SlideShare a Scribd company logo

TriplePlay-WebAppPenTestingTools

Yury Chemerkin
Yury Chemerkin
Technology
1 of 44
Download to read offline
Best Of Web Application Penetration Testing Tools April 2009 Paul Asadoorian, Mick Douglas, John Strand PaulDotCom Enterprises, LLC psw@pauldotcom.com
Who We Are • PaulDotCom Enterprises - PaulDotCom Security Weekly Podcast - Penetration Testing, Security Consulting, Device Testing • PaulDotCom Community - Forum, IRC, Hack Naked TV, Wiki, Mailing List • SANS Instructors & Certified Professionals - Upcoming courses all across the world! http://pauldotcom.com/events/ http://pauldotcom.com April 2009
The Challenge • If you had to pick tools to take with you to test a web application for security, what would they be? - You are limited to web applications, no wireless, no client-side - You must test and and identify common web app vulnerabilities (XSS, CSRF, SQL Injection) - You must show how you could penetrate systems, gain access, and keep that access to demonstrate risk http://pauldotcom.com April 2009
Best Of Web Application Testing Tools 1) Nikto - Web server enumeration 2) Webscarab - Proxy/Scanner 3) w3af - Web Exploit framework 4) Firefox - Multi-purpose 5) Cenzic Hailstorm - Deep testing 6) Core IMPACT - Web Exploitation Spotlight - Samurai WTF http://pauldotcom.com April 2009
This Presentation Will Help Build Your Ninja Skills... There is a network ninja in this picture.... http://pauldotcom.com April 2009
Nikto • Performs a quick analysis of the web server and applications • Important to know which applications to attack (for “blind” tests) Recently Updated! Check the web site: • Nikto reports back on: http://www.cirt.net/nikto2 - Common vulnerable CGI applications - Web server type, version, and add-ons - “Interesting” Files http://pauldotcom.com April 2009
Nikto • After using Nmap for host discovery, run Nikto to scan the web servers • This may spot vulnerabilities and other files of interest for attacking the application or even your target - Vulnerable Apache/IIS/PHP/.NET = PWNAGE - A file named “passwords.txt” is gold - Source code to the application or version if open source http://pauldotcom.com April 2009
Nikto Step 1 - Run Nmap to find Web servers: # nmap -PN -oA top1000 -T4 -n -sS --top-ports 1000 -iL targets.all NOTE: This will not detect web servers running on alternate ports. To do this replace -sS with -sV. This will only do the top 1000 ports. Integrate Nikto with Nessus: http://blog.tenablesecurity.com/2008/09/using-nessus-to.html http://pauldotcom.com April 2009
Nikto Step 2 - Parse the Nmap results into a format that Nikto can understand: $ awk '/open/ {print $2 ":" $5}' top1000.gnmap | egrep '(80|443)' | cut -d/ -f1 > nmaphosts This will produce a file with IP and Port: 1.1.1.1:80 2.2.2.2:443 http://pauldotcom.com April 2009
Nikto Step 3 - Run Nikto: $ ./nikto.pl -h nmaphosts -o nmaphosts.out Review the output: + Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8d - Root page / redirects to: https://portal.int.pauldotcom.com/ + All CGI directories 'found', use '-C none' to test none + OSVDB-0: Non-standard header keep-alive returned by server, with contents: timeout=15, max=100 + Apache/2.2.4 appears to be outdated (current is at least Apache/2.2.9). Apache 1.3.39 and 2.0.61 are also current. + OSVDB-0: GET /myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]? query= : myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/ advisories/CA-2000-02.html. http://pauldotcom.com April 2009
Webscarab Flags injection points!
Stops all requests/ responses Edit stuff here Header Information Page coming back from server to browser
Webscarab - Hidden Fields
About Mick • 14+ years industry experience • Sys Admin and developer roots • Evil thoughts + curiosity + good deeds = Mick • White hat hacker http://pauldotcom.com April 2009
You don't have any expensive tools – so what? • Too poor (like me) - I work at a not-for-profit. • Don't do this work enough to justify the $$$ tools http://pauldotcom.com April 2009
Ain't no school like the old school • All 'sploits “in” the browser • Back in my day we didn't have tool xyz! We pushed packets through the wire by hand!! • – And we liked it that way! http://pauldotcom.com April 2009
Big gains for doing this this way • Great way to truly learn • Deeper understanding • Almost zero false positives/negatives • Easiest way to show examples • Nearly 100% buy in from “the suits” - Hint: Works best with HTML injection ;-) http://pauldotcom.com April 2009
