SlideShare ist ein Scribd-Unternehmen logo

«How to start in web application penetration testing» by Maxim Dzhalamaga

Als PPTX, PDF herunterladen
0
0xdec0de

0xdec0de01

Ingenieurwesen
1 von 15
How to start in web-application penetration testing
Max Dzhalamaga How to start in web-application penetration testing
What I need for start? Skin-deep knowledge: • Web technologies • Http protocol • Html • JavaScript • Web vulnerabilities
Tools: • Web proxies: • Fiddler • Burp Suite • … • Web spiders: • Burp Suite • WebScarab • … What I need for start?
Workflow • Information gathering • Test authentication • Test session management • Test authorization • Fuzz parameters • File Uploads • Denial of Service
Information gathering • Manual surfing • Robots.txt • Spidering • Search in public sources • User-Directed Spidering
Information gathering • Hidden content • Comments • Logical names • Brute-Force • HTTP headers • Vulnerability in third-party components • Answers from server (Server header, custom headers, html templates) • Default content (Wikto) • Identify all entry points
Test authentication • Determine the type of authentication mechanism • HTML forms-based authentication • HTTP basic and digest authentication • Client SSL certificates and/or smartcards • … • Check the required password complexity • Review the rules • Try to register accounts • Try to change password • Very short or blank • Common dictionary words or names • The same as the username • Still set to a default value Administrative passwords may in fact be weaker than the password policy allows. password website name 12345678 qwerty abc123 111111 monkey 12345 Login name
Test authentication • Test for delay after login with wrong credentials • Duration of the lockout • Number of failed attempts • The way, how server detects it • Test the error handle mechanism • Difference between messages text • Minor differences in responses • Different time of response
Test authentication • Test “change password” functionality • Verbose error message if invalid username • Brute-force of password • Username enumeration • Test “password recovery” functionality • Simple questions • Brute-force of answer easier than password
Test authentication • Test “remember me” functionality • Simple persistent cookie: Remember=username; • Identifier of user: Remember=475; • Brute-Force credentials
Test session management • Investigate session Token • Try to decrypt • Try changing the token’s value one byte at a time • Brute-Force token value • Session termination and Log out functionality
Test session management • Ways of stealing token • XSS • Session fixation • Cookie’s parameters • Path restriction • Domain restriction • Secure • HttpOnly
To add text To add Title

Empfohlen

REST-Api Design & Develop
REST-Api Design & DevelopREST-Api Design & Develop
REST-Api Design & DevelopSabbir Rupom
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
Web development tips and tricks
Web development tips and tricksWeb development tips and tricks
Web development tips and tricksmaxo_64
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?Derek Edwards
 
Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWTTuyen Vuong
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)Sam Bowne
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 

Empfohlen

REST-Api Design & Develop
REST-Api Design & DevelopREST-Api Design & Develop
REST-Api Design & DevelopSabbir Rupom
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
Web development tips and tricks
Web development tips and tricksWeb development tips and tricks
Web development tips and tricksmaxo_64
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?Derek Edwards
 
Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWTTuyen Vuong
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)Sam Bowne
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
Session management
Session management Session management
Session management Dhruv Aggarwal
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
MongoDB Security Features
MongoDB Security FeaturesMongoDB Security Features
MongoDB Security Featuresmahdidousti
 
CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsCNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsSam Bowne
 
AtlasCamp 2014: Connect Security
AtlasCamp 2014: Connect SecurityAtlasCamp 2014: Connect Security
AtlasCamp 2014: Connect SecurityAtlassian
 
Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobileBlueinfy Solutions
 
Taming 3rd party content
Taming 3rd party contentTaming 3rd party content
Taming 3rd party contentSergeyChernyshev
 
Jax Ajax Architecture
Jax Ajax ArchitectureJax Ajax Architecture
Jax Ajax ArchitectureAlois Reitbauer
 
