Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Slides:



Advertisements
Similar presentations
Copyright 2010 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Advertisements

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
The basics and troubleshooting tips
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Maintaining and Updating Windows Server 2008
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Drupal Workshop Introduction to Drupal Part 1: Web Content Management, Advantages/Disadvantages of Drupal, Drupal terminology, Drupal technology, directories.
Is Your Website Hackable? Check with Acunetix Web Vulnerability Scanner. Acunetix Web Vulnerability Scanner V9.
M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,
JSP Standard Tag Library
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Chapter 2 System Administration - 1. Overview  Introduction to system administration  Importance of system administration to information security 
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Apache Web Server v. 2.2 Reference Manual Chapter 1 Compiling and Installing.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
User Group 2015 Building A PopMedNet Community. Agenda Slide - 2 What is Open Source? Where are we today? Where should we go?
Managing Software Patches 10/15/ Introducing Solaris OE Patches A patch contains collection of files and directories Patch replaces existing files.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Selenium and Selenium on Rails. Agenda  Overview of Selenium Simple Selenium Tests Selenium IDE  Overview of Selenium on Rails  Problems with Selenium.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Applications Testing By Jamie Rougvie Supported by.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
CACI Proprietary Information | Date 1 PD² SR13 Client Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead Date: December 8, 2011.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Best practice Upgrade process
Selenium and Selenium on Rails
Configuring Internet-related services
Operating System Security
OWASP Joomla! (CMS) Vulnerability Scanner Project Flyer
Presentation transcript:

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP OWASP Joomla! (CMS) Vulnerability Scanner Release Flyer Aung Khant YGN Ethical Hacker Group, Myanmar 07/17/2009

OWASP 2 Current Release:  Implemented 200 defense bypass This is bypass web servers which respond with 200 for every 404, which is affectively killing the scanner, producing very noisy reports about false positives, rendering vulnerability detection useless. 200 defense can kill nearly most scanners today.  Added vulnerability information till  Added fingerprinting signature till Joomla!  Added anti-caching mechanism in update check  Added Graph facility in HTML reporting

OWASP 3 Former Release:  Changed report location. ~ will save report under report/ directory.  Removed "Poke Version" -pv command option Version fingerprinting is run by default now till the future versions But you can skip it using -nv (No version check) option  Improved fingerprinting engine To find more exact version and to provide most approximate version range without making you calculate it anymore. Please see the sample output:

OWASP 4 Former Release:  Fingerprint in ~Generic version family [1.5.x] ~1.5.x htaccess.txt revealed [ ] ~1.5.x configuration.php-dist revealed [ ] ~1.5.x en-GB.xml revealed [ ] ~1.5.x en-GB.ini revealed [ ]  Fingerprint in ~Generic version family [1.5.x] ~1.5.x htaccess.txt revealed [ ] ~1.5.x configuration.php-dist revealed [ ] ~1.5.x en-GB.xml revealed [ ] ~1.5.x en-GB.ini revealed [ ] …skip… * Deduced version range is : [ ]

OWASP 5 Former Release:  Updated fingerprinting signature up to current Joomla! version  Updated vulnerability information up to July 12, 2009  Made vulnerability information neat by labelling as Generic, Core, Component, Plugin.  Fixed parsing bug in listing components

OWASP 6 Former Release:  Added components detectability in re-routed URL (/component/option,com_xxxx)  Made finer report format: HTML  Added Joomla! related firewall/defense detection

OWASP 7 Former Release:  New and Improved Fingerprinting Engine ( which can almost detect exact version of Joomla 1.0.x and Joomla 1.5.x)  Updated database till  In database, removed and employed simple blind detection approach 1=1, 1=2 to bypass IDS which prevents MySQL-sensitive words from request

OWASP OWASP Joomla! Vulnerability Scanner  Project URL omla_Vulnerability_Scanner_Project omla_Vulnerability_Scanner_Project  Mailing List vulnerability-scanner vulnerability-scanner  Download URLs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.