WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)
|
|
- Aleesha Bell
- 8 years ago
- Views:
Transcription
1 WEB APPLICATION HACKING Part 2: Tools of the Trade (and how to use them) Jonathan Eddy September 27, 2013 Last Updated September 27, 2013
2 MAPPING THE APPLICATION 4 2
3 ENUMERATING CONTENT AND FUNCTIONALITY Why? Rigorous inspection of content Get a comprehensive record of everything identified Find hidden content in addition to manual browsing 3
4 WEB SPIDERING Basic tools use the model of request, parse for links to other content, and continue recursively until no new content is discovered Web application spiders also: Parse HTML forms and submit them with random values (fuzzing) Parse client-side JS to extract additional URLs Examples are Paros, BurpSpider (part of Burp Suite), and WebScarab Limitations are: The handling of unusual navigation mechanisms leading to missed content Form submittal usually fails due to the random values used Dynamic content URLs are assumed to have the same content or conversely may contain volatile data such as timers Authentication causes many problems (logouts, session termination due to invalid input, per-page tokens, etc.) 4
5 USER-DIRECTED SPIDERING More sophisticated and controlled than automated spidering User interacts with the web application normally but the spider acts as a proxy and monitors and captures the requests and responses made The spiders in Burp Suite and WebScarab can be used this way Benefits: Complex navigation can be followed through in a normal way Data validation is not an issue as the user is checking the input Session management is not an issue as the user is handling this All functionality will be included for dynamic content but not all of it has to be carried out (i.e. deleteuser.jsp) 5
6 HACK STEPS FOR USER-DIRECTED SPIDERING 1. Configure your browser to use the mapping application as a local proxy 2. Browse the entire application with JS/cookies/etc. enabled and disabled 3. Review the site map generated by the proxy/spider tool and see if any additional content needs to be accessed 6
7 DISCOVERING HIDDEN CONTENT Additional and useful information Test functionality Backup copies of live files Backup archives that contain a full snapshot of files New functionality that has not yet been implemented Old versions of files (vulnerabilities?) Configuration and include files Source files for compiled applications Log files that may contain sensitive information Brute-Force Techniques and their Errors 302 Found may redirect to a login, error page, or other location 400 Bad Request usually invalid syntax 401 Unauthorized / 403 Forbidden something may exist but is not accessible 500 Internal Server Error certain parameters are unexpected 7
8 HACK STEPS FOR BRUTE FORCE TECHNIQUES 1. Make requests for known valid and invalid resources while identifying how the server handles the invalid resources 2. Use the site map generated from user-directed spidering as a basis for automated discovery of hidden content 3. Make automated requests for common filenames and directories within each directory path known to exist within the application 4. Capture the responses received from the server and review them to ID valid resources 5. Perform the exercise recursively as new content is discovered 8
9 HACK STEPS FOR INFERENCE FROM PUBLISHED CONTENT 1. Compile lists of all enumerated subdirectories, file stems, and file extensions 2. Review these lists to ID any naming schemes and common extensions in use 3. Check for naming patterns as well 4. Review all client-side code to ID clues about hidden serverside content, especially references to server-side includes 9
10 HACK STEPS FOR USE OF PUBLIC INFORMATION 1. Use several different search engines / web archives or an aggregate search engine to discover indexed and stored content 2. Use advanced techniques (depending on the search engine) to maximize effectiveness 1. site: target a site 2. site: login target a site and keyword 3. link: return links for other sites that link to the target 4. related: returns similar pages 5. Perform these searches in multiple sections of the search engine 6. Repeat the search with omitted results 7. View the cached version of interesting pages 3. Further target users and addresses as well 10
11 LEVERAGING THE WEB SERVER Vulnerabilities may exist at the web server layer such as directory listing and source code dumping Nikto can help in discovering these resources (that may or may not be linked within the web application) of interest for formulating an attack Make sure the location you are checking is correct if the server is configured as non-standard Make sure to specify if a custom 404 page is used Always check results returned by Nikto manually as there may be false positives 11