Understanding Web Applications and Web Testing Tools - QAConf
Understanding Web Applications and Web Testing Tools - QAConfUnderstanding Web Applications and Web Testing Tools - QAConf
Understanding Web Applications and Web Testing Tools - QAConfnarayanraman
 
Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Stormpath
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsSam Bowne
 
Security Testing - Zap It
Security Testing - Zap ItSecurity Testing - Zap It
Security Testing - Zap ItManjyot Singh
 
Quick start guide to java script frameworks for sharepoint add ins sharepoint...
Quick start guide to java script frameworks for sharepoint add ins sharepoint...Quick start guide to java script frameworks for sharepoint add ins sharepoint...
Quick start guide to java script frameworks for sharepoint add ins sharepoint...Sonja Madsen
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web SecurityKamil Lelonek
 
Realtime web experience with signal r
Realtime web experience with signal rRealtime web experience with signal r
Realtime web experience with signal rRan Wahle
 
How hard can it be
How hard can it beHow hard can it be
How hard can it beMax Kossatz
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & CassandraApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & CassandraDataStax Academy
 
Gtm server-side tagging. Why do we need it
Gtm server-side tagging. Why do we need it Gtm server-side tagging. Why do we need it
Gtm server-side tagging. Why do we need it YuliiaTkachova
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesAxoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesBulent Buyukkahraman
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testingImaginea
 

Weitere ähnliche Inhalte

Was ist angesagt?

Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
MongoDB Security Features
MongoDB Security FeaturesMongoDB Security Features
MongoDB Security Featuresmahdidousti
 
CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsCNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsSam Bowne
 
AtlasCamp 2014: Connect Security
AtlasCamp 2014: Connect SecurityAtlasCamp 2014: Connect Security
AtlasCamp 2014: Connect SecurityAtlassian
 
Understanding Web Applications and Web Testing Tools - QAConf
Understanding Web Applications and Web Testing Tools - QAConfUnderstanding Web Applications and Web Testing Tools - QAConf
Understanding Web Applications and Web Testing Tools - QAConfnarayanraman
 
Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Stormpath
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsSam Bowne
 
Security Testing - Zap It
Security Testing - Zap ItSecurity Testing - Zap It
Security Testing - Zap ItManjyot Singh
 
Quick start guide to java script frameworks for sharepoint add ins sharepoint...
Quick start guide to java script frameworks for sharepoint add ins sharepoint...Quick start guide to java script frameworks for sharepoint add ins sharepoint...
Quick start guide to java script frameworks for sharepoint add ins sharepoint...Sonja Madsen
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web SecurityKamil Lelonek
 
Realtime web experience with signal r
Realtime web experience with signal rRealtime web experience with signal r
Realtime web experience with signal rRan Wahle
 
How hard can it be
How hard can it beHow hard can it be
How hard can it beMax Kossatz
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & CassandraApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & CassandraDataStax Academy
 
Gtm server-side tagging. Why do we need it
Gtm server-side tagging. Why do we need it Gtm server-side tagging. Why do we need it
Gtm server-side tagging. Why do we need it YuliiaTkachova
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 

Was ist angesagt? (20)

Session management
Session management Session management
Session management
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
MongoDB Security Features
MongoDB Security FeaturesMongoDB Security Features
MongoDB Security Features
 
CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsCNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side Controls
 
AtlasCamp 2014: Connect Security
AtlasCamp 2014: Connect SecurityAtlasCamp 2014: Connect Security
AtlasCamp 2014: Connect Security
 
Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobile
 
Taming 3rd party content
Taming 3rd party contentTaming 3rd party content
Taming 3rd party content
 
Jax Ajax Architecture
Jax Ajax ArchitectureJax Ajax Architecture
Jax Ajax Architecture
 
Understanding Web Applications and Web Testing Tools - QAConf
Understanding Web Applications and Web Testing Tools - QAConfUnderstanding Web Applications and Web Testing Tools - QAConf
Understanding Web Applications and Web Testing Tools - QAConf
 
Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
 
Security Testing - Zap It
Security Testing - Zap ItSecurity Testing - Zap It
Security Testing - Zap It
 
Quick start guide to java script frameworks for sharepoint add ins sharepoint...
Quick start guide to java script frameworks for sharepoint add ins sharepoint...Quick start guide to java script frameworks for sharepoint add ins sharepoint...
Quick start guide to java script frameworks for sharepoint add ins sharepoint...
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
 
Realtime web experience with signal r
Realtime web experience with signal rRealtime web experience with signal r
Realtime web experience with signal r
 
How hard can it be
How hard can it beHow hard can it be
How hard can it be
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & CassandraApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
 
Gtm server-side tagging. Why do we need it
Gtm server-side tagging. Why do we need it Gtm server-side tagging. Why do we need it
Gtm server-side tagging. Why do we need it
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 

Andere mochten auch

Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesAxoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesBulent Buyukkahraman
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testingImaginea
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
QA/Test Engineering Perspectives
QA/Test Engineering PerspectivesQA/Test Engineering Perspectives
QA/Test Engineering PerspectivesRoopesh Kohad
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Penetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD MethodologyPenetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD MethodologyRapid7
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREADchuckbt
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
E Marketing Powerpoint
E Marketing PowerpointE Marketing Powerpoint
E Marketing PowerpointPETITROBOT
 
Online Marketing Presentation
Online Marketing PresentationOnline Marketing Presentation
Online Marketing PresentationWindhill Design
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 

Andere mochten auch (20)

Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesAxoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testing
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
QA/Test Engineering Perspectives
QA/Test Engineering PerspectivesQA/Test Engineering Perspectives
QA/Test Engineering Perspectives
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
Penetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD MethodologyPenetration Testing Techniques - DREAD Methodology
Penetration Testing Techniques - DREAD Methodology
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security Testing
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & Testing
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
E Marketing Powerpoint
E Marketing PowerpointE Marketing Powerpoint
E Marketing Powerpoint
 
Online Marketing Presentation
Online Marketing PresentationOnline Marketing Presentation
Online Marketing Presentation
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Online Marketing
Online MarketingOnline Marketing
Online Marketing
 
Emarketing ppt
Emarketing pptEmarketing ppt
Emarketing ppt
 

Ähnlich wie «How to start in web application penetration testing» by Maxim Dzhalamaga

CNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationCNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationSam Bowne
 
CNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationCNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationSam Bowne
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationSam Bowne
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking AuthenticationSam Bowne
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
Super simple application security with Apache Shiro
Super simple application security with Apache ShiroSuper simple application security with Apache Shiro
Super simple application security with Apache ShiroMarakana Inc.
 
Building an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfBuilding an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfJorge Alvarez
 
Redesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebRedesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebCliff Smith
 
CNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationCNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationSam Bowne
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
Rest API Security
Rest API SecurityRest API Security
Rest API SecurityStormpath
 
Cloud identity management meetup 150108
Cloud identity management meetup 150108Cloud identity management meetup 150108
Cloud identity management meetup 150108Morteza Ansari
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management Sam Bowne
 
CNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking AuthenticationCNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking AuthenticationSam Bowne
 
Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Ajay Negi
 
Introduction to OWASP & Web Application Security
Introduction to OWASP & Web Application SecurityIntroduction to OWASP & Web Application Security
Introduction to OWASP & Web Application SecurityOWASPKerala
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
 

Ähnlich wie «How to start in web application penetration testing» by Maxim Dzhalamaga (20)

CNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationCNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking Authentication
 
CNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking AuthenticationCNIT 129S - Ch 6a: Attacking Authentication
CNIT 129S - Ch 6a: Attacking Authentication
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the Application
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking Authentication
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
Super simple application security with Apache Shiro
Super simple application security with Apache ShiroSuper simple application security with Apache Shiro
Super simple application security with Apache Shiro
 
