Acunetix technical presentation v7 setembro2011


Published on

Published in: Technology
1 Comment
  • please download link
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Acunetix technical presentation v7 setembro2011

  1. 1. Version 7.0 Treinamento Técnico
  2. 2. Content • What do hackers do? • What is a Web Vulnerability Scanner? • Acunetix WVS – The Scan Wizard – Scan Results – Scan Report • Acunetix WVS Tools – Target Finder – Site Crawler – AcuSensor Technology – Port Scanner and Network Alerts – HTTP Editor – HTTP Fuzzer – HTTP Sniffer – Blind SQL Injector – Authentication Tester – Compare Results • Acunetix WVS Configuration – Application Settings – Scanning Profiles
  3. 3. The Hacking Objectives - Techniques used by Hackers and Acunetix WVS
  4. 4. What do hackers do? • Hackers use a systematic plan of action: 1. Study Server Infrastructure and Server Operating System/type. 2. Survey the website/application. 3. Check for presence of vulnerabilities. 4. Plan and Mount the attack. • Acunetix WVS acts like a Hacker by trying to find vulnerabilities on the web application, web technology (e.g. PHP, Apache etc), web server or any network service (e.g. DNS, FTP etc) running on the web server.
  5. 5. How do Hackers Work?
  6. 6. Popular Hacking Techniques • Known static methods: – Specific Web Applications known exploits – Directory enumeration – Known Web Server exploits – Known Web technology exploits (e.g. php vulnerabilities) – Known network services exploits (e.g. DNS, FTP, SMTP) • Unknown dynamic methods: – SQL Injection – Cross-site Scripting – Directory and Link Traversal – File Inclusion – Source Code Disclosure – Code Execution – Common File Checks – Parameter Manipulation – Arbitrary file creation or deletion – CRLF Injection – Path Truncation – Java Applet reverse engineering – Session Hijacking – Authentication Attacks – Google Hacking Database Acunetix WVS searches for all of the above hacking methods and much more.
  7. 7. Web Vulnerability Scanners - Acunetix WVS
  8. 8. What is a Web Vulnerability Scanner? • Hacking is an ever-growing threat against web applications. Any user browsing a website can be a potential hacker, so a preventive approach is the first defence. • A Web Vulnerability Scanner is an automated security application that searches for vulnerabilities within web applications, web technologies and web servers.
  9. 9. Acunetix WVS • Acunetix WVS is a Web Scanner which is easy to use and provides both automatic and manual ways of vulnerability checking. • Uses dynamic methods to replicate hacking attacks in a non- destructive manner, Acunetix WVS is an essential tool to find vulnerabilities in your web applications and web servers.
  10. 10. The Acunetix WVS Acunetix WVS is an easy-to-use Heuristic Methodology Scanner allowing automatic and manual scans and audits. By replicating hacking attacks in a non- destructive manner, Acunetix WVS is an essential tool to help you find vulnerabilities in your web environment.
  11. 11. How Acunetix WVS Works • Discovery and Crawling Process Stage • Automated Scan Stage • Specific Manual Testing Stage (optional) • Reporting Stage
  12. 12. The Acunetix Scan Wizard -Launch a Security Scan in 6 Easy Steps
  13. 13. Scan Wizard – Scan Type • Four options to choose from to start a scan: – URL of the website – From previously saved crawling results – From list of URLs in a text file – From a port scan on a range of IP‟s
  14. 14. Scan Wizard – Select Targets • The 2nd step in the scan wizard the Web Scanner identifies the web server, web technology, its operating system and optimizes the scan accordingly. • For every target you can configure specific details such as OS and Web server if not identified by scanner.
  15. 15. Scan Wizard – Crawling Options • The 3rd step allows you to configure crawling settings. • These selections will determine how the website will be crawled with options related to the URL, folders, forms and the execution of JavaScript / AJAX.
  16. 16. Scan Wizard – Scan Options • The 4th step allows you to select a scanning profile to specify specific vulnerability scanning. • The scanning mode selection configured determines the complexity of the scan methodology. • You can also turn ON / OFF AcuSensor Technology, Port Scanner and Network Alerts, Scanning for known web applications and options for manipulating HTTP headers.
