The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities
Abstract
:1. Introduction
- The world’s expanded use of the Internet, applications, and websites in various fields has also increased the number of associated problems as well as causing material, social, and economic damage that negatively affects society and the world. Here, we investigate how to reduce and prevent these problems.
- We contribute to the clarification of the most common vulnerabilities in websites that may cause security problems from hackers, such as defacement.
- We compare penetration test tools and clarify the advantages and disadvantages of each tool.
- We use the three most popular tools and 1000 different websites are scanned in the case study presented in this paper.
- The results for various tools (Nikto, Burp Suite, OWASP-ZAP) are compared with the vulnerabilities that are discovered.
- In a study by Devi et al., the Nikto and ZAP tools were used on 100 sites, and they concluded that Nikto performed better in terms of the information on vulnerabilities [11], but in our study, we use 1000 sites and show that the Burp Suite tool is better than other tools for deducing and displaying vulnerabilities. Through the help of these tools, software developers can analyze sites and warn consumers about these vulnerabilities at all levels: medium, high, and low. This does not diminish the importance of Nikto, which can also offer information about servers, ciphers, and Secure Sockets Layer (SSL) in addition to gaps. Finally, ZAP provides information about gaps at various levels, and it is considered in our study to be the best after the Burp Suite tool, followed by Nikto.
- At the end of the paper, we mention information about the DNS, and we collect site data that were distorted from the Zone-H site and enter them into the DNS tools, including a display of the DNS records to help application and site developers to avoid problems and damage. We attack the server and summarize the most important recommendations and monitoring tools for the server.
2. Related Work
3. Analysis of Vulnerabilities
- Broken access control
- Cryptographic failures
- Injection
- An insecure design
- Security misconfiguration
- Vulnerable and outdated components
- Identification and authentication failures
- Software and data integrity failures
- Security logging and monitoring failures
- Server-side request forgery
3.1. SQL Injection
3.2. Cross-Site Scripting (XSS)
3.3. Local or Remote File Inclusion
Vulnerability Assessment
- 1.
- Network vulnerability assessment.
- 2.
- Host-based vulnerability assessment.
- 3.
- Web-application vulnerability assessment.
- 4.
- Penetration testing.
- 5.
- Compliance assessment.
4. Security Assessment for Web Application Tools
4.1. OWASP ZAP
4.2. Burp Suite
4.3. Nikto
5. Methodology
5.1. Basic Idea
5.2. Data Collection
5.3. Experimental Results
6. Comparison with DNS Tools
6.1. Zone-H Dataset
6.2. Specialized DNS Tools
6.3. Coding in Kali Linux OS
6.4. Analysis and Reporting
- A record: An A record identifies the Internet protocol address of the machine hosting the domain. Using a domain name, a record identifies a device’s IP address on the Internet. When a domain or subdomain is entered into the address bar of a browser, the AAAA record type of a DNS record tells the browser where to go by mapping the domain or subdomain to an IPv6 address.
- CNAME record: A classical name, or CNAME, record converts an alias name into a real or canonical domain name. Using CNAME records, a subdomain, such as a website or an email address, is transferred to the domains that house the information for that subdomain.
- Mail exchanger record, or MX record: this defines the mail server responsible for obtaining emails.
- TXT record: A resource record known as a TXT record enables text to be connected to a zone. Any text content can be added to DNS entries using this record, according to the domain management.
- NS record: An NS record, also known as a name-server record, contains the name of the authorization server inside a domain or DNS zone.
- Start of authority (SOA) record: The domain name system defines an SOA record containing administrative data about a zone (DNS). SRV stands for service discovery records, which help with service discovery. An SRV record typically specifies a single meaning and the transport protocol as part of the domain name. The importance, size, port, and target of the service are all specified in the record content.
- PTR record: As opposed to an A record, which points to a domain, a pointer (PTR) record in a DNS record converts an IP address to a domain or hostname [29].
