Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking web applications

Published byMaría Isabel San Martín Modified over 5 years ago

Similar presentations

Presentation on theme: "Hacking web applications"— Presentation transcript:

1 Hacking web applications
Web App Testing 101.

2 About me (disk0nn3ct) Danny Chrastil disk0nn3ct
>I like to hack things >Used to be in Web-Dev >Hack for a living? >Emphasis on web tech

3 Web App Testing 101 > Why attack web applications
./ Acceptance of online purchases ./ Accessibility of sensitive info ./ New Technology all the time ./ New Applications all the time

4 Web App Testing 101 > BASICS of Web Servers

5 Web App Testing 101 > BASICS of Web Requests

6 Web App Testing 101 > BASICS of State

7 Web App Testing 101 > How do we BREAK them?!

8 Web App Testing 101

9 Web App Testing 101 > There is a process… ./ Recon & Mapping
./ Discovery ./ Exploitation(you can break it now)

10 Web App Testing 101 > Process: ./ Recon & Mapping (BE THOROUGH)
.. Understand the application .. What are its functions? .. How is it supposed to work? .. View Source! .. Understand the technology .. What is the server stack? .. Is it built on a CMS? .. Map the application .. All directories and files

11 Web App Testing 101 > Process: ./ Discovery (DO NOT ATTACK YET)
.. Run scanner tools .. BuRP, OWASP ZAP, Nikto, w3af .. WebInspect, AppScan, NetSparker .. Manual fuzzing .. Proxy tool & Elbow Grease .. OWASP TOP 10 .. XSS, SQLi, CSRF, Clickjacking

12 Web App Testing 101 > Process: ./ Exploitation (ATTACK!)
.. Manual is Best .. Proxy & Elbow Grease .. Attack Tools .. W3af .. SQLMap (SQL Injection) .. BeEF (Broswer Exploitation) .. Metasploit (Server CVEs)

13 Web App Testing 101 Let’s get our Hands Dirty

14 Web App Testing 101 http://snowfrocninjas.com ./ modify “hosts” file:
snowfrocninjas.com

15 Questions? (preguntas)

Download ppt "Hacking web applications"

Similar presentations

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Hands on Demonstration for Testing Security in Web Applications

Hands on Demonstration for Testing Security in Web Applications
Web Vulnerability Assessments

Web Vulnerability Assessments
APPLICATION VULNERABILITY ASSESSMENTS REVISITED COMPUTING AND COMMUNICATIONS www.mun.ca Jared Perry GSEC, GWAPT, GCWN Application testing at Memorial University.

APPLICATION VULNERABILITY ASSESSMENTS REVISITED COMPUTING AND COMMUNICATIONS Jared Perry GSEC, GWAPT, GCWN Application testing at Memorial University.
OWASP Mantra-OS Because the world is cruel. About Me Attended United Stated Air Force Institute of Technology Defense Acquisition University Platform.

OWASP Mantra-OS Because the world is cruel. About Me Attended United Stated Air Force Institute of Technology Defense Acquisition University Platform.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
DevFu! The Inner Ninja in Every Application Developer.

DevFu! The Inner Ninja in Every Application Developer.
OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit Framework
Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.

Into the Mind of the Hacker: Hands-On Web Application Hacking Adam Doupé University of California, Santa Barbara 4/23/12.
1 © Copyright 2014 Coveros, Inc. All rights reserved. Web Application Security Testing: Kali Linux Is the Way to Go Gene Gotimer, Senior Architect

1 © Copyright 2014 Coveros, Inc. All rights reserved. Web Application Security Testing: Kali Linux Is the Way to Go Gene Gotimer, Senior Architect
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Hacking Exposed 7 Network Security Secrets & Solutions

Hacking Exposed 7 Network Security Secrets & Solutions
Penetration testing – W3AF Tool

Penetration testing – W3AF Tool
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.

“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.
OWASP Bricks. Web application security learning platform. Built with PHP and MySQL. Open source and free. ‘Break the Bricks’ and learn.

OWASP Bricks. Web application security learning platform. Built with PHP and MySQL. Open source and free. ‘Break the Bricks’ and learn.
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Similar presentations

Ads by Google