SlideShare ist ein Scribd-Unternehmen logo

Web Application Hacking

Als ODP, PDF herunterladen
Muchammad Sholeh
Muchammad Sholeh
Technologie
1 von 20
Web Application Hacking By Muchammad Sholeh Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
Hacking Methodology
Computer Search Engine By ShodanHq
Shodan Exploits
A n I n t r o d u c t io n t o Z A P T h e O W A S P Z e d A tta c k P ro x y
Main Feature A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g • I n t e r c e p t in g P r o x y • A c t iv e a n d P a s s iv e S c a n n e r s • S p id e r • R e p o r t G e n e r a t io n • B r u t e F o r c e ( u s in g O W A S P D ir B u s t e r c o d e ) • F u z z in g ( u s in g O W A S P J B r o F u z z c o d e )
The Additional Features • A u t o t a g g in g • Po rt sca n n e r • Sm a rt ca rd su p p o rt • S e s s io n c o m p a r is o n • In v o k e e xte rn a l a p p s • B e a n S h e ll in t e g r a t io n • A P I + H e a d le s s m o d e • D y n a m ic S S L C e r t if ic a t e s • A n t i C S R F t o k e n h a n d lin g
http://www.nuovoline.com/order.php?do=etc%2Fpasswd
List Tools Scanning and Enumeration ● Zap Proxy ● Arachni ● W3AF ● Wapiti ● OpenVas ● Nessus ● Nikto.PL ● NMAP ● ShodanHQ
Penetration Testing OS Base on OSS ● Backtrack Linux ● Kali Linux ● OWASP ● OSWTF ● Samurai Linux ● 4n6 ● etc
Common Vulnerability Reference ● CVE (Common Vulnerability Exposure) ● OSVDB (Open Source Vulenerability Database) ● ExploitDB (http://www.exploit-db.com/) ● National Vulnerability Database ● Common Vulnerability Scoring System (CVSSSIG) -FIRST ● CVE Details (http://www.cvedetails.com/) ● Injector Exploitation Tools ● Exploit-ID (http://www.exploit-id.com/)
EOF

Empfohlen

Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Mike Lee
 
Edu614 session 3 presentation tools
Edu614 session 3 presentation toolsEdu614 session 3 presentation tools
Edu614 session 3 presentation toolsKathy Favazza
 
Comprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsComprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsLINE Corporation
 
Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...LINE Corporation
 
Robotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageRobotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageAlec Coughlin
 
OPVL Common Mistakes
OPVL Common MistakesOPVL Common Mistakes
OPVL Common Mistakesmczamora
 
Doctor Appointment App Development Company
Doctor Appointment App Development CompanyDoctor Appointment App Development Company
Doctor Appointment App Development Companydeorwine infotech
 
GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1Nicole Leslie
 

Empfohlen

Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Mike Lee
 
Edu614 session 3 presentation tools
Edu614 session 3 presentation toolsEdu614 session 3 presentation tools
Edu614 session 3 presentation toolsKathy Favazza
 
Comprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsComprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsLINE Corporation
 
Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...LINE Corporation
 
Robotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageRobotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageAlec Coughlin
 
OPVL Common Mistakes
OPVL Common MistakesOPVL Common Mistakes
OPVL Common Mistakesmczamora
 
Doctor Appointment App Development Company
Doctor Appointment App Development CompanyDoctor Appointment App Development Company
Doctor Appointment App Development Companydeorwine infotech
 
GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1Nicole Leslie
 
Python (part 0)
Python (part 0)Python (part 0)
Python (part 0)Ramin Najjarbashi
 
Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Ankita Nagvekar
 
Mock proposal for digitisation project
Mock proposal for digitisation projectMock proposal for digitisation project
Mock proposal for digitisation projectGiada Gelli
 
AWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAlvaro García Loaisa
 
Investigacion oprativa silva
Investigacion oprativa silvaInvestigacion oprativa silva
Investigacion oprativa silvaybettsilva2014
 
