Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Published byErin Eaton Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."— Presentation transcript:

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation LASCON 2010 Austin, Tx http://www.owasp.org Automating Web Testing Beyond OWASP WebScarab Using Python Brad Causey OWASP Guy IISFA Guy brad.causey@owasp.org

2 LASCON 2010 2 About Brad  Survivalist  MMA  Local Cop  Gun Enthusiast  Married with 5 Kids

3 LASCON 2010 3 About Brad  Instructor for 8 years  Various Publications  Books  BBVA Compass Security Analyst  Training videos  OWASP GPC  OWASP Alabama Chapter Lead  IISFA Alabama Chapter Lead

4 LASCON 2010 4 Why are we here?  Have the need to Automate tests  Some of these are difficult  Adapt to the app  WebScarab and Python are pretty popular

5 LASCON 2010 5 Why WebScarab?  Open Source  Scriptable  Uses text to store data  Cross-Platform  Browser Agnostic

6 LASCON 2010 6 WS Configuration and Special Notes  Saved Session Structure  Scripting  http://www.owasp.org/index.php/Scripting_in_ WebScarab import org.owasp.webscarab.model.HttpUrl; import org.owasp.webscarab.model.Request; import org.owasp.webscarab.model.Response;

7 LASCON 2010 7 WS Advanced Features  Search  Extensions  Session ID Analysis  XSS  Tagging

8 LASCON 2010 8 WS Weaknesses  AJAX  Performance  Output Format  Reporting

9 LASCON 2010 9 Why Python?  Open Source Interpreter  Plain Text  Great Support  Cross-Platform  Text Processing

10 LASCON 2010 10 A Python Primer  very clear, readable syntax  strong introspection capabilities  intuitive object orientation  natural expression of procedural code  exception-based error handling  very high level dynamic data types  extensive standard libraries  embeddable within applications as a scripting interface

11 LASCON 2010 11 Useful Python Libraries  string  Built-in Library .find .index .count

12 LASCON 2010 12 Useful Python Libraries  urllib2  Built-in Library .urlopen  Encoding  Data (for request)

13 LASCON 2010 13 Gluing the two together  WebScarab Files  Python File Reader  WebScarab Storage in-depth

14 LASCON 2010 14 Possibilities are endless!  Http Methods testing  Post/Get fuzzing  Cookies? Yes!  import cookielib, urllib2  http://docs.python.org/library/cookielib.html

15 LASCON 2010 15 Demo! http://cdn1.gamepro.com/article_img/gamepro/ 214635-1.jpg?rand=2487A2F8-E22A-95A8- 2C5A303E3847C9A2

16 LASCON 2010 16 The Norris convention center?

Download ppt "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."

Similar presentations

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
CF and JSP/Servlets Developed originally by Robi Sen For the CF UnderGround II Seminar, Apr 2001 Edited and enhanced by Charlie Arehart (Robi had an emergency.

CF and JSP/Servlets Developed originally by Robi Sen For the CF UnderGround II Seminar, Apr 2001 Edited and enhanced by Charlie Arehart (Robi had an emergency.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Session 13 Active Server Pages (ASP) Matakuliah: M0114/Web Based Programming Tahun: 2005 Versi: 5.

Session 13 Active Server Pages (ASP) Matakuliah: M0114/Web Based Programming Tahun: 2005 Versi: 5.
Project 1 Introduction to HTML.

Project 1 Introduction to HTML.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Chapter ONE Introduction to HTML.

Chapter ONE Introduction to HTML.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
EWD VistA Update 2010 Rob Tweed M/Gateway Developments Ltd.

EWD VistA Update 2010 Rob Tweed M/Gateway Developments Ltd.
Copyright © 2005 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
 2004 Prentice Hall, Inc. All rights reserved. Chapter 35 – Python Outline 35.1 Introduction 35.1.1First Python Program 35.1.2Python Keywords 35.2 Basic.

 2004 Prentice Hall, Inc. All rights reserved. Chapter 35 – Python Outline 35.1 Introduction First Python Program Python Keywords 35.2 Basic.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Topics Introduction Hardware and Software How Computers Store Data

Topics Introduction Hardware and Software How Computers Store Data
Intro to Python Programming (Introduction) Pamela A. Moore Zenia C. Bahorski Eastern Michigan University March 7, 2012 A language to swear by, not at.

Intro to Python Programming (Introduction) Pamela A. Moore Zenia C. Bahorski Eastern Michigan University March 7, 2012 A language to swear by, not at.

Similar presentations

Ads by Google