12 APPLICATION PAGES VS. FUNCTIONAL PATHS Many types of request may be made to just one or two unique URLs that dynamically handle and pass along the content to other portions of the web application Use this knowledge to start at that page / those pages and map the functional paths within the application, showing all of the enumerated functions and the logical paths & dependencies between them Hidden parameters and values such as an additional &debug=true statement may also be guessed to allow for changed functionality in the web application Examples: debug, test, hide, or source along with true, yes, or 1 Burp Intruder along with the cluster bomb attack may be useful Target functions likely to use logic such as logins and uploaders 12
13 ANALYZING THE APPLICATION Enumerating is only one element of the mapping process Analyzing application functionality, behavior, and technologies to identify key attack surfaces and formulate an approach to probing the application for exploitable vulnerabilities is equally important Areas to investigate include: Core application functionality Peripheral application behavior (logging, links, errors, redirects, etc.) Core security mechanisms (session management, authentication, user registration, password changes, application logic, etc.) Locations where user-supplied input is processed Client-side technologies (Java applets, ActiveX, Flash, cookies, etc.) Server-side technologies (static and dynamic pages, request parameters, SSL [non-]use, DB interaction, systems, etc.) 13
14 IDENTIFYING ENTRY POINTS FOR USER INPUT In HTTP requests, look at URL strings (up to the query string marker) Parameters in the URL query string Parameters in the body of a POST request Cookies Other HTTP headers (such as User-Agent, Referer, Accept, Accept- Language, and Host) In URLs, look for nonstandard query string formats Also look for data sent to an application by an out-of-band channel that can be determined by inspecting HTTP traffic This may be able to be manipulated even if the web application is itself not vulnerable Examples include applications that wait for triggers, changing statuses of other servers, and content from network sniffers 14
15 IDENTIFYING SERVER-SIDE TECHNOLOGIES Banner grabbing HTTP Server header and others may contain a great deal of information about the web server HTTP fingerprinting Even if masked, specialized tools such as Httprint may be able to determine the web server software File extensions Many extensions will disclose a platform or programming language Example:.aspx is a Microsoft ASP.NET server and.cfm is ColdFusion Directory names Many directory names will disclose the presence of a technology Example: servlet for Java servlets, WebObjects for Apple WebObjects Session Tokens Many web servers and web application platforms generate tokens that provide information about which technology is in use Example: ASPSESSIONID for Microsoft IIS server, PHPSESSID for PHP Also, don t forget about third-party components on the server 15
16 IDENTIFYING SERVER-SIDE FUNCTIONALITY Dissecting requests Long URLs may contain many of the identifiers previously discussed such as SQL query language or addresses Check the server for any obfuscation schemes for stored data to see if they are easily reversible (i.e. BASE64) Try to get the server to return verbose debugging messages that may contain additional information about the server 16
17 MAPPING THE ATTACK SURFACE Function Client-side validation Database interaction File transfer Display of user-supplied data Dynamic redirects Login Exploit These checks may not be replicated on the server SQL injection Path traversal vulnerabilities XSS Redirection and header injection attacks Username enumeration, weak passwords, brute force attacks 17
18 MAPPING THE ATTACK SURFACE (CONTINUED) Function Multistage login Session state Access controls User impersonation functions Use of cleartext communications Off-site links Exploit Logic flaws Predictable tokens, insecure handling of tokens Horizontal and vertical privilege escalation Privilege escalation Session hijacking, capture of credentials and/or other sensitive data Leakage of query string parameters in the Referer header 18
19 MAPPING THE ATTACK SURFACE (CONTINUED) Function Interfaces to external systems Error messages interaction Native code components or interaction Use of third-party application components Identifiable web server software Exploit Shortcuts in handling of sessions and/or access controls Information leakage and/or command injection Buffer overflows Known vulnerabilities Common configuration weaknesses, known bugs 19
20 A WEB APPLICATION HACKER S TOOLKIT 19 20
21 WHAT DO I NEED THESE TOOLS FOR? Footprinting Gathering data to map the security profile of a specific organization Results in a unique organizational profile of its systems and networks Includes locating the network range and identifying active machines Fingerprinting The act of identifying systems (specifically, their operating system) This is possible because different vendors implement the TCP stack differently Passive no packets or traffic are injected into the network Active specially crafted packets are injected into the network to see how systems respond Enumeration Active connections to systems and directed queries Includes looking for network shares, users and groups, applications, and banners SNMP Enumeration connecting to devices with SNMP agents running Mapping the attack surface Identifying the various attack surfaces and potential vulnerabilities 21
