhon. The semicolon ‘;’ ends the query and -- user supplied input is stored and displayed without
comments all other lines. So, only username goes to the any HTML encoding. Since the payload is served
application and the password is commented out. Due to from the server, the Browser’s XSS filter wouldn't
improper validation by the application, the Database find it malicious.
responds with the requested information. This is how SQL 3. DOM based XSS – It’s a subclass of reflected XSS
Bypass techniques work. The most common payloads to where the attacker’s payload instead of touching
bypass such type of insecure login forms are the web server abuses the javascript in the client
side. The DOM based attacks aren’t visible in the
 ' OR 1=1 -- 1 response page’s source code.
 ' OR '1'='1 4. mXSS – refers to Mutated XSS which works by
 ' or 1=1 LIMIT 1;-- abusing the incorrect reading of innerHTML by the
 admin';-- application. For example, <listing>&lt;img src=1
 " or 1-- onerror=alert(1)&gt;</listing>9, here the normal
script is mutated into an image element which then
It’s not obvious that this payload will give 100% result and executes the alert function.
it depends completely upon how the application handles the
input and forms the query. We have to build our own Browsers like Chrome has inbuilt XSS auditor which
payload by understanding the querying process of the prevents the application form executing malicious codes.
application. Most of the web application now implements Web
Application Firewall(WAF) which prevents attackers from
B. Cross Site Scripting attaining XSS. Still, every day, researchers find new bypass
Cross site scripting (XSS) allows the attacker to inject a techniques to bypass the WAF and execute their payloads.
malicious script (often javascript) in the target website. They XSS may exist on almost all input insertion points. For
allow the attacker to execute undesired function’s in other example, the file upload functionality of an application can
user’s browser who visits the injected website. XSS attacks be leverage to attain XSS by renaming the file name with a
can be leveraged to various high severe impacts such as XSS payload. There are few automated tools which can help
account takeover, credential stealing, data exfiltration, to find the right XSS payload vectors. Few of them are
cryptomining, keylogging, fingerprinting, tab-napping,
screenshot capture and so on. XSS can be combined with  Knoxss
several other vulnerabilities to increase the impact level.  XSS Sniper
During 2005, Samy Kamkar’s Samy worm exploited a Cross  XSS Strike
site scripting vulnerability in MySpace and affected more  XSS Hunter
than one million users. XSS attacks can be broadly C. Cross Site Request Forgery
classified into 4 types
Although CSRF can have severe impact on client side, they
1. Reflected XSS – reflects the attacker’s input in the require victim’s interaction. Generally, Cross Site Request
target web application. The attack can be abused to Forgery attack, as the name refers to, marks the victim to
deceive the user and exploit his credentials or make a forged request. This can be done by sending a link to
cookies. The attacker tests for all the input fields in the victim and obtaining a click. You must have noticed
a web application. He learns how the application while browsing that, if you are logged into a website in one
handles the input. After checking whether his input tab and open the website in other tab, you need not have to
is sanitized properly or not, the attacker tries to login again because the website shares the cookies with tabs
break the HTML tags and execute his input if there if the domain is same. Also, the website can share access
is improper sanitization. In most of the cases, the with other domain, if the application’s Origin header is
attacker uses the <script> tag of HTML to break defined with the site where it has to share the account
the application’s source code and bring his output access. This is how websites communicate within
out of it which is then executed by the browser. themselves. For each click that the user performs in
These reflected xss are often tested by popping up a website, a HTTP request is sent to the web server. CSRF is
an alert box.However, this attack works only when possible on both GET and POST requests. GET CSRF can
the victim visits the attacker’s malformed link. For be exploited so easily just by
example, take a Library application which has a redirecting the user to
search function where a user can input his Search vulnerable URL. For

Retrieval Number J91730881019/2019©BEIESP Published By:

DOI: 10.35940/ijitee.J9173.0881019 Blue Eyes Intelligence Engineering
1032 & Sciences Publication
 International Journal of Innovative Technology and Exploring Engineering (IJITEE)
ISSN: 2278-3075, Volume-8 Issue-10, August 2019