How do you do it? • Don't re-invent the wheel • Find resources that specialize in this method • Rsnake's site – http://ha.ckers.org/ - A bit like drinking from the fire hose! - No he's not been doing this since 1970. ;-) http://pauldotcom.com April 2009
Remember: Some ways are better than others • If you're truly hardcore, you can use telnet • I like Firefox – YMMV - Some extensions can really help - Have to get creative with them though! - (think evil thoughts) http://pauldotcom.com April 2009
Firefox extensions to checkout • Firebug • YSlow • TestGen4Web http://pauldotcom.com April 2009
Firebug – Firefox extension • Inline editing • Great for - Hidden fields - Breaking forms - Messing with JavaScript - Making rogue sites and man-in-the-middle components (a talk for another day) - (Oh it's handy for web development too...) http://pauldotcom.com April 2009
YSlow – Firefox extension • Requires firebug • Recon like no other! Shows you: - Overall time - Gives breakdown of components • Timing is typically THE best indicator! - Is it +/-? - By how much? http://pauldotcom.com April 2009
Firefox extension TestGen4Web • Allows record and playback • You can modify your recordings • Instant test system • There's plenty of others out there. • Experiment around! http://pauldotcom.com April 2009
So you want more of a system? • It's OK.Web hacking by hand – or even extension isn't always the way to go. • May we interest you in w3af? http://pauldotcom.com April 2009
w3af – the OSS web exploit system • Look Ma! Version 1 is arriving! • Impressive capabilities with high potential • If you have a commercial tool – watch this one. Might disrupt this space. • w3af could be an entire series webcasts! • Thanks Seth for bashing me over the head with this tool! http://pauldotcom.com April 2009
w3af 101 • Vulnerability tester • Manual test capabilities • Extendable framework • Request fuzzer • Interceptor • Quite nice GUI • EXPLOIT SYSTEM!! http://pauldotcom.com April 2009
w3af additional resources • Homepage: http://w3af.sourceforge.net/ • Movies! http://w3af.sourceforge.net/videos/ video-demos.php http://pauldotcom.com April 2009
Methodology • Any tool you use should be geared towards helping you understand how a web application works. • Commercial tools to help with that are: - Core Impact - Cenzic Hailstorm Professional • Over the next few slides we will look at these tools further http://pauldotcom.com April 2009
Core Impact • Yes, it is a network penetration testing tool… • But they have been working on the web side of the house for about a year now • Why?? • Because sometimes a web server is the best way to get a shell! http://pauldotcom.com April 2009
Site Structure http://pauldotcom.com 3 April 2009
Why do we care about site structure? • There are things that may indicate vulnerabilities - Process flow… Think CSRF - Robots.txt – What do they not want you to see? - Include.php – Configuration to a backend • Does the Developer have a clue? http://pauldotcom.com April 2009
Why Core is on this list http://pauldotcom.com 5 April 2009
http://pauldotcom.com 6 April 2009
http://pauldotcom.com 7 April 2009
http://pauldotcom.com 8 April 2009
Cenzic Hailstorm Pro • What if you are new to the field of web applications? • What if you are a seasoned vet? • Do you need two tools? • No http://pauldotcom.com April 2009
Flexibility • Lets be honest… • Sometimes you are checking a box. • Wouldn't you like to have the ability to check that box and do a rock’en assessment? • Or, do you want to write your own checks? http://pauldotcom.com April 2009
Compliance Checks http://pauldotcom.com April 2009
BYOA = Build Your Own Attacks http://pauldotcom.com April 2009
Other tools to check out • Accunetix • HP WebInspect • You should really try more then one before you buy • Always go with the one you are most comfortable with http://pauldotcom.com April 2009
Samurai • A very special mention • Want a live CD with all of the best Open Source web testing tools pre-installed and ready to go? • Check out Samurai! - http://samurai.inguardians.com/ http://pauldotcom.com April 2009
Honorable Mentions • Spike Proxy http://www.immunitysec.com/resources- freesoftware.shtml - Highly customizable proxy written in Python • Paros Proxy - Not updated since 2006 • Grendel-scan - Web site domain expired, but awesome vulnerability scanner • Nessus 4 - Has several plugins for CGI scanning, and a built-in CGI scanner that works great for identifying web apps http://pauldotcom.com April 2009
/* End */ • Presentations: http://pauldotcom.com/ presentations.html • Forum: http://forum.pauldotcom.com/ - Special category just for this webcast series! • Email: psw@pauldotcom.com http://pauldotcom.com April 2009

