SlideShare a Scribd company logo

Spice Up Your Application Security Tests

lior mazor
lior mazor

The document discusses prioritizing CVE research through automation. It begins by outlining challenges with manually researching the large number of CVEs, such as time consumption and human error. It then describes starting with a basic Python script to gather CVE data from sources and write it to a spreadsheet. The script evolved to incorporate more data sources and a scoring system to prioritize CVEs based on factors like availability of public proofs-of-concept, common affected products, and relevance to the organization. This developed into a full system with a dashboard interface to easily identify high priority CVEs for further study. The benefits of automated prioritization for security research are discussed.

Technology
1 of 86
Join Us: https://www.linkedin.com/compa ny/application-security-virtual- meetups QR Link:
AppSec Trends, Methodologies and Toolsets Useful tools and methods to spice up your penetration testing routines www.effectivesec.com Shay Chen
Spicing up your application security tests Spice it up Fuzz, Bruteforce and Analyze prior to pentesting Be a cheater Obtain information relevant to hacking the app Make it easy Identify alternative / unprotected replicas / targets
Organizations will typically try to secure assets they are either focused or even aware of – But What about assets & content they are NOT aware of ?
WHY ? Naïve and Unaware
Impacts So what can go wrong ? right?
AWS Key leakage to Github
Code leakage to public repositories
Targets & Methodology
Toolsets and Methodologies ▪ Unmonitored / Unprotected Assets ▪ Target associated assets of obsolete and/or unmonitored / or unprotected systems ▪ Dev / Test / Staging and Forgotten Replicas ▪ Ips not protected by WAF, TST/DEV replicas exposed to the internet, internal assets ▪ Unmonitored Applications ▪ Applications that can be found in unmonitored URLs and subdirectories ▪ Forgotten Entry points ▪ Hidden Pages ▪ Hidden APIs ▪ Hidden methods ▪ Hidden functionality through secret parameters
What’s the benefits ▪ Unprotected Ips and Replicas ▪ Test / Dev replicas tend to be less protected and with less hardening implementation ▪ Unprotected Ips won’t include mechanism that block automation / fuzzing / attacks ▪ Unmonitored systems, applications and entry points ▪ More likely to include security vulnerabilities ▪ Less likely to be covered by monitoring systems that will alert the organization SOC and/or trigger the WAF/IDS/IPS
Attack Pattern Flowchart Identify Search Tokens Org/Bran d/App Names Domains / Sub- domains Favicons / Titles Acquire Targets Subdomain Enumeratio n Associated Server IPs Cloud / SAAS Accounts Search Relevant Informatio n Source Code Repositorie s / Containers Leaked Keys & Credentials Cached / Indexed Entry- points Initial Attack Sequence Target DEV/Test Replicas Tech Specific Fuzzing Infrastruct ure Vulnscan / Exploits Vulnerabili ty Discovery Good Old Pentestin g Exploitatio n WAF Bypass via IP/TST/DEV Replicas Manual Exploitati on Analyze Content for Additional entry points
Toolsets and Methodologies ▪ VPNs ▪ Bypass IP address restriction – useful for block evasion and for accessing DEV/TST/Admin instances ▪ Content Replicas ▪ Search via subdomains / associated domains ▪ Search via favicon hash / logo / title ▪ Code/Key/Credentials Discovery ▪ Technology specific code pattern search in github/gitlab/bitbucket/DOCKERHUB ▪ Fuzzing and Content Discovery ▪ Search engines and Caching engines ▪ Fuzzing specific technologies
Data Sources ▪ Search engine indexing ▪ DNS servers, domain registrant repositories, certificate repositories ▪ Data Sharing repositories (pastebin, etc.), credential repositories ▪ Unintentional “leftovers” in public organization documents ▪ Document metadata ▪ Credentials, URLs, images and emails in documents and help pages ▪ Public Source Code Repositories ▪ Github, Bitbucket, Gitlab, etc. ▪ Container repositories such as DockerHub ▪ Data unintentionally leaked in the past and CACHED in the internet ▪ Wayback Machine ▪ Google Cache ▪ Mirroring services/BD Search Engines
