Chris Shuster. Overview Hacking White Hat Black Hat Web Hacking.

Slides:



Advertisements
Similar presentations
Webgoat.
Advertisements

CF and JSP/Servlets Developed originally by Robi Sen For the CF UnderGround II Seminar, Apr 2001 Edited and enhanced by Charlie Arehart (Robi had an emergency.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
AHRT: The Automated Human Resources Tool BY Roi Ceren Muthukumaran Chandrasekaran.
Hands on Demonstration for Testing Security in Web Applications
©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© TMC Computer School HC20203 VRML HIGHER DIPLOMA IN COMPUTING Chapter 1 – Introduction to VRML.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Csci5931 Web Security1 More Web Hacking & Tools: HTML Source and Site Linkage Analysis (MSS book)
Administrative  Philosophy  Class survey  Grading  Proposal (5 points max)  Small projects (10 points each max)  Project (40 points max)  Presentation.
Progress Report 11/1/01 Matt Bridges. Overview Data collection and analysis tool for web site traffic Lets website administrators know who is on their.
Administrative  Philosophy  Class survey  Grading  Project  Presentation.
Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.
CS 898N Advanced World Wide Web Technologies Lecture 1: Introduction Chin-Chih Chang
Introduction to Servlet & JSP
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Fusebox Framework Florencio Almirol. Overview What is Fusebox? Concepts Request-Response Process Extending Fusebox.
Hands-On Ethical Hacking and Network Defense
Security Scanning OWASP Education Nishi Kumar Computer based training
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Introduction to Application Penetration Testing
Computer Concepts 2014 Chapter 7 The Web and .
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Workshop 3 Web Application Security Li Weichao March
Tutorial 7 Working with Multimedia. XP Introducing Multimedia Bandwidth is a measure of the amount of data that can be sent through a communication pipeline.
April 14, 2008 Secure Coding Faculty Workshop Web Application Security: Exercise Development Approaches James Walden
MIS Week 5 Site:
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Penetration Testing James Walden Northern Kentucky University.
1 Computer Communication & Networks Lecture 28 Application Layer: HTTP & WWW p Waleed Ejaz
Chapter 13-Tools for the World Wide Web. Overview Web servers. Web browsers. Web page makers and site builders. Plug-ins and delivery vehicles. Beyond.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
CGI Programming. What is it? CGI –Common Gateway Interface Standard way to pass information back to the Web Server –GET Query String –POST Standard Input.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
C# AND ASP.NET What will I do in this course?. MAJOR TOPICS Learn to program in the C# language with the Visual Studio IDE (Interactive Development Environment)
The OWASP Foundation Where we are Where we are going Seba DeleersnyderEoin Keary OWASP Foundation Board.
HDF and HDF-EOS Workshop VIII, October 26-28, /12 Peter Cao, National Center for Supercomputing Applications This work is supported in part by a.
OWASP WebScarab Uncovering the hidden treasures. Overview WebScarab aims to facilitate the review of web applications Functional operations Security Operations.
Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
OWASP Building Secure Web Applications And the OWASP top 10 vulnerabilities.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
MIS Week 5 Site:
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
ASP.NET WEB Applications. ASP.NET  Web application framework developed by Microsoft  Build dynamic data driven web applications and web services  Subset.
WAM and the Java Stack. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:
Page 1 Ethical Hacking by Douglas Williams. Page 2 Intro Attackers can potentially use many different paths through your application to do harm to your.
PhoneGap. web-based mobile development framework, based on the open-source Cordova project. use standard web technologies such as HTML5, CSS3, and JavaScript.
Penetration Testing Social Engineering Attack and Web-based Exploitation CIS 6395, Incident Response Technologies Fall.
WebGoat & WebScarab September 9, 2008 By Stephen Carter & Mike Nixon
Jeff Williams OWASP Chair
OWASP WebGoat v5 16 April 2010.
HTML Level II (CyberAdvantage)
An N-tier web application
Computer Communication & Networks
OWASP Web Services Project
Bangalore OWASP Chapter 2006 First Chapter Meeting
WebScarab-NG: Autumn of Code 2006 Project
Agenda About OWASP Upcoming Events
Cyber Operation and Penetration Testing Social Engineering Attack and Web-based Exploitation Cliff Zou University of Central Florida.
An Electronic Borrowing System Using REST
Presentation transcript:

Chris Shuster

Overview Hacking White Hat Black Hat Web Hacking

Overview (cont) Web Hacking OWASP Intercept Proxies WebScarab WebGoat

Research Constraints Web Hacking Only intercept proxy related web hacking explored. Intercept Proxies Only WebScarab was explored. WebScarab Only a subset of WebScarab’s features was explored.

WebScarab Platform Independent Java No installation necessary. Browser Independent Acts as a proxy. No plug-ins needed. More then an Intercept Proxy

WebScarab (cont) Beyond an Intercept Proxy Provides all the features of plug-ins such as HackBar. Encoding and decoding tools. Scriptable attacks.

Request Interception Fine grained control of request interception. Request Type Mime Type Regex Path Excludes

Request Alteration Parsed or raw. Edit any part of the request.

Request Alteration (cont)

Hidden Fields Reveals hidden fields. No browser plug-ins needed. Alters response HTML. Alter hidden field values.

Future Research OWASP Projects Explore the remaining features not covered of WebScarab. Fully explore the insecurities of WebGoat. Web Hacking Fully explore intercept proxy based hacking activities. Explorer other web hacking topics.

References OWASP About The Open Web Application Security Project pplication_Security_Project pplication_Security_Project OWASP WebScarab Project ab_Project ab_Project OWASP WebGoat Project t_Project t_Project

References (cont) ACSAC The interactive HTTP proxy WebScarab – Installation and Basic Use instructions.pdf instructions.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.