1

Web Application VAPT

BY

CyberSapiens

Report on
XYZ

WEB APPLICATION VAPT CYBERSAPIENS UNITED LLP

 2

Table of Contents
1. Document Attributes................................................................................................................... 3
2. Executive Summary ..................................................................................................................... 3
3. VAPT Test Graph.......................................................................................................................... 3
4. AUDITING SCOPE .............................................................................................................................. 4
5. METHODOLOGIES and Standards ..................................................................................................... 4
6. VAPT Project Timeframe ............................................................................................................. 4
7. Risk Ratings and Treat Level ........................................................................................................ 4
8. Vulnerability Summary ................................................................................................................ 5
9. Observations ............................................................................................................................ 5
10. Tools used for the Assessment ................................................................................................ 7
11. Conclusion ............................................................................................................................... 8

WEB APPLICATION VAPT CYBERSAPIENS UNITED LLP

 3

1. Document Attributes
Date 02-07-2022
Version 1.0
Prepared by NAME
Reviewed by NAME
Submitted to NAME

2. Executive Summary

CyberSapiens United LLP was contracted by CLIENT to conduct a web application vulnerability
assessment and penetration testing activity to determine its exposure to the targeted attacks and
ensure that CLIENT web application is secure from advanced attack techniques.
This activity was conducted in a manner that malicious attacker is engaged to assess the provided
scope of CLIENT. The goals of the vulnerability assessment and Penetration Testing scan were:
• Identifying the threats or vulnerabilities that might be present on the web application
• Confidentiality of the CLIENT data that are stored on the company storage/servers

3. VAPT Test Graph

Type Count
Non-Vulnerable domains 0
Vulnerable domains 1

Risk Distrubusion

Non Vulnerable Assets Vulnerable Assets

WEB APPLICATION VAPT CYBERSAPIENS UNITED LLP

 4

4. AUDITING SCOPE
Detailed list of assets is given in the below table:

SL NO URL Type of Asset

1 www.client.com Web application

5. METHODOLOGIES and Standards

The following methodologies and standards were used during the project.
• OWASP testing guide
• PTES
• WSTG
• Open Source Security Testing Methodology Manual (OSSTMM)
• Web Application Security Consortium Threat Classification (WASC-TC)

6. VAPT Project Timeframe

The VAPT activity was conducted between 24-01-2022 to 02-02-2022

7. Risk Ratings and Treat Level

Severity Description
Loss of business / Breach of internal data / Non-bearable financial and reputational
Critical
loss / Breakdown of assets / Access and modification of critical data
Loss of customer / Exposure of internal data / Noncompliance to regulations /
High Unavailability of the services / Access to configurational changes / High financial and
reputational loss / Access and modification of internal data
Customer service affected for one day / Noncompliance with internal requirements
Medium / Bearable financial and reputational loss / Disclosure of non-public data
Internal services affected / Minor inconvenience to customers / Very minimal
Low
financial and reputation loss

WEB APPLICATION VAPT CYBERSAPIENS UNITED LLP

 5

8. Vulnerability Summary

A summary of vulnerabilities that have been discovered while performing web application
security assessment are given bellow:

Critical High Medium

6 3 1

Low Info Total

1 0 11

9. Observations
Vulnerability #1 XSS via File Upload
IP Address 0.0.0.0
Risk Critical
Description DESCRIPTION

Impact An XSS attack allows an attacker to execute arbitrary JavaScript in the

context of the attacked website and the attacked user. This can be abused
to steal session cookies, perform requests in the name of the victim or for
phishing attacks
Proof of Concept
(POC)

Remediation

WEB APPLICATION VAPT CYBERSAPIENS UNITED LLP

 6

Vulnerability #2 Insecure Direct Object Reference

IP Address 0.0.0.0
Risk Critical
Description DESCRIPTION

Impact IDOR occur when a user being able to directly access resources that they
should not be able to access, using a user input functionality.
Proof of Concept
(POC)

Remediation DESCRIPTION

Vulnerability #3 Account take over through response manipulation

IP Address 0.0.0.0
Risk Critical
Description DESCRIPTION

Impact User’s account remains at risk, as even after logout a person having session
cookies can login into user account and make malicious changes.
Proof of Concept
(POC)

Remediation DESCRIPTION

Vulnerability #4 No rate limiting on forgot password option

IP Address 0.0.0.0
WEB APPLICATION VAPT CYBERSAPIENS UNITED LLP
 7

Risk Critical
Description DESCRIPTION

Impact The users email inbox will be spammed with multiple password reset links
which would cause trouble to the user
Proof of Concept
(POC)

Remediation DESCRIPTION

10.Tools used for the Assessment

The VAPT activities utilizes many automated tools and manual exploitation methodologies to
identify security vulnerabilities. A detailed list of tools used is given below.

Tool Name Description

Burp Suite Works as a proxy between client and the server
Dirb Directory searching

Gobuster Directory searching

Nmap Network mapper used for information gathering

jwtcat Tool used to detect and exploit well-known cryptographic

flaws present in JSON Web Token (JWT).
Nessus is a remote security scanning tool, which scans a
computer and raises an alert if it discovers any vulnerabilities that
Nessus
malicious hackers could use to gain access to any computer you
have connected to a network.
Cookie-Editor lets you efficiently create, edit and delete a cookie
Cookie-Editor for the current tab. Perfect for developing, quickly testing or even
manually managing your cookies for your privacy.
Wappalyzer is a browser extension that uncovers the
Wappalyzer
technologies used on websites. It detects content management

WEB APPLICATION VAPT CYBERSAPIENS UNITED LLP

 8

systems, ecommerce platforms, web servers, JavaScript

frameworks, analytics tools and many more.
Exif Tool is a powerful tool used to extract metadata of a file. It
is used not only on images but some other formats of files like
Exif Tool
PDF and mp4 etc. It enables us to update and remove metadata
of files and gives a lot of information about files.
These are intelligent tools used for information gathering and
Amass, Subfinder, enhancement of the attack surface. This open-source tool helps
Sublist3r in identifying hidden resource/targets through DNS enumeration
and network mapping.
These are the automated tools used to fuzz the directories. It has
DirSearch, various key features of manipulation the method from GET to
AssertFinder, Ffuf POST and vice versa. We can use various wordlists for fuzzing
the host as well.
This tool can identify and recognize all the web technologies
available on the target website. This tool can identify
Whatweb
technologies used by websites such as blogging, content
management system, all JavaScript libraries.

11.Conclusion
Overall, we found the Assets tested to be well designed and to be utilizing many solid security
practices. However, few misconfigurations/vulnerabilities were identified which are given above.
We recommend to immediately fix the issue identified to make the systems risk free and secure.

WEB APPLICATION VAPT CYBERSAPIENS UNITED LLP