Identify Search Tokens Brandnames, Apps, Subdomains, Icon Hash, Titles
Search tokens ▪ Organization / Application ▪ Brand name, CNs, alternate names ▪ Domains / Subdomains ▪ Search via subdomains / associated domains associated to the organization/app brand ▪ Certificates ▪ CN field ▪ O field ▪ Registrant email ▪ Favicon Hash ▪ https://mmhdan.herokuapp.com/ ▪ https://github.com/kh4sh3i/Favicon-Hash ▪ Search via title / content ▪ Search via asset title or response content
Subdomain enumeration – search tokens
Org Names / Brand Names / Titles
Acquire / Identify Targets Subdomain / Servers / Ips / SAAS Accounts
Discover replicas / assets by signature Organization Subdomain Certificate Title Favicon Technology Host/Server search engines Search tokens
Discover replicas / assets by signature
Search for relevant information Code, Containers, Keys, Credentials, Docs, URLs
Identify information relevant to search tokens ▪ Code / Keys / Credentials / URLs ▪ Github, Gitlab, Bitbucket, etc. ▪ Containers ▪ Dockerhub ▪ Employee / User Credentials ▪ Paste repositories ▪ Credential repositories (intelx / etc.) ▪ Documentation ▪ Default URLs / credentials ▪ Replicas ▪ Indexed URLs / credentials of technology replicas
Source Code Repositories
Data Sharing / Pasting Repositories
Identify entry points Via fuzzing / analysis / cache
Identify entry points ▪ Cached Content ▪ Indexed URLs / content ▪ Wayback machine ▪ Fuzzing ▪ Identify directories and subdirectories ▪ Identify files and APIs ▪ Search content / log hacking ▪ Locate entry points in HTML/JS content displayed by the target site ▪ Search via similar systems ▪ Similar systems of the same developer ▪ Indexed pages of different deployments of the same application
Cached content - archive
Cached content - indexed
Fuzzing
Fuzzing for apps/directories
Fuzzing for entry points
Technology Specific Entry Point Discovery Tech. Fingerprint Fuzzing Shortname Scan Microsoft CGIs Secondary Fuzzing Tech. Fingerprint Fuzzing AppServer Content Secondary Fuzzing Tech. Fingerprint Fuzzing Server Content Secondary Fuzzing Tech. Fingerprint Fuzzing Route Content Secondary Fuzzing Tech. Fingerprint Fuzzing Server Content Secondary Fuzzing ASP/.Net/MVC/C ore Java/JSP/JAXRS/Spri ng PHP / Drupal / Joomla / WP NodeJS / Express / MeteorJS Python / Flask / Django
Content search
Questions
PAGE Yuval Rabinowitz | Cyber Security Researcher at Pentera Presentation actually by ChatGPT and Midjourney Automating security research prioritization How to Calculate CVE Reputation
PAGE A little bit about me 37 Built Escape Rooms while finishing my BCS Joined the army - Windows Forensics and Incident Response PENTERA Cyber Security Researcher Backend Developer Lives in Ramat Gan, Israel 25 Years old
PAGE CVE Common Vulnerabilities and Exposures CVE Structure CVE - 2019 - 1214 Year Numbering Prefix Identical for each ID Four digits, year of publication Ongoing: four, five or seven digits 38
PAGE Identifying a Problem • Task - Find the next CVE to research 39
PAGE Identifying a Problem • Task - Find the next CVE to research • Challenges of manual CVE lookups • Huge number of CVEs! • Constantly changing • Expensive man hours • Time consuming • Human error 40
PAGE Identifying a Problem • Task - Find the next CVE to research • Challenges of manual CVE lookups • Huge number of CVEs! • Constantly changing • Expensive man hours • Time consuming • Human error 41
PAGE Identifying a Problem • Task - Find the next CVE to research • Challenges of manual CVE lookups • Huge number of CVEs! • Constantly changing • Expensive man hours • Time consuming • Human error • Side note - Midjourney drew me -> 42
PAGE What happens when we have a lot of work to do? So lets create a python script to do it for us! 43
PAGE The evolution of a script We will talk about: • How we started with a small script and ended with a full infrastructure • How we use this system to stay ahead of attackers • Results and successes • How we can improve this system in the future 44