7. Attacks on DNS
7.1. DNS Poisoning Attack
7.2. DOS, DDoS Attacks by DNS Flooding
8. Tools to Monitor DNS Attacks
9. Recommendations
10. Conclusions and Future Work
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Srivatanakul, T.; Annansingh, F. Incorporating active learning activities to the design and development of an undergraduate software and web security course. J. Comput. Educ. 2022, 9, 25–50. [Google Scholar] [CrossRef]
- Alsaffar, M.; Aljaloud, S.; Mohammed, B.A.; Al-Mekhlafi, Z.G.; Almurayziq, T.S.; Alshammari, G.; Alshammari, A. Detection of Web Cross-Site Scripting (XSS) Attacks. Electronics 2022, 11, 2212. [Google Scholar] [CrossRef]
- Palaniappan, G.; Sangeetha, S.; Rajendran, B.; Goyal, S.; Bindhumadhava, B. Malicious domain detection using machine learning on domain name features, host-based features and web-based features. Procedia Comput. Sci. 2020, 171, 654–661. [Google Scholar] [CrossRef]
- Albalawi, M.M.; Aloufi, R.B.; Alamrani, N.A.; Albalawi, N.N.; Aljaedi, A.O.; Alharbi, A.R. Website Defacement Detection and Monitoring Methods: A Review. Electronics 2022, 11, 3573. [Google Scholar] [CrossRef]
- Nguyen, T.H.; Hoang, X.D.; Nguyen, D.D. Detecting Website Defacement Attacks using Web-page Text and Image Features. Int. J. Adv. Comput. Sci. Appl. 2021, 12. [Google Scholar] [CrossRef]
- Dissanayake, I. DNS Cache Poisoning: A Review on Its Technique and Countermeasures. In Proceedings of the 2018 National Information Technology Conference, Colombo, Sri Lanka, 2–4 October 2018; pp. 1–6. [Google Scholar]
- Sinha, S.K.; Singh, A.K.; Sharma, A. Security System for DNS Using Cryptography. In Proceedings of the 2018 National Information Technology Conference, Colombo, Sri Lanka, 2–4 October 2018. [Google Scholar]
- Jia, J.; Dong, Z.; Li, J.; Stokes, J.W. Detection of Malicious DNS and Web Servers Using Graph-Based Approaches. In Proceedings of the ICASSP 2021-2021 IEEE International Conference on Acoustics, Speech and Signal Processing, Toronto, ON, Canada, 6–11 June 2021; pp. 2625–2629. [Google Scholar]
- Nagpure, S.; Kurkure, S. Vulnerability Assessment and Penetration Testing of web Application. In Proceedings of the 2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA), Pune, India, 17–18 August 2017; pp. 1–6. [Google Scholar]
- Albahar, M.; Alansari, D.; Jurcut, A. An Empirical Comparison of Pen-Testing Tools for Detecting Web App Vulnerabilities. Electronics 2022, 11, 2991. [Google Scholar] [CrossRef]
- Devi, R.S.; Kumar, M.M. Testing for Security Weakness of Web Applications Using Ethical Hacking. In Proceedings of the 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI), Tirunelveli, India, 15–17 June 2020; pp. 354–361. [Google Scholar]
- Shahid, J.; Hameed, M.K.; Javed, I.T.; Qureshi, K.N.; Ali, M.; Crespi, N. A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions. Appl. Sci. 2022, 12, 4077. [Google Scholar] [CrossRef]
- Gupta, D. A Critical Review of WordPress Security Scanning Tools and the Development of a Next-Generation Solution. Master’s Thesis, National College of Ireland, Dublin, Ireland, 2023. [Google Scholar]
- Hoang, X.D. A Website Defacement Detection Method Based on Machine Learning Techniques. In Proceedings of the 9th International Symposium on Information and Communication Technology, New York, NY, USA, 6–7 December 2018; pp. 443–448. [Google Scholar]
- Van de Weijer, S.G.; Holt, T.J.; Leukfeldt, E.R. Heterogeneity in trajectories of cybercriminals: A longitudinal analyses of web defacements. Comput. Hum. Behav. Rep. 2021, 4, 100113. [Google Scholar] [CrossRef]