Recommended

Nikto
NiktoNikto
NiktoSorina Chirilă
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel" You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel" Peter Hlavaty
 
Veil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeilFramework
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Power of linked list
Power of linked listPower of linked list
Power of linked listPeter Hlavaty
 

Recommended

Nikto
NiktoNikto
NiktoSorina Chirilă
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel" You didnt see it’s coming? "Dawn of hardened Windows Kernel"
You didnt see it’s coming? "Dawn of hardened Windows Kernel" Peter Hlavaty
 
Veil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeilFramework
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Power of linked list
Power of linked listPower of linked list
Power of linked listPeter Hlavaty
 
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesScott K. Larson
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Defcon - Veil-Pillage
Defcon - Veil-PillageDefcon - Veil-Pillage
Defcon - Veil-PillageVeilFramework
 
Power on, Powershell
Power on, PowershellPower on, Powershell
Power on, PowershellRoo7break
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawEC-Council
 
Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Shahriman .
 
A Year in the Empire
A Year in the EmpireA Year in the Empire
A Year in the EmpireWill Schroeder
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
 
How to convince a malware to avoid us
How to convince a malware to avoid usHow to convince a malware to avoid us
How to convince a malware to avoid usCsaba Fitzl
 
BH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkBH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkVeilFramework
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege EscalationSunny Neo
 
Racing with Droids
Racing with DroidsRacing with Droids
Racing with DroidsPeter Hlavaty
 
Nginx warhead
Nginx warheadNginx warhead
Nginx warheadSergey Belov
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016Russel Van Tuyl
 
Attacking Big Data Land
Attacking Big Data LandAttacking Big Data Land
Attacking Big Data LandJeremy Brown
 
Wielding a cortana
Wielding a cortanaWielding a cortana
Wielding a cortanaWill Schroeder
 
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
 
Anatomy of PHP Shells
Anatomy of PHP ShellsAnatomy of PHP Shells
Anatomy of PHP ShellsVedran Krivokuca
 
When is something overflowing
When is something overflowingWhen is something overflowing
When is something overflowingPeter Hlavaty
 
DeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelDeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelPeter Hlavaty
 
Offensive security con strumenti open source
Offensive security con strumenti open sourceOffensive security con strumenti open source
Offensive security con strumenti open sourcePordenone LUG
 
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...festival ICT 2016
 

More Related Content

What's hot

Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesScott K. Larson
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Defcon - Veil-Pillage
Defcon - Veil-PillageDefcon - Veil-Pillage
Defcon - Veil-PillageVeilFramework
 
Power on, Powershell
Power on, PowershellPower on, Powershell
Power on, PowershellRoo7break
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawEC-Council
 
Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Shahriman .
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
 
How to convince a malware to avoid us
How to convince a malware to avoid usHow to convince a malware to avoid us
How to convince a malware to avoid usCsaba Fitzl
 
BH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkBH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkVeilFramework
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege EscalationSunny Neo
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016Russel Van Tuyl
 
Attacking Big Data Land
Attacking Big Data LandAttacking Big Data Land
Attacking Big Data LandJeremy Brown
 
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Luis Grangeia
 
When is something overflowing
When is something overflowingWhen is something overflowing
When is something overflowingPeter Hlavaty
 
DeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelDeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelPeter Hlavaty
 

What's hot (20)

Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new black
 
Defcon - Veil-Pillage
Defcon - Veil-PillageDefcon - Veil-Pillage
Defcon - Veil-Pillage
 
Power on, Powershell
Power on, PowershellPower on, Powershell
Power on, Powershell
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
 
Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.Common technique in Bypassing Stuff in Python.
Common technique in Bypassing Stuff in Python.
 
