Web application security & Testing

  • Published on
    28-Nov-2014

  • View
    1.618

  • Download
    4

Embed Size (px)

DESCRIPTION

 

Transcript

<ul><li> 1. Web Application SecuritySreenath SasikumarQBurst </li> <li> 2. Who am I ?www.MakeMeResume.com/@sreenath </li> <li> 3. Take Away Understanding web application security How to security test web applications Mitigating web application security risks Open source tools </li> <li> 4. How web applications work </li> <li> 5. Understanding web security </li> <li> 6. Security testing web applications Information Gathering Configuration Management Testing Authentication Testing Session Management Testing Authorization Testing Business Logic Testing Data Validation Testing Denial of Service Testing </li> <li> 7. Information Gathering </li> <li> 8. www.google.com/robots.txtSpiders Robots and Crawlers </li> <li> 9. Search Engine DiscoveryGoogle Hacking site cache inurl filetypeHow to:ManualHackSearch </li> <li> 10. Identify Application Entry points GET POST Cookies Server Parameters FilesHow to:Tamper Data, WebScarab, ZAP </li> <li> 11. Web Application FingerprintingHow to:NiktoVulnerability Scanners </li> <li> 12. Application DiscoveryDifferent Base URL www.example.com/abcDifferent port www.example.com:8000Different sub domain ( Virtual host ) abc.example.comHow to:Zap, WebSlayer </li> <li> 13. Analysis of Error Code </li> <li> 14. Configuration Management </li> <li> 15. SSL TestingIdentify ssl ports and servicesHow strong is you cipher?How to:Nmap -sV, Nessus, OpenSSL </li> <li> 16. Configuration Management Testing Infrastructure Configuration Management Application Configuration Management </li> <li> 17. Old, Backup &amp; Unreferenced FilesUser-agent: *Disallow: /AdminDisallow: /uploadsDisallow: /backupDisallow: /~jbloggsHow to:HackSearch, Webslayer </li> <li> 18. Testing for HTTP Methods HEAD GET POST PUT DELETE TRACE OPTIONS CONNECTHow to:NetcatNikto </li> <li> 19. Authentication Testing </li> <li> 20. Credentials transport over anencrypted channelPrevent man in the middle attack </li> <li> 21. Testing for user enumerationError Messages/Notifications"Sorry, please enter a valid password""Sorry, please enter a valid username""Sorry, this user does not exist""Sorry, this user is no longer active" </li> <li> 22. Testing for Guessable Users&amp; BruteForce AttacksHow to:John the RipperHydra </li> <li> 23. Testing for CAPTCHA </li> <li> 24. Testing Session &amp; Cookies </li> <li> 25. Authorization Testing </li> <li> 26. Testing for privilege escalation vertical escalation horizontal escalationwww.example.com/?user=1&amp;groupID=2 </li> <li> 27. Business Logic Testing </li> <li> 28. Data Validation Testing </li> <li> 29. InjectionsSQLXSS </li> <li> 30. SQL Injection XSS Injection LDAP Injection XML Injection HTML Injection SSI Injection ORM Injection XPath Injection IMAP/SMTP Injection Buffer Overflow </li> <li> 31. Testing for Denial of Service </li> <li> 32. Testing for SQL Wildcard AttacksSELECT * FROM Article WHERE Content LIKE %foo%SELECT TOP 10 * FROM Article WHERE Content LIKE%_[^!_%/%a?F%_D)_(F%)_%([)({}%){()}$&amp;N%_)$*()$*R"_)][%](%[x])%a][$*"$-9]_% </li> <li> 33. Testing for DoS Locking CustomerAccounts </li> <li> 34. Open Source ToolsNiktoNessusW3AFZAPWebSlayerNetcatNmapSkipfishHydraMozilla Firefox addonsLots &amp; lots more... </li> <li> 35. PenQ - Security testing browser </li> <li> 36. Questions ? </li> </ul>

Recommended

View more >