- Jamil, A.; Asif, K.; Ashraf, R.; Mehmood, S.; Mustafa, G. A Comprehensive Study of Cyber Attacks & Counter Measures for Web Systems. In Proceedings of the 2nd International Conference on Future Networks and Distributed Systems, New York, NY, USA, 26–27 June 2018; pp. 1–7. [Google Scholar]
- Romagna, M.; van den Hout, N.J. Hacktivism and Website Defacement: Motivations, Capabilities and Potential Threats. In Proceedings of the 27th Virus Bulletin International Conference, Madrid, Spain, 4–6 October 2017; Volume 1, pp. 1–10. [Google Scholar]
- Baklizi, M.; Atoum, I.; Abdullah, N.; Al-Wesabi, O.A.; Otoom, A.A.; Hasan, M.A.S. A Technical Review of SQL Injection Tools and Methods: A Case Study of SQLMap. Int. J. Intell. Syst. Appl. Eng. 2022, 10, 75–85. [Google Scholar]
- Setiawan, E.B.; Setiyadi, A. Web Vulnerability Analysis and Implementation. In Proceedings of the IOP Conference Series: Materials Science and Engineering, Bandun, Indonesia, 9 May 2018; Volume 407, p. 012081. [Google Scholar]
- Alanda, A.; Satria, D.; Ardhana, M.I.; Dahlan, A.A.; Mooduto, H.A. Web Application Penetration Testing Using SQL Injection Attack. JOIV Int. J. Inform. Vis. 2021, 5, 320–326. [Google Scholar] [CrossRef]
- Weamie, S.J. Cross-Site Scripting Attacks and Defensive Techniques: A Comprehensive Survey. Int. J. Commun. Netw. Syst. Sci. 2022, 15, 126–148. [Google Scholar] [CrossRef]
- Erdödi, L.; Zennaro, F.M. The Agent Web Model: Modeling web hacking for reinforcement learning. Int. J. Inf. Secur. 2022, 21, 293–309. [Google Scholar] [CrossRef]
- Laksmiati, D. Vulnerability Assessment with Network-Based Scanner Method for Improving Website Security. J. Comput. Netw. Archit. High Perform. Comput. 2023, 5, 38–45. [Google Scholar] [CrossRef]
- Mamun, M.S.I.; Rathore, M.A.; Lashkari, A.H.; Stakhanova, N.; Ghorbani, A.A. Detecting Malicious urls Using Lexical Analysis. In Proceedings of the International Conference on Network and System Security, Taipei, Taiwan, 28–30 September 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 467–482. [Google Scholar]
- Dar, U.A.; Iqbal, A. The silent art of reconnaissance: The other side of the hill. Int. J. Comput. Netw. Commun. Secur. 2018, 6, 250–263. [Google Scholar]
- Denis, M.; Zena, C.; Hayajneh, T. Penetration Testing: Concepts, Attack Methods, and Defense Strategies. In Proceedings of the 2016 IEEE Long Island Systems, Applications and Technology Conference, Farmingdale, NY, USA, 29–29 April 2016; pp. 1–6. [Google Scholar]
- Alharbi, F.; Zhou, Y.; Qian, F.; Qian, Z.; Abu-Ghazaleh, N. DNS poisoning of operating system caches: Attacks and mitigations. IEEE Trans. Dependable Secur. Comput. 2022, 19, 2851–2863. [Google Scholar] [CrossRef]
- Zhou, L.; Zhu, Y.; Xiang, Y.; Zong, T. A novel feature-based framework enabling multi-type DDoS attacks detection. World Wide Web 2022, 26, 163–185. [Google Scholar] [CrossRef]
- Hudák, P. Analysis of DNS in Cybersecurity. Master’s Thesis, Masaryk University, Faculty of Informatics, Brno, Czechia, 2017. [Google Scholar]
- Jayaprakash, R.; Kalariyil Venugopal, V. A Novel Framework For Detecting Subdomain State Against Takeover Attacks. Master’s Thesis, Halmstad University, Halmstad, Sweden, 2022. [Google Scholar]
- Torabi, S.; Boukhtouta, A.; Assi, C.; Debbabi, M. Detecting Internet abuse by analyzing passive DNS traffic: A survey of implemented systems. IEEE Commun. Surv. Tutor. 2018, 20, 3389–3415. [Google Scholar] [CrossRef]