A Year in the Empire
A Year in the EmpireA Year in the Empire
A Year in the Empire
 
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesWindows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
 
How to convince a malware to avoid us
How to convince a malware to avoid usHow to convince a malware to avoid us
How to convince a malware to avoid us
 
BH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkBH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-framework
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege Escalation
 
Racing with Droids
Racing with DroidsRacing with Droids
Racing with Droids
 
Nginx warhead
Nginx warheadNginx warhead
Nginx warhead
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016
 
Attacking Big Data Land
Attacking Big Data LandAttacking Big Data Land
Attacking Big Data Land
 
Wielding a cortana
Wielding a cortanaWielding a cortana
Wielding a cortana
 
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2
 
Anatomy of PHP Shells
Anatomy of PHP ShellsAnatomy of PHP Shells
Anatomy of PHP Shells
 
When is something overflowing
When is something overflowingWhen is something overflowing
When is something overflowing
 
DeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelDeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows Kernel
 

Viewers also liked

Offensive security con strumenti open source
Offensive security con strumenti open sourceOffensive security con strumenti open source
Offensive security con strumenti open sourcePordenone LUG
 
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...festival ICT 2016
 
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...festival ICT 2016
 
BackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration TestBackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration TestAndrea Draghetti
 
BackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTFBackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTFAndrea Draghetti
 
OpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessmentOpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessmentBabel
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWebsecurify
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWebsecurify
 
Simulazione di un Penetration Test
Simulazione di un Penetration TestSimulazione di un Penetration Test
Simulazione di un Penetration TestSalvatore Lentini
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45
 
Le fasi di un Penetration testing
Le fasi di un Penetration testingLe fasi di un Penetration testing
Le fasi di un Penetration testingAlessandra Zullo
 

Viewers also liked (11)

Offensive security con strumenti open source
Offensive security con strumenti open sourceOffensive security con strumenti open source
Offensive security con strumenti open source
 
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
festival ICT 2013: ICT 4 Development: informatica e Terzo Settore per l’innov...
 
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
festival ICT 2013: Tra imbarazzi e perdite economiche: un anno di violazioni ...
 
BackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration TestBackBox Linux: Simulazione di un Penetration Test
BackBox Linux: Simulazione di un Penetration Test
 
BackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTFBackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTF
 
OpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessmentOpenVAS, lo strumento open source per il vulnerability assessment
OpenVAS, lo strumento open source per il vulnerability assessment
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing Methodology
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
 
Simulazione di un Penetration Test
Simulazione di un Penetration TestSimulazione di un Penetration Test
Simulazione di un Penetration Test
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Study
 
Le fasi di un Penetration testing
Le fasi di un Penetration testingLe fasi di un Penetration testing
Le fasi di un Penetration testing
 

Similar to TriplePlay-WebAppPenTestingTools

OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP
 
Tomboy Web Sync Explained
Tomboy Web Sync ExplainedTomboy Web Sync Explained
Tomboy Web Sync ExplainedMohan Krishnan
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device InsecurityJeremy Brown
 
Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Abraham Aranguren
 
From Zero to Performance Hero in Minutes - Agile Testing Days 2014 Potsdam
From Zero to Performance Hero in Minutes - Agile Testing Days 2014 PotsdamFrom Zero to Performance Hero in Minutes - Agile Testing Days 2014 Potsdam
From Zero to Performance Hero in Minutes - Agile Testing Days 2014 PotsdamAndreas Grabner
 
MNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining BotsMNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining BotsAPNIC
 
Extreme Web Performance for Mobile Devices - Velocity Barcelona 2014
Extreme Web Performance for Mobile Devices - Velocity Barcelona 2014Extreme Web Performance for Mobile Devices - Velocity Barcelona 2014
Extreme Web Performance for Mobile Devices - Velocity Barcelona 2014Maximiliano Firtman
 
Web assembly overview by Mikhail Sorokovsky
Web assembly overview by Mikhail SorokovskyWeb assembly overview by Mikhail Sorokovsky
Web assembly overview by Mikhail SorokovskyValeriia Maliarenko
 
