Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Penetration Tool Berbasis Sistem Terdistribusi untuk Analisa Vulnerability Pada Web Application
1. Penetration Tool Berbasis
Sistem Terdistribusi untuk Analis
Vulnerability Pada Web
Application
Aryya Dwisatya Widigdha
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com | IDSECCONF2015
2. ME
{
“name” : “Aryya Dwisatya Widigdha”,
“occupation” : [ “Student @ Teknik Informatika ITB”,
“Research Assistant @ Telkom Innovation & Development Center”,
“Network Administrator @ Teknik Informatika, Teknik Kelautan, & Teknik
Lingkungan ITB”],
“contact”: [{“email”:”13512043@std.stei.itb.ac.id”}, {“phone”:”085721169983”}],
“book”: [“7 Hari Menjadi Jawara di Internet (2012)”,”Carding for Beginner (2013)”],
“blog”: “www.bangsatya.com”
}
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com
7. So…?
Many websites are lack of security
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com
8. Then, How to solve these problems?
PREVENTIVE
Secure programming
Secure deployment environment
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com
CURATIVE
Penetration testing
Patching
9. Penetration Testing : What?
“Upaya untuk mendapatkan akses ke resource tanpa memiliki pengetahuan
terhadap username, password, atau akses legal pada umumnya.”
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com
10. Penetration Testing : Why?
Memverifikasi konfigurasi dari suatu sistem
Melakukan training
Uji coba teknologi baru
Menemukan celah keamanan sebelum terlambat
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com
11. Penetration Testing : How?
Manually
Using self-knowledge about the system such as information gathering, auth testing, session
management testing, etc
Automatically
Using existed tool such as Acunetix, Nicto, Nesus, etc
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com
13. Penetration Testing on Web Application
Information Gathering
Configuration Management Testing
Authentication Testing
Session Management Testing
Authorization Testing
Business Logic Testing
Data Validation Testing
Denial of Service Testing
Web Service Testing
Ajax Testing
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com
14. Facts
Dependent to client resources such
as hardware, internet, etc
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com
Unscalable
Good for small problem
Implications
Solution
Distributed System
15. Mengapa Harus Sistem Terdistribusi?
Scalable
Availability
Remote access
9/10/201513512043@std.stei.itb.ac.id | www.bangsatya.com