exploiting CSRF using POST, the attacker has to craft a Content-Type: application/x-www-form-urlencoded
HTML page forged request when the victim clicks on Content-Length: length
something. For example, a password reset request would Accept-Language: en-us
look like this. Accept-Encoding: gzip, deflate
Connection: Keep-Alive
POST /password_reset HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; And if the response has any of the following header, there
rv:10.0) Gecko/20100101 Firefox/10.0 may exist a CORS misconfiguration.
Host: www.redacted.com
Content-Type: application/x-www-form-urlencoded 1. Access-Control-Allow-Origin : *
Content-Length: length 2. Access-Control-Allow-Origin : attacker.com
Accept-Language: en-us 3. Access-Control-Allow-Origin: null
Accept-Encoding: gzip, deflate
Connection: Keep-Alive Sometimes, the server may only validate a part of the
domain in the origin header. For example, the Server may
allow access to any domain which has the part of Original
password=123456&confirm_password=123456 domain in it.
In the above request, there is no header present that defines VIII. PRIVILEGE ESCALATION
where the request is originated from which means that any
website can make this request by placing a html page like E. Insecure Direct Object Reference
the one below As the name suggests, the vulnerability arises when a
application directly indicates any object without any
<html> encoding or authentication. These attacks can result in a
<body> severe data breach and unauthorised access to other user’s
data. The following is a HTTP request that downloads the
<form action="https://www.redacted.com/password_reset"
user’s account information.
method="POST">
<input type="hidden" name="password" value="attacker" /> GET /Download.php?id=701 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X x.y;
<input type="hidden" name="confirm_password"
rv:10.0) Gecko/20100101 Firefox/10.0
value="attacker" />
Host: www.redacted.com
<input type="submit" value="Submit request" /> Origin: attacker.com
</form> Content-Type: application/x-www-form-urlencoded
Content-Length: length
</body> Accept-Language: en-us
</html> Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Now, the attacker hosts this page in the internet and sends
the link of this page to the victim. When the user clicks the As seen in the above request, the id=701 is directly pointing
“Submit”, his redacted.com’s account password is changed the object which the user has requested to download and
to “attacker”. This is how CSRF attacks work. However, there is no authentication header is passed in the request.
these types of attacks can be mitigated by placing CSRF Therefore, by manipulating the id parameter, the attacker
token which are generated for each request from the client can download other user’s information. For example, the
side and validated form the server side. Again, the CSRF attacker may change the id=701 to id=805 and forward the
token can be abused if they are improperly validated on the request which in turn download the account information
server side. associated with the user id 805. The IDOR vulnerability
allows the user to escalate even their user privileges. For
D. Cross Origin Resource Sharing example, Abusing IDOR in a social networking platform
This attack abuses the earlier mentioned Origin header may allow the attacker to delete, edit other user’s comments,
which is used for sharing user access between tabs. Same posts and captions.
Origin Policy (SOP) prevented domains from passing
sensitive information between themselves. But when days VI. REMOTE CODE EXECUTION
passed, there came the need for passing sensitive
information within domains. For example, within a domain The vulnerability allows the attacker to execute arbitrary
and its sub domain. To achieve this, Cross Origin Resource codes in the application with the normal user privileges.
Sharing mechanism was invented which allowed domains to After the successful execution of his code, the attacker
exchange information. Consider a GET request below that would attempt to escalate his privilege from normal user to
fetches a User’s secret from a website. administrator. The vulnerability occurs when a parser
executes the user’s input before sanitization. For example,
GET /secret HTTP/1.1 Consider the below HTTP request.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X x.y;
GET /language=eng
rv:10.0) Gecko/20100101 Firefox/10.0
HTTP/1.1
Host: www.redacted.com
Origin: attacker.com User-Agent: Mozilla/5.0

Published By:
Retrieval Number J91730881019/2019©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.J9173.0881019 1033 & Sciences Publication
 Web Application Penetration Testing