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?collaborator.pro
 
Transforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesTransforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesKishore Yekkanti
 
Ninja Correlation of APT Binaries
Ninja Correlation of APT BinariesNinja Correlation of APT Binaries
Ninja Correlation of APT BinariesCODE BLUE
 
Switching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileSwitching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileDoc Norton
 
The Road to QA
The Road to QAThe Road to QA
The Road to QABenjamin Bischoff
 
Information Security Project Management
Information Security Project ManagementInformation Security Project Management
Information Security Project ManagementIgor Pertsovsky
 
PRESENTATION
PRESENTATIONPRESENTATION
PRESENTATIONMTalhaQureshi1
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX
 
SharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindSharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindChris Johnson
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress DevelopersDavid Brumbaugh
 
From Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsFrom Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsRonald Ashri
 
From Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsFrom Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsRonald Ashri
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Kancil San
 
Selection
SelectionSelection
SelectionAli Kamran
 
Offline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresOffline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresPedro Teixeira
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitAmazon Web Services
 
Uncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningUncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningKan Ouivirach, Ph.D.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Ankita Nagvekar
 
Mock proposal for digitisation project
Mock proposal for digitisation projectMock proposal for digitisation project
Mock proposal for digitisation projectGiada Gelli
 
AWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAlvaro García Loaisa
 
Investigacion oprativa silva
Investigacion oprativa silvaInvestigacion oprativa silva
Investigacion oprativa silvaybettsilva2014
 
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?collaborator.pro
 

Was ist angesagt? (6)

Python (part 0)
Python (part 0)Python (part 0)
Python (part 0)
 
Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree?
 
Mock proposal for digitisation project
Mock proposal for digitisation projectMock proposal for digitisation project
Mock proposal for digitisation project
 
AWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWS
 
Investigacion oprativa silva
Investigacion oprativa silvaInvestigacion oprativa silva
Investigacion oprativa silva
 
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
 

Ähnlich wie Web Application Hacking

Transforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesTransforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesKishore Yekkanti
 
Ninja Correlation of APT Binaries
Ninja Correlation of APT BinariesNinja Correlation of APT Binaries
Ninja Correlation of APT BinariesCODE BLUE
 
Switching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileSwitching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileDoc Norton
 
Information Security Project Management
Information Security Project ManagementInformation Security Project Management
Information Security Project ManagementIgor Pertsovsky
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX
 
SharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindSharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindChris Johnson
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress DevelopersDavid Brumbaugh
 
From Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsFrom Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsRonald Ashri
 
From Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsFrom Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsRonald Ashri
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Kancil San
 
Offline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresOffline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresPedro Teixeira
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitAmazon Web Services
 
Uncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningUncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningKan Ouivirach, Ph.D.
 
Gain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS SummitGain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS SummitAmazon Web Services
 
MVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & ProfitMVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & ProfitJohn Mark Troyer
 

Ähnlich wie Web Application Hacking (20)

Transforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesTransforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservices
 
Ninja Correlation of APT Binaries
Ninja Correlation of APT BinariesNinja Correlation of APT Binaries
Ninja Correlation of APT Binaries
 
Switching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileSwitching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to Agile
 
The Road to QA
The Road to QAThe Road to QA
The Road to QA
 
Information Security Project Management
Information Security Project ManagementInformation Security Project Management
Information Security Project Management
 
PRESENTATION
PRESENTATIONPRESENTATION
PRESENTATION
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
 
SharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindSharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mind
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress Developers
 
From Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsFrom Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dots
 
From Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsFrom Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the Dots
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
 
Selection
SelectionSelection
Selection
 
Offline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresOffline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failures
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
 
Uncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningUncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine Learning
 
Gain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS SummitGain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS Summit
 
Yammer time
Yammer timeYammer time
Yammer time
 
War robot.pptx
War robot.pptxWar robot.pptx
War robot.pptx
 
MVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & ProfitMVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & Profit
 