22 INFORMATION GATHERING SCANNERS Nmap (GUI Zenmap) A free and open source (license) utility for network discovery and security auditing Fing Get in seconds a complete picture of the network you are in, including IP and MAC addresses, device vendors and ISP location Angry IP Scanner (ipscan) Angry IP Scanner (or simply ipscan) is an open-source and crossplatform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features A WiFi-only network scanner WiFite - Kismet - KisMAC (OS X only)
23 GENERAL VULNERABILITY SCANNERS Nessus Nessus is the industry s most widely-deployed vulnerability and configuration assessment product. Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis. OpenVAS OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. 23
24 WEB VULNERABILITY SCANNERS Paros (OS X GUI Andiparos) A Java based HTTP/HTTPS proxy for assessing web application vulnerability. Supports editing/viewing HTTP messages on-the-fly. Other features include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc. Nikto (OS X GUI Yang) A web server scanner which performs comprehensive tests against web servers for multiple items, including files/cgis, outdated server versions, and version specific problems. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Burp Suite An integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Webscarab(-ng) A a framework for analysing applications that communicate using the HTTP and HTTPS protocols. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. Skipfish An active web application security reconnaissance tool Prepares a sitemap which is checked for security flaws and then sent to a final report 24
25 PASSWORD CRACKERS John the Ripper A fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. Hydra - A fast network logon cracker which supports many different services (see network_password_cracker_comparison.html) 25
26 OTHER USEFUL TOOLS Wireshark A packet analyzer used for network troubleshooting, analysis, software and communications protocol development Wget A software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols curl A command line tool for transferring data with URL syntax Netcat / Ncat Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol Often used by Metasploit and other toolkits to open shells Stunnel Designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. 26
27 END Questions? 27
(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationChapter 1 Web Application (In)security 1
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationLecture 11 Web Application Security (part 1)
Lecture 11 Web Application Security (part 1) Computer and Network Security 4th of January 2016 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 11, Web Application Security (part 1)
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationWeb Application Penetration Testing
Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com
More informationEvaluation of Penetration Testing Software. Research
Evaluation of Penetration Testing Software Research Penetration testing is an evaluation of system security by simulating a malicious attack, which, at the most fundamental level, consists of an intellectual
More informationhttps://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting
https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests
More informationWeb Security Testing Cookbook*
Web Security Testing Cookbook* Systematic Techniques to Find Problems Fast Paco Hope and Ben Walther O'REILLY' Beijing Cambridge Farnham Koln Sebastopol Tokyo Table of Contents Foreword Preface xiii xv
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationClient logo placeholder XXX REPORT. Page 1 of 37
Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationLearn Ethical Hacking, Become a Pentester
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationLast update: February 23, 2004
Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to
More informationSecure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification
Secure Web Development Teaching Modules 1 Security Testing Contents 1 Concepts... 1 1.1 Security Practices for Software Verification... 1 1.2 Software Security Testing... 2 2 Labs Objectives... 2 3 Lab
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationEssential IT Security Testing
Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationUsing Nessus In Web Application Vulnerability Assessments
Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security pasadoorian@tenablesecurity.com About Tenable Nessus vulnerability scanner, ProfessionalFeed
More informationSENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN. Final. Version 1.0
SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN Final Version 1.0 Preconditions This security testing plan is dependent on the following preconditions:
More informationSample Report. Security Test Plan. Prepared by Security Innovation
Sample Report Security Test Plan Prepared by Security Innovation Table of Contents 1.0 Executive Summary... 3 2.0 Introduction... 3 3.0 Strategy... 4 4.0 Deliverables... 4 5.0 Test Cases... 5 Automation...