  17. 17. Scan Wizard – Scanning Mode Help • The scanning mode help link explains the difference between the three scanning modes.
  18. 18. Scan Wizard – Login • The 5th step is optional and it is used to configure credentials to be used by the scanner during the scan to access password protected sites. – Supports both HTTP and HTML authentication methods. – A login sequence recorder is used to record an HTML login manually to be used during an automated scan.
  19. 19. Scan Wizard – Review • The 6th and final step is a summary that indicates that the scanner has successfully located its target and is ready to launch the scan with the specified profile.
  20. 20. The Web Application Crawl and Scan Process - Site Crawling - Test Execution
  21. 21. Web Application Scan Process • The scan sequence consists of 2 phases: – Crawling • Builds the structure of the website on which the scan will be launched. – Scanning • Executes vulnerability attacks in a non- destructive manner against the crawled site structure.
  22. 22. Web Application Scan Process • During the scan results are updated in real time. it is possible to click on any reported vulnerability and view its details, html requests and responses, attack details and more in the information window on the right hand side.
  23. 23. Web Application Scan Process • When the scan is complete, the results are automatically saved to the default database, or as configured by the user for report generation. • The activity window at the bottom indicates scan completion.
  24. 24. The Web Services Scan Wizard -web service security Scan in 4 easy steps
  25. 25. Web Services Scan Wizard – Location • Two options to start a scan: – Select the target WSDL from its URL – Select the target WSDL from a local directory
  26. 26. Web Services Scan Wizard – Selection • In the 2nd step the scanner identifies the web service port types and allows you to select which inputs you want to scan.
  27. 27. Web Services Scan Wizard – Defaults • The 3rd stage allows you to enter specific values for the web service inputs. If left blank, the scanner will use its test values during the scan.
  28. 28. The Web Services Scan Wizard – Finish • The final stage is a confirmation that a connection has been established to the web service, and that the scan has the correct configuration to proceed.
  29. 29. - Site Crawling - Test Execution The Web Services Scan Process
  30. 30. Web Services Scan Process • For web services, the scan immediately performs its test routines on the various inputs defined by the WSDL. • During the scan, it is possible to view real-time information in the info-window on the right hand side of the interface.
  31. 31. Web Services Scan Process • When the scan is complete WVS automatically insert the results into the database and a report can be instantly generated.
  32. 32. WVS Reporter - Full featured reporting application
  33. 33. WVS Reporter – Generate Report • After a scan completion, you can generate a report. To generate the default report style from the scan results, click “Report” button in the Web Scanner toolbar.
  34. 34. WVS Reporter – Review and export • The generated report is easily reviewed directly from the Reporter Tool. The Reporter also offers complete export functionality to the most required document formats such as PDF, HTML, MS Word and more.
  35. 35. WVS Reporter – various report formats • The tools explorer in the Reporter allows you to choose from various built in templates to generate reports in such format. Templates include: – Executive report – Developer report – Compliance (HIPAA, PCI, OWASP, SOX, WASC) report – Comparison report – Statistical report
  36. 36. Acunetix Vulnerability Editor -The Core of Acunetix WVS - Customize Vulnerability Checks
  37. 37. Acunetix Vulnerability Editor • The Vulnerability Editor is a separate component of Acunetix WVS. • It is the central vulnerability database used by the scanner.
  38. 38. Acunetix Vulnerability Editor – Create your own vulnerabilities • The Acunetix research lab is dedicated to gather information from a wide spectrum of sources. As soon as a new vulnerability is found, it will be added to the vulnerability database and immediately put available to product updates. • Moreover, the Acunetix WVS lets expert users to create and add their own vulnerability checks through the vulnerability editor.
  39. 39. Acunetix WVS Tools -Manual Testing Tools And Utilities
  40. 40. Acunetix WVS Tools • Apart from the automated scanning, ideal for Penetration testers and Security experts, Acunetix WVS contains other tools which can be used to perform manual and complex security tests.
  41. 41. Target Finder Tool • A port scanning tool that may be used to find target websites to scan from a range of IP Addresses. • It is possible to launch a scan directly from the list of web servers displayed in the results pane.
