BAHIR DAR INSTITUTE OF TECHNOLOGY

FACULITY OF COMPUTING

Fundamentals of Software Security Lab report

Group Members
1. Abrham Mulualem………… 1504836
2. Eyerus Tekto………………. 1506000
3. Leul Esubalew………………1509829
4. Mahder Samuel……………..1506873
Client Data Manipulation
Introduction
Client-Side Data Manipulation is a prevalent security vulnerability that occurs when web
applications rely on client-side mechanisms to store or manage sensitive information. Examples
of such mechanisms include cookies, hidden form fields, local storage, and session storage. As
these data points are under the control of the client, they are susceptible to modification by
attackers, which can lead to unauthorized access and manipulation of application behavior.
Objective
The primary goals of this lab were to:
 Examine the security risks tied to the storage and management of data on the client side.
 Identify methods by which attackers can exploit these vulnerabilities to bypass security
measures.
 Learn techniques for securing client-side data and protecting web applications from
manipulation.
Observations
From the experiments, the following outcomes were observed:
 Bypassing Field Restrictions:
Hidden fields, which were supposed to store critical application data (e.g., user IDs), were easily
altered, demonstrating how attackers can bypass input controls and manipulate application flow.
 Modifying Prices:
By changing the values of hidden price fields, we were able to simulate purchases at a
significantly lower price, showcasing how attackers can alter client-side data to their advantage.
 Privilege Escalation:
We successfully modified cookies and local storage entries to change our user role, gaining
unauthorized administrator access. This highlighted how an attacker could bypass role-based
security restrictions.
Conclusion
The experiment revealed that client-side data manipulation vulnerabilities can severely
compromise web application security. When critical data, such as user roles, session information,
or pricing details, is stored on the client side, it becomes an easy target for exploitation.
Attackers can leverage tools to manipulate this data, bypass security controls, and escalate
privileges.
To mitigate these risks, developers must prioritize server-side validation and minimize storing
sensitive information on the client side. It is essential to use secure coding practices and enforce
strict data validation rules to safeguard applications from manipulation.

SQL Injection
Introduction
SQL Injection is a prevalent and severe vulnerability in web applications that allows attackers to
manipulate SQL queries. This occurs when malicious code is inserted into input fields,
potentially granting unauthorized access, modifying data, or controlling the application.
Additionally, poor password security practices, such as weak hashing or improper storage
methods, can expose user accounts to attacks. This lab focuses on SQL Injection attacks and
password cracking techniques to explore these vulnerabilities and safeguard against them.
Objectives
 Understand how SQL Injection works and its associated risks.
 Learn different types of SQL Injection attacks.
 Explore methods to prevent SQL Injection vulnerabilities.
 Understand password hashing and learn to crack hashed passwords.
Procedure
 SQL Injection Exploitation: In the OWASP WebGoat environment, we conducted a
basic SQL Injection attack by inserting malicious SQL code into a login form, bypassing
authentication and logging in without valid credentials.
 Union-Based Injection: We used the UNION operator to combine results from multiple
SQL queries, allowing us to retrieve hidden data such as usernames, email addresses, and
passwords from the database.
 Error-Based Injection: We intentionally triggered SQL errors to expose database schema
details. This method provided valuable information for crafting more targeted attacks.
 Blind SQL Injection: Using true/false responses from the application, we inferred
sensitive data, even when error messages were suppressed.
 Password Hashing and Cracking: We explored common password hashing algorithms
(MD5, SHA-256) and attempted to crack weak hashes using tools like Hashcat and John
the Ripper. We also examined dictionary attacks, where precompiled lists of common
passwords were used to attempt cracking hashed passwords.
 Dictionary Attack: A dictionary attack involves using a list of common passwords to
crack hashed passwords. We demonstrated this using a publicly available wordlist
("rockyou.txt") to compare hashed password attempts.
Results
 SQL Injection Attacks: We successfully bypassed authentication, retrieved hidden
database information via Union-Based Injection, and exposed database schema details
through Error-Based Injection.
 Password Cracking: We were able to crack weak password hashes using Hashcat and
John the Ripper. The dictionary attack demonstrated how predictable passwords are
easily cracked with common wordlists.
 Encryption Insights: Stronger hashing algorithms, like bcrypt, were more resistant to
cracking, demonstrating the importance of using secure, salted hashing methods for
password storage.
Conclusion
SQL Injection and poor password security continue to be significant risks for web applications.
This lab illustrated how attackers can exploit SQL injection vulnerabilities to access or
manipulate data and how weak password hashing allows attackers to easily crack credentials. To
defend against these threats, developers should use parameterized queries, implement input
validation, and employ strong password hashing algorithms with salting. These practices are
essential for minimizing the risks of data breaches and unauthorized access.

