Weitere ähnliche Inhalte
Ähnlich wie Team RISC nullcon 2012 Jailbreak presentation
Ähnlich wie Team RISC nullcon 2012 Jailbreak presentation (20)
Kürzlich hochgeladen (20)
Team RISC nullcon 2012 Jailbreak presentation
- 5. Why Joomla/Gymla ?
● Challenge !
● Learn exploitation in complex
web applications
● IBM X-force paper on CMS
security.
- 12. Know your enemy
If you know your enemies and know yourself, you will not be
imperiled in a hundred battles
-- Sun Tzu, the art of war
- 16. Source code
Auditing
● Identify vulnerable Functions
● Analyze the entry points
● Analyze Input Validations.
- 22. Fuzzing
● Find the entry points
● SQL Injection
● XSS
● CSRF
● Command Injection
● Click Jacking with Drag and drop
- 25. Tools used for Source
code auditing
● The mighty grep
● RIPS
● RATS
- 27. References
● http://www.exploit-db.com/papers/15780/
● Burp Suite
● http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321