PAGE Automation challenges • What service does the vulnerability affect? • How harmful can it be were it to be implemented? • Does it cause a denial of service? Or maybe an entire system shutdown? • What are the vulnerable products and versions? • Could our existing clients be affected by them? • Was there a big hype around it? 45 • Are they widespread enough that it’s reasonable to think that future clients will be vulnerable? • Is there a public PoC available? That could save us days of researching • Is the vulnerability attractive for an external attacker • And more How can we automatically ID the importance of a CVE? There are so many factors…
PAGE Start small • Lets create a POC, even if it just writes data to an Excel file • We’ll start finding data sources online that can help us • Importance of generic code from the start • Basic data sources like - Nist NVD and RedHat • Basic data like - CVE number, name, score, etc… 46
PAGE GO BIGGE R • The script begins to take shape - we even have a database instead of Excel • Let's add more advanced data sources based on what might interest us if we were to search for a CVE manually • Can we find a public POC? Lets search on github! • Is the CVE interesting? Lets check on GoogleTwitteretc.! • Is the vulnerable version common in the world? Lets search on Shodan and ZoomEye! • Does Pentera have users with vulnerable machines? Lets integrate with our databases! • And as many more as you can think of 47
PAGE We have a lot of data! Now what? • Let's look into the data and see how we can prioritize • We should create a scoring system! • Each data component has its own “weight” • We can create a “formula” for calculating the score • Heavily based on trial and error when starting 48
PAGE Scoring system • Main goal - Find the CVEs that are most critical for our clients • We need to think like an attacker • Clients’ assets that are visible from the Internet - External attack surface • CVEs that have public POCs • CVEs that can achieve code execution • Every scoring system must be customized 49
PAGE How can a hacker use it 50 Find the easiest vulnerabilities to exploit Immediately identify vulnerabilities when they arise Automated attacks from POCs
PAGE Let's show our findings • Let's turn our script into a system with a clear interface to easily highlight our findings • All of our data and scores are already in a database, we only need to query it • Open source system - Redash • Server with a nice UI • Supports queries and dashboards 51
PAGE Let's show our findings • Let's turn our script into a system with a clear interface to easily highlight our findings • All of our data and scores are already in a database, we only need to query it • Open source system - Redash • Server with a nice UI • Supports queries and dashboards 52
PAGE Results • After using the prioritizer for a short period, we found relevant CVEs to start researching • The information and graphs are easily accessible for users to see 53
PAGE Results (Example)
PAGE Results (Example)
PAGE Actual results on a client’s account!
PAGE CVE Summary • We did it! We saw immediate success. • The system is now used by the product team to identify which CVE could cause the most damage • The scoring system can still be tweaked to apply to more applications • What else can we do? 57
PAGE Expanding CVE Prioritizer's Capabilities • Generic architecture for prioritization can allow us to use this system for whatever we wish to prioritize • For example: Static code analysis 58
PAGE Expanding CVE Prioritizer's Capabilities • Generic architecture for prioritization can allow us to use this system for whatever we wish to prioritize • For example: Static code analysis • Inspects the source code without executing the program • Identifies possible security vulnerabilities in the code • Detects patterns that may lead to security breaches such as SQL injection, cross-site scripting (XSS), and buffer overflow 59
PAGE OSP Prioritization • Scan open source projects (OSP) • Identify the most common open source projects used by our clients • Automatically run static code analysis scans on the projects • Prioritize which projects may be vulnerable for additional research 60
PAGE OSP Prioritization Results (Example)
PAGE OSP Prioritization - Results (Example) • Example: ProFTPd • Why did we choose the project? • FTP server used by several of our clients that was identified as potentially vulnerable • Initial findings showed the project was susceptible to almost 40 different code analysis queries 62