Password Security
Introduction
Password security is essential for protecting user accounts and sensitive information in web
applications. Weak password storage, outdated hashing algorithms, and predictable password
patterns can expose systems to attacks. This lab explores best practices for securing passwords,
how attackers exploit poor password handling, and the impact of dictionary attacks on weak
password hashes.
Objectives
 Understand the importance of password hashing for securing user credentials.
 Learn common techniques used for cracking passwords, particularly dictionary attacks.
 Explore methods to enhance password protection and prevent unauthorized access.
Procedure
Password Hashing: We tested various hashing algorithms (MD5, SHA-256, and bcrypt) to
compare their effectiveness in securely storing passwords. Each algorithm's resistance to
common attack methods was assessed.
Cracking Hashes: Using tools like John the Ripper and Hashcat, we attempted to crack
passwords hashed with weak algorithms. This demonstrated how easily outdated hashing
methods like MD5 and SHA-1 can be compromised.
Salting Passwords: We implemented salting, which involves adding a random value to
passwords before hashing. This step significantly increases password security by preventing
attackers from using precomputed tables (rainbow tables) to reverse-engineer password hashes.
Dictionary Attacks: We performed dictionary attacks on weakly hashed passwords. Using
precompiled lists of common passwords, such as "rockyou.txt," we tested how predictable
passwords can be easily cracked by matching the hashed password with entries from the list.
Brute Force Attacks: In addition to dictionary attacks, we conducted brute force attacks, testing
all possible character combinations on hashed passwords to gauge the difficulty of cracking
passwords using weak hashes.
Results
 Weak Hashing Algorithms: Hashing methods like MD5 and SHA-1 were quickly
cracked using tools like John the Ripper and Hashcat. These algorithms are vulnerable to
brute force and dictionary attacks due to their simplicity.
 Stronger Hashing Algorithms: bcrypt and other modern hashing algorithms were
significantly harder to crack, demonstrating better security.
 Salting Effectiveness: Adding a salt to passwords before hashing made them much
harder to crack, preventing attackers from using rainbow tables to reverse-engineer
hashes.
 Dictionary Attack Success: Common passwords like "password123" or "123456" were
easily cracked when using dictionary attack tools, highlighting the importance of
choosing unpredictable passwords.
Conclusion
This lab emphasized the crucial role of strong password storage techniques in securing user data.
Weak hashing algorithms like MD5 and SHA-1 expose systems to risks, as attackers can easily
crack these hashes using dictionary or brute force attacks. On the other hand, stronger hashing
algorithms like bcrypt and the use of salted hashes provide much more robust protection,
significantly increasing the difficulty of password cracking. To safeguard user accounts, it is
essential to use strong, salted hashes and encourage users to create complex, unpredictable
passwords

Cross-Domain Security Lab Report

Introduction
Cross-domain security involves safeguarding data and resources when accessed across different
domains or websites. These types of interactions are crucial for the security of modern web
applications, as they often open the door to vulnerabilities, such as unauthorized data sharing or
attacks. In this lab, we explored common cross-domain vulnerabilities, including Cross-Site
Request Forgery (CSRF), Cross-Origin Resource Sharing (CORS), Cross-Site Scripting (XSS),
and Cross-Site Script Inclusion (XSSI), and learned various techniques to secure cross-domain
communications.
Objectives
 Understand the risks and vulnerabilities associated with cross-domain communications.
 Implement and practice securing cross-domain resources using symmetric and
asymmetric cryptography techniques.
 Learn how to defend against cross-domain attacks such as XSS, CSRF, and XSSI.
 Configure and test CORS and other security policies to protect resources.
Procedure
Cross-Site Request Forgery (CSRF):
We simulated CSRF attacks by creating a malicious site that could make unauthorized requests
to a target site on behalf of an authenticated user. This demonstrated how easily an attacker could
send malicious requests without the user's knowledge or consent.
Cross-Origin Resource Sharing (CORS):
We tested CORS mechanisms and observed how web browsers enforce security policies for
cross-origin requests. By attempting to bypass misconfigured CORS settings, we learned how
improper configurations can expose sensitive resources to unauthorized access.
Cross-Site Scripting (XSS):
We simulated XSS attacks, where malicious scripts were injected into web pages. We examined
both Stored XSS (where the script is stored on the target server) and Reflected XSS (where the
script is reflected in server responses), to see how attackers can exploit these vulnerabilities to
hijack sessions or steal sensitive data.
Cross-Site Script Inclusion (XSSI):
We explored how attackers can exploit vulnerabilities in the inclusion of JavaScript or other
resources from external domains. By manipulating external scripts, we observed how attackers
could extract sensitive information or execute malicious code.
Implementing CSRF Protection:
We integrated anti-CSRF tokens into web applications, ensuring that each request was associated
with a unique token that would need to be verified before the request was executed. This
technique effectively mitigates CSRF risks by ensuring requests are legitimate.
Configuring CORS Policies:
We configured proper CORS headers to ensure only trusted domains could access resources. By
carefully setting the CORS policy, we prevented unauthorized websites from making cross-
domain requests to sensitive resources.
Results
CSRF Protection:
We successfully demonstrated how a CSRF attack could be initiated. By applying anti-CSRF
tokens to the web application, we effectively mitigated the risk, making unauthorized requests
impossible without the correct token.
CORS Misconfigurations:
We successfully bypassed poorly configured CORS headers, demonstrating the importance of
strict policy enforcement. With proper configuration, we were able to secure the application and
restrict access to trusted domains only.
XSS and XSSI Attacks:
Through both stored and reflected XSS attacks, we observed how easily attackers can inject
malicious scripts into web applications. By exploiting XSSI, we also managed to steal sensitive
data by manipulating external scripts included in vulnerable pages.
Cryptographic Protection:
During the exercise, we also implemented symmetric and asymmetric cryptography to secure
cross-domain data exchanges, ensuring that even if an attacker gained access to resources, the
data would remain encrypted and secure.
Conclusion
Cross-domain security is essential for protecting web applications and their users from a wide
range of vulnerabilities, including CSRF, XSS, and XSSI. This lab demonstrated how attackers
can exploit poor cross-domain configurations and weaknesses in web application logic. By
implementing secure practices, such as anti-CSRF tokens, properly configured CORS policies,
and using cryptographic methods to protect data, we can mitigate the risks associated with cross-
domain interactions. Regular testing and adherence to security best practices are vital for
preventing cross-domain vulnerabilities that could be exploited by attackers.