Building an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdfBuilding an Effective Architecture for Identity and Access Management.pdf
Building an Effective Architecture for Identity and Access Management.pdf
 
Redesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern WebRedesigning Password Authentication for the Modern Web
Redesigning Password Authentication for the Modern Web
 
CNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationCNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the Application
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
 
Cloud identity management meetup 150108
Cloud identity management meetup 150108Cloud identity management meetup 150108
Cloud identity management meetup 150108
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management
 
CNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking AuthenticationCNIT 129: 6. Attacking Authentication
CNIT 129: 6. Attacking Authentication
 
Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)
 
Introduction to OWASP & Web Application Security
Introduction to OWASP & Web Application SecurityIntroduction to OWASP & Web Application Security
Introduction to OWASP & Web Application Security
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
 

Kürzlich hochgeladen

Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfSuman Jyoti
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptNANDHAKUMARA10
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Unit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfUnit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfRagavanV2
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 

Kürzlich hochgeladen (20)

Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Unit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfUnit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdf
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 

«How to start in web application penetration testing» by Maxim Dzhalamaga

  • 1. How to start in web-application penetration testing
  • 2. Max Dzhalamaga How to start in web-application penetration testing
  • 3. What I need for start? Skin-deep knowledge: • Web technologies • Http protocol • Html • JavaScript • Web vulnerabilities
  • 4. Tools: • Web proxies: • Fiddler • Burp Suite • … • Web spiders: • Burp Suite • WebScarab • … What I need for start?
  • 5. Workflow • Information gathering • Test authentication • Test session management • Test authorization • Fuzz parameters • File Uploads • Denial of Service
  • 6. Information gathering • Manual surfing • Robots.txt • Spidering • Search in public sources • User-Directed Spidering
  • 7. Information gathering • Hidden content • Comments • Logical names • Brute-Force • HTTP headers • Vulnerability in third-party components • Answers from server (Server header, custom headers, html templates) • Default content (Wikto) • Identify all entry points
  • 8. Test authentication • Determine the type of authentication mechanism • HTML forms-based authentication • HTTP basic and digest authentication • Client SSL certificates and/or smartcards • … • Check the required password complexity • Review the rules • Try to register accounts • Try to change password • Very short or blank • Common dictionary words or names • The same as the username • Still set to a default value Administrative passwords may in fact be weaker than the password policy allows. password website name 12345678 qwerty abc123 111111 monkey 12345 Login name
  • 9. Test authentication • Test for delay after login with wrong credentials • Duration of the lockout • Number of failed attempts • The way, how server detects it • Test the error handle mechanism • Difference between messages text • Minor differences in responses • Different time of response
  • 10. Test authentication • Test “change password” functionality • Verbose error message if invalid username • Brute-force of password • Username enumeration • Test “password recovery” functionality • Simple questions • Brute-force of answer easier than password
  • 11. Test authentication • Test “remember me” functionality • Simple persistent cookie: Remember=username; • Identifier of user: Remember=475; • Brute-Force credentials
  • 12. Test session management • Investigate session Token • Try to decrypt • Try changing the token’s value one byte at a time • Brute-Force token value • Session termination and Log out functionality
  • 13. Test session management • Ways of stealing token • XSS • Session fixation • Cookie’s parameters • Path restriction • Domain restriction • Secure • HttpOnly
  • 14.
  • 15. To add text To add Title

Hinweis der Redaktion

  1. Server can check only part from token data Using a list of enumerated or common usernames, they can quickly generate large numbers of potentially valid tokens and test these to confi rm which are valid. Concealed sequences n Time dependency n Weak random number generation
  2. Server can check only part from token data Using a list of enumerated or common usernames, they can quickly generate large numbers of potentially valid tokens and test these to confi rm which are valid. Concealed sequences n Time dependency n Weak random number generation