Web Application Hacking
By
Muchammad Sholeh

Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
Hacking Methodology
Computer Search Engine
By ShodanHq
Shodan Exploits
A n I n t r o d u c t io n t o Z A P
T h e O W A S P Z e d A tta c k P ro x y
Main Feature
A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g

•

I n t e r c e p t in g P r o x y...
The Additional Features
•

A u t o t a g g in g

•

Po rt sca n n e r

•

Sm a rt ca rd su p p o rt

•

S e s s io n c o m...
http://www.nuovoline.com/order.php?do=etc%2Fpasswd
List Tools Scanning and
Enumeration
●

Zap Proxy

●

Arachni

●

W3AF

●

Wapiti

●

OpenVas

●

Nessus

●

Nikto.PL

●

N...
Penetration Testing OS Base on
OSS
●

Backtrack Linux

●

Kali Linux

●

OWASP

●

OSWTF

●

Samurai Linux

●

4n6

●

etc
Common Vulnerability Reference
●

CVE (Common Vulnerability Exposure)

●

OSVDB (Open Source Vulenerability Database)

●

...
EOF
Web Application Hacking
Web Application Hacking
Web Application Hacking
Web Application Hacking
Web Application Hacking
Web Application Hacking
Web Application Hacking
Web Application Hacking
Upcoming SlideShare
Loading in...5
×

Web Application Hacking

416

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
416
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
38
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Web Application Hacking

  1. 1. Web Application Hacking By Muchammad Sholeh Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
  2. 2. Hacking Methodology
  3. 3. Computer Search Engine By ShodanHq
  4. 4. Shodan Exploits
  5. 5. A n I n t r o d u c t io n t o Z A P T h e O W A S P Z e d A tta c k P ro x y
  6. 6. Main Feature A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g • I n t e r c e p t in g P r o x y • A c t iv e a n d P a s s iv e S c a n n e r s • S p id e r • R e p o r t G e n e r a t io n • B r u t e F o r c e ( u s in g O W A S P D ir B u s t e r c o d e ) • F u z z in g ( u s in g O W A S P J B r o F u z z c o d e )
  7. 7. The Additional Features • A u t o t a g g in g • Po rt sca n n e r • Sm a rt ca rd su p p o rt • S e s s io n c o m p a r is o n • In v o k e e xte rn a l a p p s • B e a n S h e ll in t e g r a t io n • A P I + H e a d le s s m o d e • D y n a m ic S S L C e r t if ic a t e s • A n t i C S R F t o k e n h a n d lin g
  8. 8. http://www.nuovoline.com/order.php?do=etc%2Fpasswd
  9. 9. List Tools Scanning and Enumeration ● Zap Proxy ● Arachni ● W3AF ● Wapiti ● OpenVas ● Nessus ● Nikto.PL ● NMAP ● ShodanHQ
  10. 10. Penetration Testing OS Base on OSS ● Backtrack Linux ● Kali Linux ● OWASP ● OSWTF ● Samurai Linux ● 4n6 ● etc
  11. 11. Common Vulnerability Reference ● CVE (Common Vulnerability Exposure) ● OSVDB (Open Source Vulenerability Database) ● ExploitDB (http://www.exploit-db.com/) ● National Vulnerability Database ● Common Vulnerability Scoring System (CVSSSIG) -FIRST ● CVE Details (http://www.cvedetails.com/) ● Injector Exploitation Tools ● Exploit-ID (http://www.exploit-id.com/)
  12. 12. EOF
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×