Page 37 - info_oct_2021_draft13
P. 37

AVART            Comprehensive Security        Web Shells             Detecting Web Infra   In Focus
                                                                                          Vulnerabilities
                                        Assessment







         Web Shells








         Comprises Data Security, Application

         and Web Infrastructure Audit








              eb Sites/ Information ssystems are   assets/services, their presence on the info/  and periodic monitoring and reporting any
              frequently exposed to code originating   transaction server, may mar the business image   suspicious activity or content such as webshells
         Wfrom      various,  possibly  unknown/  as the contents would be of doubtful origin.   in their respective digital assets and frontiers
          un-trusted sources. This may include but                               (web sites/applications).
          not limited to hackers uploading malicious  Detecting Web Shells
          contents such as web shells on vulnerable sites.   Site owners/admin can detect the presence
                                             of shell on their host web server system either
                                             by noticing of unusual timestamps, presence of
          About Webshell                     suspicious files in internet available locations.
           Typically, web shell is a sophisticated piece of   The following snapshot shows the presence
          code or program capable of traversing areas of   of webshells in  a file uploads directory. These
          File system of host server, gathering information   may go undetected as the names are as per the
          thru reading code and critical information, Spying   accepted pattern.
          on Event Logs, open ports, processes etc. The
          shell gives the creator/user the ability to create,  Block Web Shell
          edit, delete or download any file of choice, to gain   Protection  against  web  shells  include,
          root access to server. The following is a snapshot   mitigation of web application vulnerabilities.
          of such webshells.                 Securing Web server configuration weaknesses
           Affected  server  are exploited  where script   including for ex: in case of php, disabling
          owners try to access information saved on   functions  such  as  exec  (),  shell_exec  (),  eval  ()
          this systems. Webshells are scripts written in   in php.ini makes it hard to execute php based
          the supported language of a target web server   webshell. Web Applications with  file upload
          including PHP, Python, ASP.Net and Unix Shell   features should be thoroughly tested.
          Script etc.
           Web server are subjected to reconnaissance  Conclusion:
          for identification of vulnerabilities that can be   It then is the responsibility of all stakeholders
          exploited leading  to installation of the  shell   to avoid such occasions by proactively
          script. These are usually possible through public   contributing  to  information  assurance  by
          file upload pages and applications vulnerable to   complying with security policies and procedures,
          remote File inclusion/ Local File Include (LFI).
          Impact of webshells
           Depending on the sensitivity of the digital








                        Snigdha Acharya
                        Scientist-F
                        snigdha.acharya@nic.in



                                                                                                    informatics.nic.in 37
                                                                                        October 2021  informatics.nic.in  37
                                                                                        October 2021
   32   33   34   35   36   37   38   39   40   41   42