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationAiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.
Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern
More informationAttack and Penetration Testing 101
Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing
More informationApplication Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il
Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems
More informationWeb Application Vulnerability Testing with Nessus
The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information
More informationSecurity Considerations White Paper for Cisco Smart Storage 1
Security Considerations White Paper for Cisco Smart Storage An open network is like a bank s vault with windows Bill Thomson Network-Attached Storage (NAS) is a relatively simple and inexpensive way to
More informationTop Ten Web Attacks. Saumil Shah Net-Square. BlackHat Asia 2002, Singapore
Top Ten Web Attacks Saumil Shah Net-Square BlackHat Asia 2002, Singapore TodayÕs battleground Ð the Web Web sites and web applications rapidly growing. Complex business applications are now delivered over
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationDeciphering The Prominent Security Tools Ofkali Linux
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 1 January 2015, Page No. 9907-9911 Deciphering The Prominent Security Tools Ofkali Linux Talatam.Durga
More informationBuild Your Own Security Lab
Build Your Own Security Lab A Field Guide for Network Testing Michael Gregg WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XXI xxiii Chapter 1 Hardware and Gear Why Build a Lab? Hackers
More informationVulnerability Assessment Lab
Vulnerability Assessment Lab Fully assessing a company's security posture is a critical job to maintain intellectual property integrity, and protect customer information. As a security auditor your job
More informationDetecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008
Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationSitefinity Security and Best Practices
Sitefinity Security and Best Practices Table of Contents Overview The Ten Most Critical Web Application Security Risks Injection Cross-Site-Scripting (XSS) Broken Authentication and Session Management
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationInformation Security. Training
Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin
More informationRecon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins
Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you
More informationSimon Fraser University. Web Security. Dr. Abhijit Sen CMPT 470
Web Security Dr. Abhijit Sen 95% of web apps have Vulnerabilities Cross-site scripting (80 per cent) SQL injection (62 per cent) Parameter tampering (60 per cent) http://www.vnunet.com/vnunet/news/2124247/web-applicationswide-open-hackers
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationDISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES
DISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES By Michael Crouse Dr. Errin W. Fulp, Ph.D., Advisor Abstract The increasingly high volume of users on the web and their use of web
More informationThe Nexpose Expert System
Technical Paper The Nexpose Expert System Using an Expert System for Deeper Vulnerability Scanning Executive Summary This paper explains how Rapid7 Nexpose uses an expert system to achieve better results
More informationBarracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper
Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper Securing Web Applications As hackers moved from attacking the network to attacking the deployed applications, a category
More informationEthical Hacking as a Professional Penetration Testing Technique
Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. info@rd1.net 2 Background Founder of Durkee Consulting since 1996
More informationBASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS
BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS Published by Tony Porterfield Feb 1, 2015. Overview The intent of this test plan is to evaluate a baseline set of data security practices
More informationHP WebInspect Tutorial
HP WebInspect Tutorial Introduction: With the exponential increase in internet usage, companies around the world are now obsessed about having a web application of their own which would provide all the
More informationPenetration Testing Workshop
Penetration Testing Workshop Who are we? Carter Poe Nathan Ritchey Mahdi Shapouri Fred Araujo Outline Ethical hacking What is penetration testing? Planning Reconnaissance Footprinting Network Endpoint
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationWeb Application Vulnerability Assessment Discovering and Mitigating Security Issues in Web Applications
Web Application Vulnerability Assessment July 2005 Kristof Philipsen ( kristof.philipsen@cybertrus t.com) 1/70 Table of Contents ABSTRACT...4 1. INTRODUCTION...5 2. THE NEED FOR WEB APPLICATION SECURITY...6
More informationNetwork Security Audit. Vulnerability Assessment (VA)
Network Security Audit Vulnerability Assessment (VA) Introduction Vulnerability Assessment is the systematic examination of an information system (IS) or product to determine the adequacy of security measures.