Extreme Web Performance for Mobile Devices - Velocity NY
Extreme Web Performance for Mobile Devices - Velocity NYExtreme Web Performance for Mobile Devices - Velocity NY
Extreme Web Performance for Mobile Devices - Velocity NYMaximiliano Firtman
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMICF CIRCUIT
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
What is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWhat is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWPSFO Meetup Group
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
Website Testing Practices
Website Testing PracticesWebsite Testing Practices
Website Testing Practicesdeseomar
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon praguehernanibf
 

Similar to TriplePlay-WebAppPenTestingTools (20)

Scrapy
ScrapyScrapy
Scrapy
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
 
Learning to code
Learning to codeLearning to code
Learning to code
 
Tomboy Web Sync Explained
Tomboy Web Sync ExplainedTomboy Web Sync Explained
Tomboy Web Sync Explained
 
Cloud Device Insecurity
Cloud Device InsecurityCloud Device Insecurity
Cloud Device Insecurity
 
Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012
 
From Zero to Performance Hero in Minutes - Agile Testing Days 2014 Potsdam
From Zero to Performance Hero in Minutes - Agile Testing Days 2014 PotsdamFrom Zero to Performance Hero in Minutes - Agile Testing Days 2014 Potsdam
From Zero to Performance Hero in Minutes - Agile Testing Days 2014 Potsdam
 
MNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining BotsMNSEC Conference 2023: Mining Bots
MNSEC Conference 2023: Mining Bots
 
Faraday Blackhat 2011 Arsenal
Faraday Blackhat 2011 ArsenalFaraday Blackhat 2011 Arsenal
Faraday Blackhat 2011 Arsenal
 
Extreme Web Performance for Mobile Devices - Velocity Barcelona 2014
Extreme Web Performance for Mobile Devices - Velocity Barcelona 2014Extreme Web Performance for Mobile Devices - Velocity Barcelona 2014
Extreme Web Performance for Mobile Devices - Velocity Barcelona 2014
 
Web assembly overview by Mikhail Sorokovsky
Web assembly overview by Mikhail SorokovskyWeb assembly overview by Mikhail Sorokovsky
Web assembly overview by Mikhail Sorokovsky
 
Extreme Web Performance for Mobile Devices - Velocity NY
Extreme Web Performance for Mobile Devices - Velocity NYExtreme Web Performance for Mobile Devices - Velocity NY
Extreme Web Performance for Mobile Devices - Velocity NY
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEM
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
What is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWhat is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress Hosting
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Website Testing Practices
Website Testing PracticesWebsite Testing Practices
Website Testing Practices
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 

More from Yury Chemerkin

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Yury Chemerkin
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware descriptionYury Chemerkin
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromiseYury Chemerkin
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readmeYury Chemerkin
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesYury Chemerkin
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5sYury Chemerkin
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd nsYury Chemerkin
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601Yury Chemerkin
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Yury Chemerkin
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Yury Chemerkin
 
The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityYury Chemerkin
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesYury Chemerkin
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedYury Chemerkin
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirusYury Chemerkin
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesYury Chemerkin
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesYury Chemerkin
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisYury Chemerkin
 

More from Yury Chemerkin (20)

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware description
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromise
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readme
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificates
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5s
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd ns
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
 
Jp3 13
Jp3 13Jp3 13
Jp3 13
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...
 
The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capability
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realities
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirus
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sites
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devices
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of this
 
Msft oracle brief
Msft oracle briefMsft oracle brief
Msft oracle brief
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