PAGE OSP Prioritization - Results (Example) 63
PAGE Next steps 64 AI Automated POC testing ● For open source projects ● For CVEs Ongoing use by our product and research teams 1. 2. 3.
PAGE Think like a hacker • Hackers can do what we did automatically - and without avoiding DOS attacks • And they probably are • We always need to find their next step, and if we can, automate that process 65
Thank you! Questions? ● Contact us at labs@pentera.io ● Read more Pentera Labs research at pentera.io/pentera-labs
Chasing Bug Bounties
Beware, Hacker!! Rotem Bar - Cyber Paladin - Ethical Hacker Appsec Innovation Labs @ Palo Alto Networks
Why Hackers do Bug hunting? Why Companies do Bug Hunting? Going back to bug bounty hunters Inside the mind of a bug hunter Why should a company use them? What do they actually do? 01 02 03 04 Summary
WHY do hackers Hunt?
Money 1. The more you hack the more money you will receive 1. One bug can get you multiplications 2. Automate yourself for passive income
Collaboration 1. Knowledge sharing 2. Give and Receive help 3. Part of a community 4. Together we push our limits
Challenge 1. This is not a CTF. You are the first person to find this specific flaw 1. Hacking into the most secure systems 1. Finding a new ZERO- DAY
HERO 1. Make the world a safer place 1. Help Humanity 1. Get Recognition
Compare to Pentest Bug Hunting Pentest Compensation ●Impact Based ●Endless ●Fixed ●Promised ●Capped Challenge ●No Trivial issues ●Constant Competition ●Pre-Production ●First eyes Coverage ●Statistical Only ●Time based
The Company & Bug Hunting Do we need pentest or bug bounty?
Code Configuration Servers Cloud Assets Apps Code Configuration Servers Cloud Assets Apps App Developers Code Devops IT BI Configuration Servers Cloud Assets Apps … Company 101
Code Configuration Servers Cloud Assets Apps Code Configuration Servers Cloud Assets Apps App Developers Code Devops IT BI Configuration Servers Cloud Assets Apps … Adding Security Continuously PR Scanning IDE Scanning Peer Review – App Scanning Infra Scanning Cloud Scanning CVE Scanning CICD Scanning Yearly/Quarterly Code Review Configuration Audit App Pentest Infra Pentest
Reality Check Continuously PR Scanning No all languages supported, Needs appsec customization IDE Scanning Many developers bypass this, work in unsupported ides Peer Review Most developers don’t really look at security – App Scanning Crawlers get stuck, IDOR/BOLA not supported, … Infra Scanning It’s all about the payloads, Hackers are learning much faster Cloud Scanning Mainly CSPM and configurations, too many living assets going up and down CVE Scanning False positives, False Negatives, Too much results, No one validating CICD Scanning Early stages of maturity, Attackers have the upper hand Yearly/Quarterly Code Review Audit only critical systems once a year, fix only the bugs with severity Configuration Audit high and above, Give the auditor company minimum resources and limit App Pentest the time they have for each audit. Infra Pentest Need a clean report for compliance and/or to send to customers
Closing the GAP Bug Bounty Hunters!!!
● Recon ○ Scanning for new assets ● New 1-Days ● Fuzzing Targets ● They don’t have a time limit.. Can go deep, learn your systems and find those crazy bugs ● Understand your systems better than your security team Heard about dependency confusion? They like to share with each other, With the world Scanning Manual Testing New Tactics Community What exactly do Bounty Hunters do?
BUT!! They are sensitive creatures ● They go with the interest/money ○ You have to engage them constantly ● They smell weak programs ○ If you have many duplicates, screw with them, They and their friends will ditch you ● Have a large selection of customers ○ Need to focus them on hacking you (LHE, bonuses, new scope, …)
Some Bug Bounty Examples:
Do you have the bug bounty Immune System in your company?
Does anyone have any questions? THANKS!
Thank You! Questions? To be continued… https://www.linkedin.com/company/application-security-virtual-meetups