- Man, K.; Zhou, X.; Qian, Z. DNS Cache Poisoning Attack: Resurrections with Side Channels. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event Republic of Korea, 15–19 November 2021; pp. 3400–3414. [Google Scholar]
- Ahmed, J. Monitoring security of enterprise hosts via DNS data analysis. arXiv 2022, arXiv:2205.08968. [Google Scholar]
- Jin, Y.; Tomoishi, M.; Fujikawa, K.; Kafle, V.P. A Lightweight and Secure IoT Remote Monitoring Mechanism Using DNS with Privacy Preservation. In Proceedings of the 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 11–14 January 2019; pp. 1–2. [Google Scholar]
- Jin, Y.; Tomoishi, M.; Yamai, N. Anomaly Detection by Monitoring Unintended DNS Traffic on Wireless Network. In Proceedings of the 2019 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM), Victoria, BC, Canada, 21–23 August 2019; pp. 1–6. [Google Scholar]
- Somarriba, O.; Ramos, L.C.P.; Zurutuza, U.; Uribeetxeberria, R. Dynamic DNS Request Monitoring of Android Applications via Networking. In Proceedings of the 2018 IEEE 38th Central America and Panama Convention (CONCAPAN XXXVIII), San Salvador, El Salvador, 7–9 November 2018; pp. 1–6. [Google Scholar]
- Manickam, S.; Rahef Nuiaa, R.; Hakem Alsaeedi, A.; Alyasseri, Z.A.A.; Mohammed, M.A.; Jaber, M.M. An enhanced mechanism for detection of Domain Name System-based distributed reflection denial of service attacks depending on modified metaheuristic algorithms and adaptive thresholding techniques. IET Netw. 2022, 11, 169–181. [Google Scholar] [CrossRef]
- Jeřábek, K.; Hynek, K.; Čejka, T.; Ryšavỳ, O. Collection of Datasets with DNS over HTTPS Traffic. Data Brief 2022, 42, 108310. [Google Scholar] [CrossRef]
- Wang, Y.; Zhou, A.; Liao, S.; Zheng, R.; Hu, R.; Zhang, L. A comprehensive survey on DNS tunnel detection. Comput. Netw. 2021, 197, 108322. [Google Scholar] [CrossRef]
- Wang, Z. An elastic and resiliency defense against DDoS attacks on the critical DNS authoritative infrastructure. J. Comput. Syst. Sci. 2019, 99, 1–26. [Google Scholar] [CrossRef]
Name | OWASP ZAP | Burp Suite | Nikto |
---|---|---|---|
Web application scanning | Available | Available | Available |
Active scan | Available | Available | Not available |
Spider | Available | Available | Not available |
Tool type | Proxy | Proxy | Scanner |
Vulnerability assessment | Available | Available | Not available |
Cost | Free | Free/Paid | Free |
Version | Version: 2.12.0 | Version: 2022.2.4 | Version: 2.1.6 |
Last update | 10 December 2021 | 28 October 2022 | 9 July 2015 |
Tool | Records |
---|---|
dnsrecon | NS records for zone transfers. |
Given domain (MX, SOA, NS, A, AAAA, SPF, and TXT). | |
Top-level domain (TLD) | |
Perform a PTR record | |
List of host records in a text file to check |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Albalawi, N.; Alamrani, N.; Aloufi, R.; Albalawi, M.; Aljaedi, A.; Alharbi, A.R. The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities. Electronics 2023, 12, 2664. https://doi.org/10.3390/electronics12122664
Albalawi N, Alamrani N, Aloufi R, Albalawi M, Aljaedi A, Alharbi AR. The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities. Electronics. 2023; 12(12):2664. https://doi.org/10.3390/electronics12122664
Chicago/Turabian StyleAlbalawi, Neaimh, Norah Alamrani, Rasha Aloufi, Mariam Albalawi, Amer Aljaedi, and Adel R. Alharbi. 2023. "The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities" Electronics 12, no. 12: 2664. https://doi.org/10.3390/electronics12122664