Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zach Garcia Keith Reiter

Published byYulia Dharmawijaya Modified over 6 years ago

Similar presentations

Presentation on theme: "Zach Garcia Keith Reiter"— Presentation transcript:

1 Zach Garcia Keith Reiter
Acunetix Web Vulnerability Scanner

2 Purpose of the Tool To make sure your site is safe, the tool looks for: Cross Site Scripting Open Ports Blind SQL injection HTTP Header manipulation Weak Passwords Revealing Errors And a lot more

3 Environment Acunetix doesn’t require a very special environment. It just needs a couple things: Acunetix runs only in Windows environments Must be connected to the internet

4 Explanation of How It Works
It runs a series of scripts which test for various known vulnerabilities. The XSS script tests input boxes and URLs for various XSS vulns, and then the next script starts. Additionally, a web crawl is performed And a mild port scan is initiated

5 Explanation of Output Web Alert information
The severity of discovered threats are based on a color code: Green for informational things like broken links Blue for low level threats Yellow for medium threats Red for very serious, potentially damaging threats

6 Explanation of Output Port Scan information Site Structure
List open ports This can be useful simply for footprinting Site Structure Gives a hierarchical visual of the structure. This can also be useful for footprinting

7 Review Ease of use: Extremely easy, but can be used in more advanced ways by more advanced users. Installation was both easy and fast Documentation was pretty clear There were basically no challenges except installing the tool in the CyberSecurity Lab…

Download ppt "Zach Garcia Keith Reiter"

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Webgoat.

Webgoat.
Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.

Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.

Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Myrtle Entertainment Network Scanner How to work your way to installing a program via Myrtle Entertainment Network Scanner.

Myrtle Entertainment Network Scanner How to work your way to installing a program via Myrtle Entertainment Network Scanner.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security

Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Web Application Security Assessment and Vulnerability Assessment.

Web Application Security Assessment and Vulnerability Assessment.
Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.

By: Razieh Rezaei Saleh.  Security Evaluation The examination of a system to determine its degree of compliance with a stated security model, security.
Michael Atkins. Note:  This is a non-technical overview  Some light technical background is given, to put things in context  Some of the content is.

Michael Atkins. Note:  This is a non-technical overview  Some light technical background is given, to put things in context  Some of the content is.
Color Theory in Web Design Web Design – Sec 2-2. Objectives  The student will: –Have a better understanding of effective use of color on the web. –Be.

Color Theory in Web Design Web Design – Sec 2-2. Objectives  The student will: –Have a better understanding of effective use of color on the web. –Be.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

Similar presentations

Ads by Google