TriplePlay-WebAppPenTestingTools

  • 1. Best Of Web Application Penetration Testing Tools April 2009 Paul Asadoorian, Mick Douglas, John Strand PaulDotCom Enterprises, LLC psw@pauldotcom.com
  • 2. Who We Are • PaulDotCom Enterprises - PaulDotCom Security Weekly Podcast - Penetration Testing, Security Consulting, Device Testing • PaulDotCom Community - Forum, IRC, Hack Naked TV, Wiki, Mailing List • SANS Instructors & Certified Professionals - Upcoming courses all across the world! http://pauldotcom.com/events/ http://pauldotcom.com April 2009
  • 3. The Challenge • If you had to pick tools to take with you to test a web application for security, what would they be? - You are limited to web applications, no wireless, no client-side - You must test and and identify common web app vulnerabilities (XSS, CSRF, SQL Injection) - You must show how you could penetrate systems, gain access, and keep that access to demonstrate risk http://pauldotcom.com April 2009
  • 4. Best Of Web Application Testing Tools 1) Nikto - Web server enumeration 2) Webscarab - Proxy/Scanner 3) w3af - Web Exploit framework 4) Firefox - Multi-purpose 5) Cenzic Hailstorm - Deep testing 6) Core IMPACT - Web Exploitation Spotlight - Samurai WTF http://pauldotcom.com April 2009
  • 5. This Presentation Will Help Build Your Ninja Skills... There is a network ninja in this picture.... http://pauldotcom.com April 2009
  • 6. Nikto • Performs a quick analysis of the web server and applications • Important to know which applications to attack (for “blind” tests) Recently Updated! Check the web site: • Nikto reports back on: http://www.cirt.net/nikto2 - Common vulnerable CGI applications - Web server type, version, and add-ons - “Interesting” Files http://pauldotcom.com April 2009
  • 7. Nikto • After using Nmap for host discovery, run Nikto to scan the web servers • This may spot vulnerabilities and other files of interest for attacking the application or even your target - Vulnerable Apache/IIS/PHP/.NET = PWNAGE - A file named “passwords.txt” is gold - Source code to the application or version if open source http://pauldotcom.com April 2009
  • 8. Nikto Step 1 - Run Nmap to find Web servers: # nmap -PN -oA top1000 -T4 -n -sS --top-ports 1000 -iL targets.all NOTE: This will not detect web servers running on alternate ports. To do this replace -sS with -sV. This will only do the top 1000 ports. Integrate Nikto with Nessus: http://blog.tenablesecurity.com/2008/09/using-nessus-to.html http://pauldotcom.com April 2009
  • 9. Nikto Step 2 - Parse the Nmap results into a format that Nikto can understand: $ awk '/open/ {print $2 ":" $5}' top1000.gnmap | egrep '(80|443)' | cut -d/ -f1 > nmaphosts This will produce a file with IP and Port: 1.1.1.1:80 2.2.2.2:443 http://pauldotcom.com April 2009
  • 10. Nikto Step 3 - Run Nikto: $ ./nikto.pl -h nmaphosts -o nmaphosts.out Review the output: + Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8d - Root page / redirects to: https://portal.int.pauldotcom.com/ + All CGI directories 'found', use '-C none' to test none + OSVDB-0: Non-standard header keep-alive returned by server, with contents: timeout=15, max=100 + Apache/2.2.4 appears to be outdated (current is at least Apache/2.2.9). Apache 1.3.39 and 2.0.61 are also current. + OSVDB-0: GET /myphpnuke/links.php?op=search&query=[script]alert('Vulnerable);[/script]? query= : myphpnuke is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/ advisories/CA-2000-02.html. http://pauldotcom.com April 2009
  • 11. Webscarab Flags injection points!
  • 12. Stops all requests/ responses Edit stuff here Header Information Page coming back from server to browser
  • 14. About Mick • 14+ years industry experience • Sys Admin and developer roots • Evil thoughts + curiosity + good deeds = Mick • White hat hacker http://pauldotcom.com April 2009
  • 15. You don't have any expensive tools – so what? • Too poor (like me) - I work at a not-for-profit. • Don't do this work enough to justify the $$$ tools http://pauldotcom.com April 2009
  • 16. Ain't no school like the old school • All 'sploits “in” the browser • Back in my day we didn't have tool xyz! We pushed packets through the wire by hand!! • – And we liked it that way! http://pauldotcom.com April 2009
  • 17. Big gains for doing this this way • Great way to truly learn • Deeper understanding • Almost zero false positives/negatives • Easiest way to show examples • Nearly 100% buy in from “the suits” - Hint: Works best with HTML injection ;-) http://pauldotcom.com April 2009
  • 18. How do you do it? • Don't re-invent the wheel • Find resources that specialize in this method • Rsnake's site – http://ha.ckers.org/ - A bit like drinking from the fire hose! - No he's not been doing this since 1970. ;-) http://pauldotcom.com April 2009
