Image for post
Image for post

Earlier this year I had participated in Advanced Web Application Exploitation course by Offensive Security and after 60 days of lab, I managed to pass the Offensive Security Web Expert exam. By writing this article I would like to provide some more information about this course and certification for people who are considering taking it in the future. I would like to especially share my experience with people who are not software developers.

#whoami

I’m a cybersecurity specialist interested in application security and bug bounty hunting. …


Earlier this year my colleague has identified an application which was clearly vulnerable to Cross-Site-Scripting as special characters were not encoded.

However, he quickly learned that the application is behind a WAF as attempts to exploit XSS resulted in HTTP 403 error message.

Image for post
Image for post
Standard AWS WAF error message

After talking to application owners we learned that in fact application is behind an AWS WAF with Core Rule Set enabled.

Taking into account how many web applications use AWS WAF with CRS, bypassing it seemed quite challenging. However, we decided to spend some extra time attempting to do so.

We started with checking what is available…


Foreword

It has been some time since I published my first article on inter-application vulnerabilities in modern web applications. Recently I identified one of them during bug bounty hunting and I personally think it is too good not to be shared with the broader community.

If you are one of tl;dr guys, we are speaking here about issues which exist because of cross-system dependencies and integrations of applications. Long story short — separately, two applications are free from vulnerabilities, however while considering them as a one, you have major security concerns within.

Image for post
Image for post
This kind of a situation…

If you want to know more on the concept…


Image for post
Image for post
Photo by freestocks.org on Unsplash

Summary

For the last couple of years I have been participating in various bug bounty programmes. Usually these programmes are ran by security-mature companies who take a lot of effort to make sure that their applications are secure. So how is that even possible that they are still vulnerable to well-known issues like XSS or IDOR which should not exist in 2018 anymore?

This article will share information about common “inter-application” vulnerabilities encountered during testing process and emphasize the need of appropriate security testing at each stage of system life cycle.

Unfortunately, I’m not able to share all technical details…

Marcin Szydlowski

Cyber security professional. AppSec specialist. Synack Red Team member. Bug Bounty and CTF fan. @securityksl Opinions are my own.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store