  42. 42. Site Crawler Tool • Traverses the target site and builds an internal representation of the site layout using the information collected. • You can use the site crawler tool to analyze the structure of a website without launching the attacks. • With AcuSensor Technology enabled a listing of all objects in the website is generated included hidden and non published objects.
  43. 43. HTTP Editor Tool • Allows you to create or edit HTTP requests and analyze the server response. • Organized into 2 panes: – The top pane shows the HTTP request data. – The bottom pane shows the server response data. • From the crawler results, one can export any page which needs in depth analysis into the HTTP Editor.
  44. 44. HTTP Fuzzer Tool • Allows sophisticated testing for: – Buffer Overflows – Input Validation – A Range of Variables – Cookie Matching • Using generators, it is possible to automatically submit a range of requests determined by an easy parameter configuration. This degree of automation allows you to quickly test the results of a multitude of queries while significantly reducing the amount of manual input. • example: – the numerical value of cat=1can be replaced by a number generator to automatically submit requests between 1 to 1000. The scanner will then display all the valid responses returned.
  45. 45. HTTP Sniffer Tool • A proxy server which can capture, edit and filter requests passed between a web client (e.g. browser) and a web server. • An excellent tool used to intercept client requests and modify them before they are sent to the server and back. May be used to: – Create a rule to trap particular POST, GET requests and change them manually. – Create a rule to that automatically changes particular requests. – Create a rule to automatically log information in requests or responses.
  46. 46. Blind SQL Injector • Ideal for penetration testers, the Blind SQL injector is an automated database data extractiontool perfect for making manual tests to allow further testing for SQL injections.
  47. 47. Authentication Tester Tool • Used to test HTTP or HTML authentication forms for weak passwords via a dictionary attack. • Create your own dictionary or download a dictionary and configure Acunetix WVS to use such dictionary.
  48. 48. Compare Results Tool • Allows you to analyze the differences between 2 scans performed at different dates. You can compare a full security scan, or just the site crawler output. • After saving 2 sets of scan results, it is possible to load them side by side for an easy visual comparison.
  49. 49. Acunetix Scheduler • Offers all the same functionality available in the application or web service wizards. • Run as a Windows service. • Features an automated mailer which attaches scan results and reports on completion.
  50. 50. Command Line Support • Acunetix WVS and its scan parameters can be configured and launched through a command prompt. • Automate repetitivetasks through batch files and scripting languages. Scans are performed faster than normal GUI operated scans.
  51. 51. The Acunetix Scanner Settings - Customize and Configure all the WVS components
  52. 52. Acunetix WVS Configuration • Acunetix is a fully configurable scanner as we believe that each website is unique and requires a specific dedicated and fully customizable testingtool and specific tests need to be run against it.
  53. 53. Application Settings • In Application settings once can configure: – updates URL – user agent string – Customize HTTP tuning – Password Protect WVS – Proxy / Socks Settings – Database settings (for reporting functionality) – Web site client certificates – Logging options
  54. 54. Site Crawler Settings • Apart from configuring default crawler settings, one can also configure: – File Filters e.g exclude multimedia files – Directory Filters – URL Rewrite rules e.g. helps the crawler crawl websites using search engine friendly URL‟s – Custom cookies e.g. create your own custom cookies for specific sites requiring specific cookies
  55. 55. HTTP Sniffer Settings • The HTTP Sniffer can be configured to run on any particular port. By default it runs on port 8080. • It can also be configured to listen on localhost only or to listen on any interface running on the computer, so any web browser on the network can use http sniffer as a proxy.
  56. 56. Application Settings – Scanner • Apart from configuring default settings for the scanner and options like „Limit crawl recursion‟ and „Abort scan if server stops responding‟ one can also configure options such as: – Add / remove or edit Login Sequences – submission of specific values to specific HTML forms – Parameter Manipulation options – Parameter Exclusion options – Custom 404 Pages – Google Hacking database options – AcuSensor Technology options – Port Scanner options – False Positives options
  57. 57. Scanning Profiles Settings • Scanning profiles can be configured to include or exclude particular tests from a scan. All scanning profiles can be saved or deleted accordingly.
  58. 58. Acunetix WVS Scheduler Obrigado pela sua atenção ! For Web Security information follow our blog;