  • 19. Remember: Some ways are better than others • If you're truly hardcore, you can use telnet • I like Firefox – YMMV - Some extensions can really help - Have to get creative with them though! - (think evil thoughts) http://pauldotcom.com April 2009
  • 20. Firefox extensions to checkout • Firebug • YSlow • TestGen4Web http://pauldotcom.com April 2009
  • 21. Firebug – Firefox extension • Inline editing • Great for - Hidden fields - Breaking forms - Messing with JavaScript - Making rogue sites and man-in-the-middle components (a talk for another day) - (Oh it's handy for web development too...) http://pauldotcom.com April 2009
  • 22. YSlow – Firefox extension • Requires firebug • Recon like no other! Shows you: - Overall time - Gives breakdown of components • Timing is typically THE best indicator! - Is it +/-? - By how much? http://pauldotcom.com April 2009
  • 23. Firefox extension TestGen4Web • Allows record and playback • You can modify your recordings • Instant test system • There's plenty of others out there. • Experiment around! http://pauldotcom.com April 2009
  • 24. So you want more of a system? • It's OK.Web hacking by hand – or even extension isn't always the way to go. • May we interest you in w3af? http://pauldotcom.com April 2009
  • 25. w3af – the OSS web exploit system • Look Ma! Version 1 is arriving! • Impressive capabilities with high potential • If you have a commercial tool – watch this one. Might disrupt this space. • w3af could be an entire series webcasts! • Thanks Seth for bashing me over the head with this tool! http://pauldotcom.com April 2009
  • 26. w3af 101 • Vulnerability tester • Manual test capabilities • Extendable framework • Request fuzzer • Interceptor • Quite nice GUI • EXPLOIT SYSTEM!! http://pauldotcom.com April 2009
  • 27. w3af additional resources • Homepage: http://w3af.sourceforge.net/ • Movies! http://w3af.sourceforge.net/videos/ video-demos.php http://pauldotcom.com April 2009
  • 28. Methodology • Any tool you use should be geared towards helping you understand how a web application works. • Commercial tools to help with that are: - Core Impact - Cenzic Hailstorm Professional • Over the next few slides we will look at these tools further http://pauldotcom.com April 2009
  • 29. Core Impact • Yes, it is a network penetration testing tool… • But they have been working on the web side of the house for about a year now • Why?? • Because sometimes a web server is the best way to get a shell! http://pauldotcom.com April 2009
  • 30. Site Structure http://pauldotcom.com 3 April 2009
  • 31. Why do we care about site structure? • There are things that may indicate vulnerabilities - Process flow… Think CSRF - Robots.txt – What do they not want you to see? - Include.php – Configuration to a backend • Does the Developer have a clue? http://pauldotcom.com April 2009
  • 32. Why Core is on this list http://pauldotcom.com 5 April 2009
  • 33. http://pauldotcom.com 6 April 2009
  • 34. http://pauldotcom.com 7 April 2009
  • 35. http://pauldotcom.com 8 April 2009
  • 36. Cenzic Hailstorm Pro • What if you are new to the field of web applications? • What if you are a seasoned vet? • Do you need two tools? • No http://pauldotcom.com April 2009
  • 37. Flexibility • Lets be honest… • Sometimes you are checking a box. • Wouldn't you like to have the ability to check that box and do a rock’en assessment? • Or, do you want to write your own checks? http://pauldotcom.com April 2009
  • 38. Compliance Checks http://pauldotcom.com April 2009
  • 39. BYOA = Build Your Own Attacks http://pauldotcom.com April 2009
  • 40. Other tools to check out • Accunetix • HP WebInspect • You should really try more then one before you buy • Always go with the one you are most comfortable with http://pauldotcom.com April 2009
  • 41. Samurai • A very special mention • Want a live CD with all of the best Open Source web testing tools pre-installed and ready to go? • Check out Samurai! - http://samurai.inguardians.com/ http://pauldotcom.com April 2009
  • 42.
  • 43. Honorable Mentions • Spike Proxy http://www.immunitysec.com/resources- freesoftware.shtml - Highly customizable proxy written in Python • Paros Proxy - Not updated since 2006 • Grendel-scan - Web site domain expired, but awesome vulnerability scanner • Nessus 4 - Has several plugins for CGI scanning, and a built-in CGI scanner that works great for identifying web apps http://pauldotcom.com April 2009
  • 44. /* End */ • Presentations: http://pauldotcom.com/ presentations.html • Forum: http://forum.pauldotcom.com/ - Special category just for this webcast series! • Email: psw@pauldotcom.com http://pauldotcom.com April 2009