• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security testing. VRN. 20.02.2013
 

Security testing. VRN. 20.02.2013

on

  • 317 views

 

Statistics

Views

Total Views
317
Views on SlideShare
317
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security testing. VRN. 20.02.2013 Security testing. VRN. 20.02.2013 Presentation Transcript

    • Penetration TestingRoman Denisenko,20 February 2013
    • Agenda• Theoretical part: – What is Security Testing? Classification. – When? Who? For what purposes? – Workflow of penetration testing of web application. – Common vulnerabilities.• Toolkit of penetration testers: – Review and classification of necessary tools.• Practical part.
    • Security testing(by final goal): • Vulnerability Assessment. • Penetration testing. • Code Review. • Vulnerability Scan. • Security review.
    • Security testing(by impact level): • Application level. • Network level. • Physical level.
    • When should we perform ST?1. Within development cycle.2. As additional service after deployment.
    • Who should perform?1. Ordinary testers.2. Specialist of Security expertise.3. Developers.
    • Algorithm of penetration testing:• Information gathering.• Mapping.• Vulnerability Assessment. • Automation testing. • Manual testing.• Creation of report.
    • Information gathering.www.target.es
    • Mapping.
    • Run automation vulnerability scanners.
    • Manual testing.
    • Creation of report.
    • Common vulnerabilities.
    • SQL injection
    • SQL injection
    • Stored XSS
    • Stored XSS
    • Privilege escalation.
    • Insecure Direct Object References.
    • CSRF.
    • CSRF.
    • Necessary toolkit.• Gathering tools. – nmap. – nikto• Automation vulnerabilities scanners. – Acunetix – Nexuss – WebInspect – w3af• Sniffing tools. – Wireshark – Fiddler.• Manual testing tools. – BurpSuite – Sqlmap
    • Penetration testing of the test site...
    • Contacts:: Roman.Denisenko@dataart.com: roman__denisenko