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationApplication Security Policy
Purpose This document establishes the corporate policy and standards for ensuring that applications developed or purchased at LandStar Title Agency, Inc meet a minimum acceptable level of security. Policy
More informationPenetration Testing Automation System
Universitat Politècninca de Catalunya Final Thesis Penetration Testing Automation System Author: Oriol Caño Bellatriu Supervisor: Manuel Garcia-Cervignon Gutierrez A thesis submitted in fulfilment of the
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationWeb Application Security
Web Application Security Prof. Sukumar Nandi Indian Institute of Technology Guwahati Agenda Web Application basics Web Network Security Web Host Security Web Application Security Best Practices Questions?
More informationECE 4893: Internetwork Security Lab 12: Web Security
Group Number: Member Names: ECE 4893: Internetwork Security Lab 12: Web Security Date: April 6, 2004 Date Due: April 13, 2004 Last Revised: April 2, 2004 Written by: Tom Bean and Valerio Oricchio Goal:
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More informationThe Queen s Horses, London, May 2009. Application Security From Jerry Scott
The Queen s Horses, London, May 2009 Application Security From Jerry Scott A company wanted to build a particular application. After consulting with their programmers, they agreed it would take a programmer
More informationApril 11, 2011. (Revision 2)
Passive Vulnerability Scanning Overview April 11, 2011 (Revision 2) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of
More informationMETHODS TO TEST WEB APPLICATION SCANNERS
METHODS TO TEST WEB APPLICATION SCANNERS Fernando Román Muñoz, Luis Javier García Villalba Group of Analysis, Security and Systems (GASS) Department of Software Engineering and Artificial Intelligence
More informationUsing Foundstone CookieDigger to Analyze Web Session Management
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
More informationASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus
ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered
More informationLotus Domino Security
An X-Force White Paper Lotus Domino Security December 2002 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Introduction Lotus Domino is an Application server that provides groupware
More informationState of The Art: Automated Black Box Web Application Vulnerability Testing. Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell
Stanford Computer Security Lab State of The Art: Automated Black Box Web Application Vulnerability Testing, Elie Bursztein, Divij Gupta, John Mitchell Background Web Application Vulnerability Protection
More informationEXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER
Vulnerability scanners are indispensable both for vulnerability assessments and penetration tests. One of the first things a tester does when faced with a network is fire up a network scanner or even several
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationApplication Security Testing
Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the
More informationAndreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.
Testing of Network and System Security 1 Testing of Network and System Security Introduction The term security when applied to computer networks conveys a plethora of meanings, ranging from network security
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationHögskoleexamen. Web application Security. Sektionen för informationsvetenskap, data- och elektroteknik. Rapport för Högskoleexamen, January 2013
Rapport för Högskoleexamen, January 2013 Högskoleexamen Sektionen för informationsvetenskap, data- och elektroteknik Web application Security Jose Enrique Charpentier Rojas Web application security Network
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationWeb application testing
CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration
More informationLab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy
Lab 7 - Exploitation 1 NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy Lab 7 - Exploitation 2 Item I. (What were you asked to do?) Metasploit Server Side Exploits Perform the exercises
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationby New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document
Avitage IT Infrastructure Security Document The purpose of this document is to detail the IT infrastructure security policies that are in place for the software and services that are hosted by Avitage.
More informationWeb Application Security Guidelines for Hosting Dynamic Websites on NIC Servers
Web Application Security Guidelines for Hosting Dynamic Websites on NIC Servers The Website can be developed under Windows or Linux Platform. Windows Development should be use: ASP, ASP.NET 1.1/ 2.0, and
More informationEthical Hacking Course Layout
Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More information