(Macintosh; Intel Mac OS X x.y; rv:10.0) Gecko/20100101 These are the minimum requirements to write a complete
Firefox/10.0 report.
Host: www.redacted.com
Origin: attacker.com
Content-Type: application/x-www-form-urlencoded
Content-Length: length REFERENCE
Accept-Language: en-us 1. M. Howard And D.E. Leblanc, Writing Secure Code, Micro- Soft
Accept-Encoding: gzip, deflate Press, 2002.
Connection: Keep-Alive 2. M. Khari, Sonam, Vaishali And M. Kumar, "Comprehensive Study
Of Web Application Attacks And Classification," 2016 3rd
The above request will be parsed as $lan=’eng’; by PHP. International Conference On Computing For Sustainable Global
Development (Indiacom), New Delhi, 2016, Pp. 2159-2164.
Now the attacker tampers the language parameter and 3. Jose Fonseca, Marco Vieira, And Henrique Madeira, "Evaluation Of
inserts the code eng’;phpinfo(); Web Security Mechanisms Using Vulnerability & Attack Injection",
Dependable And Secure Computing, Ieee Transactions (Volume:11,
GET /language=eng’;phpinfo(); HTTP/1.1 Issue: 5)
4. HTTPS://SIMPLYSECURE.BLOG/2017/07/05/FIVE -PHASES-O F-
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; PENETRATION-TESTING/
rv:10.0) Gecko/20100101 Firefox/10.0 5. K. Nirmal, B. Janet And R. Kumar, "Web Application Vulnerabilities
Host: www.redacted.com - The Hacker's Treasure," 2018 International Conference On
Origin: attacker.com Inventive Research In Computing Applications (Icirca), Coimbatore,
India, 2018, Pp. 58-62.
Content-Type: application/x-www-form-urlencoded 6. Padmaja K,"A Study On Web Application And Protection Against
Content-Length: length Vulnerability", In International Journal Of Engineering Research And
Accept-Language: en-us Application, (Ijera),2012, Pp.001-006.
Accept-Encoding: gzip, deflate 7. "Security Code Review-Identifying Web Vulnerabilities", By Kiran
Maraju.
Connection: Keep-Alive 8. M.Khari And N.Kumar, "User Authentication Method Against Sql
Injection Attack", International Journal Of Scientific And Engineering
The ‘;’ ends the first query and the phpinfo(); query is Research,2013, Pp. 1649-1653.
concatenated with the first query. Forwarding the above 9. HTTP://WWW.THESPANNER.CO.UK/2014/05/06/MXSS/
request will result in exposure of the PHP information of the 10. Https://Hackernoon.Com/Timing-Based-Blind-Sql-Attacks-
Bd276dc618dd
web server. This is how remote code execution vulnerability
occurs. Remote code execution flaw in Linux servers allows
the attackers to get reverse shell from the server to their AUTHORS PROFILE
computer. After getting the reverse shell, they will look for
privilege escalation exploits released for the target’s Kernel
Nagendran K has academic experience of 13 years.
version and obtain superuser rights to execute administrator He is working as Assistant professor in IT Department
level commands. To prevent applications from escalating at Sri Krishna College of Engineering and Technology.
privileges, it’s best advised to use least privileged services, His educational qualification is M.E.,(Ph.D). He has
published 8 research papers in International journals.
process, and user accounts7
His area of Interest include Computer networks,
Network security, Data mining, Big Data analytics.
There are several other vulnerabilities which may cause
potential damage to both server and client side like
Command Injection, LDAP injection, Information
Adithyan A is an avid Security researcher with
Disclosure, CRLF injection, Host header injection, Open expertise in Cyber Security. He owns 4 CVEs and
redirection, Insecure access control, Improper captcha has published more than 5 research papers in the
validation. 2FA bypass and so on. field of Cyber security. He had delivered his guest
lectures at various workshops and Universities
including Defcon Trivandrum and IITM Research
IX. CLEARING TRACKS AND REPORTING Park. He has been listed in Microsoft and Apple
security advisories for reporting critical vulnerabilities in their products. He
All the incoming requests to a web server will be saved in a is Oppo’s Security Leaderboard in Top 5th position for finding
log file. If the attacker attains superuser permissions in the vulnerabilities.
web server, he can delete the log file leaving no trace for
him. But attaining superuser permission is not that easy and
Chethana ravichandran currently pursuing third year
it depends upon what kind of kernel version and other in the branch of information technology. Being a
vulnerable softwares, the server is using. So, rather than novice she still proves to be insightful and diligent. Her
clearing logs, it’s better to use proxy mechanisms to collaborative skills has always been her strength.she is
penetration test a website. Reporting is the final process in still continuing to explore untravelled world of
programming languages which includes c and
the penetration testing. Write a detailed report which python.Area of interests cover artificial intelligence
includes and animation. She is intuitive and has quality communication skills.

 Name of the vulnerability

 Vulnerable Endpoint
 Technical Description of the vulnerability
 Business Impact and severity
 Proof of Concept (PoC) video or image

Retrieval Number J91730881019/2019©BEIESP Published By:

DOI: 10.35940/ijitee.J9173.0881019 Blue Eyes Intelligence Engineering
1034 & Sciences Publication
 International Journal of Innovative Technology and Exploring Engineering (IJITEE)
ISSN: 2278-3075, Volume-8 Issue-10, August 2019

Bala Sri Varshini K B pursuing Third year

B.Tech. Information Technology at Sri Krishna
College Of Engineering and Technology.She
has interest in Machine learning and coding.
Also has interest in python and programming in
Java. She has presented a paper in International
Conference and selected as Best Paper
presentation award. Made achievements in Competitive programming and
technical levels.

He is Camillus P pursuing B.tech information

technology at Sri Krishna College of engineering and
technology. His field of interest is networking and
machine learning. Expertise in python and c language.
Worked in many freelancing projects based on
machine learning with python. Made achievements in
competitive programming and hackathons. Good in developing websites
with html back-end and have a good knowledge on PHP .

Published By:
Retrieval Number J91730881019/2019©BEIESP
Blue Eyes Intelligence Engineering
DOI: 10.35940/ijitee.J9173.0881019 1035 & Sciences Publication