Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Vulnerability Spidey Sense - Demystifying PenTesting Intuition

In Louisville, Kentucky next month at Derbycon, Daniel Crowley and I will be giving our presentation Vulnerability Spidey Sense - Demystifying PenTesting Intuition. The point of the talk will be that little mistakes and small vulnerabilities in a web application can give pointers to an attacker about where to focus their efforts. As penetration testers, we aren't fortunate enough to have an unlimited amount of time to review the security of an application, yet malicious attackers have as much time as they need to exploit a security hole. By paying attention to detail and focusing our efforts on the places that vulnerabilities are most likely to be found, we can attempt to close the gap between PenTester and attacker.

Here are some examples that might indicate further vulnerabilities in an application.

Weak password policies and security questions

Allowing users to choose weak passwords can allow an easy brute-forcing opportunity for an attacker; and weak security questions, such as prompting for the user's birthday, can be discovered through basic investigation into a user through social media. However, bad policies such as these can also indicate that the developer of an application does not understand some security best practices, and could lead to other findings deeper in an application.

Test pages and default content

Before moving an application over to production, all test pages and default content (the php info page, for example) should be removed from the web server. Default pages can be used to reconnaissance an application, and in some cases even provide additional functionality that may be useful to an attacker. Test pages that were created during the development process, even if their function doesn't prove useful to an attacker, may not be help to the same level of scrutiny from a security perspective that other portions of the application are held, providing a useful gap in the applications security for an attacker to exploit. Finding these items may also indicate that there is additional content to be found if examined carefully.

Old technology

Seeing an application that is written in ASP, or is running on IIS 5 or 6 should set off immediate warning bells during a penetration test. Seeing old technology that is still in use can be a strong indication that an application is vulnerable to old or well-known vulnerabilities. Experience or a little research can help you find well documented vulnerabilities and instructions for how to exploit them.

By watching for indicators such as these, a PenTester can more easily prioritize their tests and focus on the aspects of a system that are most vulnerable. Daniel and I will be discussing these, and many other warning signs that an application is ripe for an attack, this year at Derbycon.

Latest SpiderLabs Blogs

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More

Breakdown of Tycoon Phishing-as-a-Service System

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.

Read More