Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Vulnerability Assessments

Published bySpencer Vant Modified over 9 years ago

Similar presentations

Presentation on theme: "Web Vulnerability Assessments"— Presentation transcript:

1 Web Vulnerability Assessments
NEWDUG January, 2015 In order to modify the “client confidential” notice please go to View > Slide Master and delete or edit the text box Click “close slide Master” on the Slide Master tab to exit

2 Agenda About Web Vulnerability Assessments Tools Demos Goals Types SOW
Steps Tools Demos Goals Demonstrate Web VA, show techniques Pen-testers and Hackers use to find vulnerabilities in your sites Provide some techniques and tools to help secure your code

3 John Reynders Consultant with OpenSky Corp.
Seven years experience in Web Security: Program Development Dynamic Testing Static Analysis Coding Standards Web Application Firewalls Eight years of general Information Security experience

4 OpenSky - An Award Winning Company
Everything starts with our people. Our success comes from their expertise and dedication to always “doing the right thing” for our clients. Our people Expert resources: CRN Tech Elite 250 (2013) Quality work environment: Top Workplace (2011, 2012, 2013) Our people create top tier solutions GRC Solution Award with client Shire Pharmaceuticals: OCEG (2013) Our people and our solutions create lasting relationships and new partners Multiple growth awards: Inc 500 (2012), CRN (2011, 2012), Marcum Tech Top 40 (2011, 2012)

5 Complete Solutions for Major Enterprises
Secure Manage Plan, Design & Migrate IT Risk Management & Security Services Assessment and Advisory Application Secure Coding Vulnerability Assessment and Penetration Testing Security Program and Framework Technology Implementation and Engineering Mobile Device and Virtualization Security Datacenter & Cloud Infrastructure Services Data Center and Cloud Integration Network Infrastructure Virtualization Storage and Computing Infrastructure Applications End-User Computing GRC Services GRC Strategy GRC Maturity Assessment GRC Configuration and Custom Development Technical Business Consulting IT Transformation and Strategy Technical Project Management IT Supplier & Sourcing Management IT Expense Management

6 Web Vulnerability Assessments
Conducted against a contract with specific terms, most often called the Statement of Work (SOW) Specify in the SOW: System to be tested (URL) Production or Non-Prod? Type and level of testing Level of Automated and Manual testing “Safe” Tests only? Hours for testing Nights only? Whitelist IP addresses in WAF, IPS? Special Concerns? The more information the better the assessment Additional considerations: Number of user roles, whether retesting is included, if non-prod, will travel be involved.

7 Web Vulnerability Assessments
Types of Application Security Testing: Dynamic Analysis Security Testing (DAST) “Black Box” Tests actual web site for vulnerabilities Simulates what a real attacker would do Static Analysis Security Testing (SAST) “White Box” Tests code for vulnerabilities A real attacker would likely not have access to the code, this method is a different approach to identifying potential security flaws. Hybrid “Glass Box” Dynamic test against instrumented web server Manual testing can occur in each type Talk covers Dynamic Testing Some tools perform static analysis of JavaScript

8 “Typical” Web Assessment Steps
Recon Site components and architecture Open ports? Hack the server Manually crawl site with an Intercepting Proxy Automated Scan of site Results verification – False positives removal Manual testing Things tools don’t do well Business Logic Privilege Escalation etc. Reporting

9 Recon Visit site Site information Google Dorks Port Scan
Netcraft, Shodan etc. Google Dorks Files, passwords, WSDL, Admin logons etc. Port Scan Nmap, Nessus, Qualys May perform an infrastrucuture vulnerability scan Missing patches, configuration issues etc. Check security configuration

10 Configuration Checkers
Microsoft Web Application Configuration Analyzer Needs Admin on Server, Checks SQL Server too Check Your Headers SSL Labs ASAFAWEB

11 Crawl Site with Intercepting Proxies
Burp* Fiddler Zed Attack Proxy (ZAP) * - Free and Professional versions

12 Intercepting Proxy Intercepting Proxy Man-in-the-Middles all traffic
Hackers and Testers can see all data transmitted Hidden Fields => NOT a security feature

13 Burp

14 Burp – Analyze Request & Response

15 Scan Site – Dynamic Scanners
Acunetix AppScan WebInspect Burp & ZAP have scanning modules

16 AppScan

17 DEMO

18 Resources WASC - http://www.webappsec.org/
OWASP - Cheat Sheets Testing Guide WASC - Not updated recently but some good content The Web Application Hacker's Handbook

19 Web Site: http://www.openskycorp.com/
Contact Information Web Site:

Download ppt "Web Vulnerability Assessments"

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
© 2008 All Right Reserved Fortify Software Inc. Hybrid 2.0 – In search of the holy grail… A Talk for OWASP BeNeLux by Roger Thornton Founder/CTO Fortify.

© 2008 All Right Reserved Fortify Software Inc. Hybrid 2.0 – In search of the holy grail… A Talk for OWASP BeNeLux by Roger Thornton Founder/CTO Fortify.
Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.

Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.

1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Static Analysis for Dynamic Assessments Greg Patton | September 2014.

Static Analysis for Dynamic Assessments Greg Patton | September 2014.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.

“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
Web Application Security Assessment and Vulnerability Assessment.

Web Application Security Assessment and Vulnerability Assessment.
The Business of Penetration Testing

The Business of Penetration Testing
Security Scanning OWASP Education Nishi Kumar Computer based training

Security Scanning OWASP Education Nishi Kumar Computer based training
Web Application Testing with AppScan Terry Labach.

Web Application Testing with AppScan Terry Labach.

Similar presentations

Ads by Google