Hands-on Lab – eCommerce – Part 1

An important aspect of network security is hands-on experience. Considering this I would like to share a step-by-step guide that illustrates how to create a web content management system with eCommerce shopping card software. What is the purpose? The purpose is to create a simulated real world e-commerce website in a controlled and virtual environment. Here you can find known vulnerabilities that will allow you to learn and practice security concepts.  Will also allow you to have a scenario where you can practice offensive and defensive techniques legally, safely and for educational purposes. The scenario is based on an older version of Joomla and Virtuemart running on a LAMP (Linux, Apache, MySQL, PHP) stack.

Probably the most common attack vector against Joomla based content management websites is SQL injection vulnerabilities. The National Vulnerability Database shows 755 matching records when searching for CVE’s affecting Joomla versions. ExploitDB shows 839 potential exploits for different Joomla versions and a variety of components. 487 SQL Injection related, 30 Cross Site Scripting  42 Local File Inclusion, 25 Remote File Inclusion and others. If you are familiar with Vmware this scenario can easily be extended to an Attacker system with Backtrack plus a Firewall like pfSense and/or IDS like Snort between the systems. This will allow you to further extend your skills in intrusion analysis, incident handling and penetration testing and others.

Advertisements
Tagged ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

gb_master's /dev/null

... and I said, "Hello, Satan. I believe it's time to go."

Source Code Auditing, Reversing, Web Security

Finding Hidden codes in the software

BruteForce Lab

security, programming, devops, visualization, the cloud

Count Upon Security

Increase security awareness. Promote, reinforce and learn security skills.

Naked Security

Computer Security News, Advice and Research

Didier Stevens

(blog \'DidierStevens)

malwology

Adventures in double-clicking malware / by Anuj Soni

Rational Survivability

Hoff's Ramblings about Information Survivability, Information Centricity, Risk Management and Disruptive Innovation.

SANS Internet Storm Center, InfoCON: green

Increase security awareness. Promote, reinforce and learn security skills.

TaoSecurity

Increase security awareness. Promote, reinforce and learn security skills.

Schneier on Security

Increase security awareness. Promote, reinforce and learn security skills.

Technicalinfo.net Blog

Increase security awareness. Promote, reinforce and learn security skills.

Lenny Zeltser

Increase security awareness. Promote, reinforce and learn security skills.

Krebs on Security

In-depth security news and investigation

%d bloggers like this: