Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Chirita Ionel  Application Security  OWASP Chapter board member.

Published byMary Clark Modified over 9 years ago

Similar presentations

Presentation on theme: " Chirita Ionel  Application Security  OWASP Chapter board member."— Presentation transcript:

1

2  Chirita Ionel  Application Security Analyst @  OWASP Chapter board member

3  Wide Coverage  Fast scans  Low number of false positives  Low number of false negatives  Scalability  Easy to use  Permanent vulnerability database updates  To be Cheap !?

4  Hardware Requirements & support  Protocol support  Authentication  Session management  Crawling  Data Parsing  Testing  Command and control  Reporting

5  Thick client vs cloud

6 Transport support  HTTP1.0 & HTTP1.1  SSL/TLS  HTTP keep alive  HTTP compression  HTTP user agent configuration Proxy support  HTTP1.0 & HTTP1.1 proxy  Socks 4 proxy  Socks 5 proxy  PAC file support

7  Basic  Digest  HTTP negotiate – NTLM & Kerberos  Html form-based  Automated  Scripted  Non-automated  Single sign on  Client SSL certificates  Other

8  Session management capabilities  Start a new session  Detect if the session is expired  Reacquire session token  Session management token type support  HTTP cookies  HTTP parameters  HTTP URL path  Session token detection  Session token refresh policy

9  Define starting URL  Define additional hostname or exclusions for specific criteria  Support automated from submission  Detect error pages and custom 404 pages  Redirect support

10  HTML  JavaScript  VBScript  XML  Plaintext  ActiveX Objects  Flash

11

12  Schedule scans  Pause / resume  Real-time status of running scans  Run multiple scans simultaneously  GUI, CLI and web based interface  Extensibility & interoperability

13  Executive summary  Technical detailed report  Delta reports  Compliance report  Customization  Report data file format

14  Why do you mean by “best” ?  Or the cheapest ?

15  By Larry Suto

16  … running each vendor's scanner against each of the vendor's test sites and comparing the results

17

18

19  By Chirita Ionel

20

21

22

23

24

Download ppt " Chirita Ionel  Application Security  OWASP Chapter board member."

Similar presentations

E-Commerce CMM503 – Lecture 8 Stuart Watt Room C2.

E-Commerce CMM503 – Lecture 8 Stuart Watt Room C2.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit Framework
Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.

Automating Bespoke Attack Ruei-Jiun Chapter 13. Outline Uses of bespoke automation ◦ Enumerating identifiers ◦ Harvesting data ◦ Web application fuzzing.
ASP.NET Web Application Security Hannes Preishuber ppedv AG

ASP.NET Web Application Security Hannes Preishuber ppedv AG
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.

The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Chapter 9 Comparing Web Technologies. Agenda Browser Hypertext Markup Language (HTML) Common Gateway Interface Web Application Server Plug-in.

Chapter 9 Comparing Web Technologies. Agenda Browser Hypertext Markup Language (HTML) Common Gateway Interface Web Application Server Plug-in.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
How the web works: HTTP and CGI explained

How the web works: HTTP and CGI explained
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Introduction to z/OS Basics © 2006 IBM Corporation Chapter 13: z/OS HTTP Server.

Introduction to z/OS Basics © 2006 IBM Corporation Chapter 13: z/OS HTTP Server.
Multiple Tiers in Action

Multiple Tiers in Action
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Internet Information Server Team Members: Hung Duong Hak Gauv Eric Luc David Nguyen Larry Tan.

Internet Information Server Team Members: Hung Duong Hak Gauv Eric Luc David Nguyen Larry Tan.

Similar presentations

Ads by Google