![DAST-Werkzeuge
● Burp (ca. 200 $)
● OWASP Zap
● w3af
● sqlmap/nosqlmap
● weitere bei sectoolmarket.com
[1] http://www.sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html](https://image.slidesharecdn.com/selfmadesecuritycheck-140822155950-phpapp02/75/self-made-web-20-security-testing-6-2048.jpg?cb=1668743088)
![DAST-Werkzeuge
● Burp (ca. 200 $)
● OWASP Zap
● w3af
● sqlmap/nosqlmap
● weitere bei sectoolmarket.com
[1] http://www.sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html](https://image.slidesharecdn.com/selfmadesecuritycheck-140822155950-phpapp02/75/self-made-web-20-security-testing-7-2048.jpg?cb=1668743088)
Self Made Web 2.0 Security Testing
•0 gefällt mir•1,616 views
Melden
Teilen
Downloaden Sie, um offline zu lesen
Sicherheitstests mit OWASP ZAP
Más contenido relacionado
Similar a Self Made Web 2.0 Security Testing
Similar a Self Made Web 2.0 Security Testing(20)
Self Made Web 2.0 Security Testing
- 1. Self-Made Web 2.0 Security Testing Sven Großmann, Timo Pagel
- 2. Vorstellung ● Sven ○ Master Student: Information Technology ■ Schwerpunkt: Web-Technologien ● Timo ○ Fachinformatiker (Systemintegration) ○ Master Student: Information Technology ■ Schwerpunkt: IT-Sicherheit
- 4. Werkzeuge des White Hats Vulnerability Scans (DAST) Web Application Firewalls Code Analysen (SAST) System Härtungen Sicherheits Schulungen Intrusion Detection Systems
- 5. Werkzeuge des Black Hats Web Application SQL Injection Cross Site Scripting Security Misconfiguration ... DAST
- 6. DAST-Werkzeuge ● Burp (ca. 200 $) ● OWASP Zap ● w3af ● sqlmap/nosqlmap ● weitere bei sectoolmarket.com [1] http://www.sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html
- 7. DAST-Werkzeuge ● Burp (ca. 200 $) ● OWASP Zap ● w3af ● sqlmap/nosqlmap ● weitere bei sectoolmarket.com [1] http://www.sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html
- 8. Ein einfacher Scan ● Spider ○ Abdeckung der Seitenstruktur ● Scan ○ Schwachstellen aufdecken
- 10. Funktionsweise Proxy: Spider/Scanner: In Anlehnung an: https://blog.codecentric.de/files/2013/10/overview.png
- 11. Ein einfacher Scan Demo: OWASP Zap und WackoPicko
- 12. Funktionsweise Proxy: Spider/Scanner: AjaxSpider: In Anlehnung an: https://blog.codecentric. de/files/2013/10/overview.png
- 13. OWASP Top Ten ● A1 Injection ● A2 Broken Authentication and Session Management ● A3 Cross-Site Scripting (XSS) ● A4 Insecure Direct Object References ● A5 Security Misconfiguration ● A6 Sensitive Data Exposure ● A7 Missing Function Level Access Control ● A8 Cross-Site Request Forgery (CSRF) ● A9 Using Components with Known Vulnerabilities ● A10 Unvalidated Redirects and Forwards Quelle: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- 14. Vielen Dank Kontakt: Timo Pagel: security@timo-pagel.de Sven Großmann: svennergr@gmail.com
- 15. Bild Quellen Disney Interactive: http://www.starwars.com/