Mehr von Muchammad Sholeh

Roadmap govcsirt versi sholeh
Roadmap govcsirt versi sholehRoadmap govcsirt versi sholeh
Roadmap govcsirt versi sholehMuchammad Sholeh
 
Ssl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholehSsl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholehMuchammad Sholeh
 
Softwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholehSoftwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholehMuchammad Sholeh
 
Openoffice 3.2.1 presentation
Openoffice 3.2.1 presentationOpenoffice 3.2.1 presentation
Openoffice 3.2.1 presentationMuchammad Sholeh
 
Open source Traning at Brebes
Open source Traning at BrebesOpen source Traning at Brebes
Open source Traning at BrebesMuchammad Sholeh
 

Mehr von Muchammad Sholeh (13)

Roadmap govcsirt versi sholeh
Roadmap govcsirt versi sholehRoadmap govcsirt versi sholeh
Roadmap govcsirt versi sholeh
 
Ssl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholehSsl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholeh
 
Spreadsheet
SpreadsheetSpreadsheet
Spreadsheet
 
Softwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholehSoftwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholeh
 
Se legal foss makassar
Se legal foss makassarSe legal foss makassar
Se legal foss makassar
 
Openoffice 3.2.1 presentation
Openoffice 3.2.1 presentationOpenoffice 3.2.1 presentation
Openoffice 3.2.1 presentation
 
Ooo writer pendahuluan
Ooo writer pendahuluanOoo writer pendahuluan
Ooo writer pendahuluan
 
Ooo writer
Ooo writerOoo writer
Ooo writer
 
IT Government
IT GovernmentIT Government
IT Government
 
Open source Traning at Brebes
Open source Traning at BrebesOpen source Traning at Brebes
Open source Traning at Brebes
 
Dss pert1
Dss pert1Dss pert1
Dss pert1
 
Pert1 netprog
Pert1 netprogPert1 netprog
Pert1 netprog
 
Gov csirt sholeh
Gov csirt sholehGov csirt sholeh
Gov csirt sholeh
 

Kürzlich hochgeladen

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Kürzlich hochgeladen (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Web Application Hacking

  • 1. Web Application Hacking By Muchammad Sholeh Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 9.
  • 12. A n I n t r o d u c t io n t o Z A P T h e O W A S P Z e d A tta c k P ro x y
  • 13. Main Feature A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g • I n t e r c e p t in g P r o x y • A c t iv e a n d P a s s iv e S c a n n e r s • S p id e r • R e p o r t G e n e r a t io n • B r u t e F o r c e ( u s in g O W A S P D ir B u s t e r c o d e ) • F u z z in g ( u s in g O W A S P J B r o F u z z c o d e )
  • 14. The Additional Features • A u t o t a g g in g • Po rt sca n n e r • Sm a rt ca rd su p p o rt • S e s s io n c o m p a r is o n • In v o k e e xte rn a l a p p s • B e a n S h e ll in t e g r a t io n • A P I + H e a d le s s m o d e • D y n a m ic S S L C e r t if ic a t e s • A n t i C S R F t o k e n h a n d lin g
  • 16.
  • 17. List Tools Scanning and Enumeration ● Zap Proxy ● Arachni ● W3AF ● Wapiti ● OpenVas ● Nessus ● Nikto.PL ● NMAP ● ShodanHQ
  • 18. Penetration Testing OS Base on OSS ● Backtrack Linux ● Kali Linux ● OWASP ● OSWTF ● Samurai Linux ● 4n6 ● etc
  • 19. Common Vulnerability Reference ● CVE (Common Vulnerability Exposure) ● OSVDB (Open Source Vulenerability Database) ● ExploitDB (http://www.exploit-db.com/) ● National Vulnerability Database ● Common Vulnerability Scoring System (CVSSSIG) -FIRST ● CVE Details (http://www.cvedetails.com/) ● Injector Exploitation Tools ● Exploit-ID (http://www.exploit-id.com/)
  • 20. EOF