Methods (Acunetix and QualysGuard Freescan)
In addition to the Nmap analysis, we also conducted in-depth vulnerability assessments utilizing the commercially available Acunetix Web Vulnerability Scanner (Trial Edition) and the QualysGuard FreeScan web application tools to evaluate and detect potential weaknesses within the website: http://vlab02.pneumann.com/patients13/?bill_month=9. The Acunetix Web Vulnerability Scanner is an extremely robust security assessment tool commercially available through website downloads. The Acunetix tool’s key features include port scanner, HTTP sniffer, SQL injection tool, and a penetration tester capable of identifying a variety of potential website ...view middle of the document...
According to the Acunetix tool’s scan, this website was particularly susceptible to blind SQL injection attacks. This specific SQL injection attack would allow the attacker to obtain sensitive client information from the website through an examination and analysis of the database’s responses to the attacks.
Figure 1. Acunetix Web Vulnerability Scanner Results.
The QualysGuard Freescan tool conducted multiple checks and used the Open Web Application Security Project (OWASP) Top 10 critical vulnerabilities list to provide a comprehensive assessment on specific exploitable weaknesses including SQL injection, cross-site scripting (XSS), and sensitive data exposure within the target website. In contrast to the Acunetix tool’s scan, this scan discovered 14 vulnerabilities and categorized six of them as high risk. Similar to the Acunetix tool’s scan, the QualysGuard scan discovered that the target website was highly vulnerable to SQL injection. The scan also revealed that the target website was also susceptible to XSS and potential sniffing attacks due to lack of the additional security known as the secure socket layer (SSL) as shown in Figure 2. Unauthorized users conduct XSS attacks to introduce malicious code into the target website and can exploit the website’s unencrypted Hypertext Transfer Protocol (HTTP) that can be subject to man-in-the middle attacks. In addition to the unsecured HTTP, another vulnerability is the website’s nonexistent authentication mechanism which allowed Team Dynamo to manipulate the website’s URL to access sensitive patient information (i.e. name, date of birth, balance amount, etc) from the website’s database as shown in Figure 3.
Figure 2. Excerpt from QualysGuard Freescan Vulnerability Scan Report.