Recommended

DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpFelipe Prado
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingAndrew McNicol
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Improving your team’s source code searching capabilities
Improving your team’s source code searching capabilitiesImproving your team’s source code searching capabilities
Improving your team’s source code searching capabilitiesNikos Katirtzis
 
Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...Nikos Katirtzis
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugLewis Ardern
 

Recommended

DEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpDEF CON 23 - BRENT - white hacking web apps wp
DEF CON 23 - BRENT - white hacking web apps wpFelipe Prado
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingAndrew McNicol
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Improving your team’s source code searching capabilities
Improving your team’s source code searching capabilitiesImproving your team’s source code searching capabilities
Improving your team’s source code searching capabilitiesNikos Katirtzis
 
Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...Nikos Katirtzis
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugLewis Ardern
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
Web hacking
Web hackingWeb hacking
Web hackingPrashant Vashisht
 
Semtech bizsemanticsearchtutorial
Semtech bizsemanticsearchtutorialSemtech bizsemanticsearchtutorial
Semtech bizsemanticsearchtutorialBarbara Starr
 
Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Zack Meyers
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. Shubham Mittal
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slidesWallarm
 
Exploring Content API Options - March 23rd 2016
Exploring Content API Options - March 23rd 2016Exploring Content API Options - March 23rd 2016
Exploring Content API Options - March 23rd 2016Jani Tarvainen
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon
 
Burpsuite yara
Burpsuite yaraBurpsuite yara
Burpsuite yaraRinaldi Rampen
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
SPLive Orlando - Beyond the Search Center - Application or Solution?
SPLive Orlando - Beyond the Search Center - Application or Solution?SPLive Orlando - Beyond the Search Center - Application or Solution?
SPLive Orlando - Beyond the Search Center - Application or Solution?Agnes Molnar
 
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your CodeHow-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your CodeDevOps.com
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
 
Searching Chinese Patents Presentation at Enterprise Data World
Searching Chinese Patents Presentation at Enterprise Data WorldSearching Chinese Patents Presentation at Enterprise Data World
Searching Chinese Patents Presentation at Enterprise Data WorldOpenSource Connections
 
Harnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfHarnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfMike Felch
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
The Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdfThe Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdflior mazor
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 

More Related Content

Similar to Spice Up Your Application Security Tests

Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
Semtech bizsemanticsearchtutorial
Semtech bizsemanticsearchtutorialSemtech bizsemanticsearchtutorial
Semtech bizsemanticsearchtutorialBarbara Starr
 
Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Zack Meyers
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. Shubham Mittal
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slidesWallarm
 
Exploring Content API Options - March 23rd 2016
Exploring Content API Options - March 23rd 2016Exploring Content API Options - March 23rd 2016
Exploring Content API Options - March 23rd 2016Jani Tarvainen
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
SPLive Orlando - Beyond the Search Center - Application or Solution?
SPLive Orlando - Beyond the Search Center - Application or Solution?SPLive Orlando - Beyond the Search Center - Application or Solution?
SPLive Orlando - Beyond the Search Center - Application or Solution?Agnes Molnar
 
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your CodeHow-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your CodeDevOps.com
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
 
Searching Chinese Patents Presentation at Enterprise Data World
Searching Chinese Patents Presentation at Enterprise Data WorldSearching Chinese Patents Presentation at Enterprise Data World
Searching Chinese Patents Presentation at Enterprise Data WorldOpenSource Connections
 
Harnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfHarnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfMike Felch
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 

Similar to Spice Up Your Application Security Tests (20)

Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 
Web hacking
Web hackingWeb hacking
Web hacking
 
Semtech bizsemanticsearchtutorial
Semtech bizsemanticsearchtutorialSemtech bizsemanticsearchtutorial
Semtech bizsemanticsearchtutorial
 
Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101
 
DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet. DataSploit - Tool Demo at Null Bangalore - March Meet.
DataSploit - Tool Demo at Null Bangalore - March Meet.
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
 
Exploring Content API Options - March 23rd 2016
Exploring Content API Options - March 23rd 2016Exploring Content API Options - March 23rd 2016
Exploring Content API Options - March 23rd 2016
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
 
Burpsuite yara
Burpsuite yaraBurpsuite yara
Burpsuite yara
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
SPLive Orlando - Beyond the Search Center - Application or Solution?
SPLive Orlando - Beyond the Search Center - Application or Solution?SPLive Orlando - Beyond the Search Center - Application or Solution?
SPLive Orlando - Beyond the Search Center - Application or Solution?
 
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your CodeHow-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
 
Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9Aleksei Dremin - Application Security Pipeline - phdays9
Aleksei Dremin - Application Security Pipeline - phdays9
 
Searching Chinese Patents Presentation at Enterprise Data World
Searching Chinese Patents Presentation at Enterprise Data WorldSearching Chinese Patents Presentation at Enterprise Data World
Searching Chinese Patents Presentation at Enterprise Data World
 
Harnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdfHarnessing the Power of AI in AWS Pentesting.pdf
Harnessing the Power of AI in AWS Pentesting.pdf
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 

More from lior mazor

The Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdfThe Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdflior mazor
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxlior mazor
 
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdfVulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdflior mazor
 
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptxSailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptxlior mazor
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxlior mazor
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119lior mazor
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022lior mazor
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...lior mazor
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 blior mazor
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
Application security meetup 02032021
Application security meetup 02032021Application security meetup 02032021
Application security meetup 02032021lior mazor
 

More from lior mazor (20)

The Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdfThe Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdf
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptxWhy 2024 will become the Year of SaaS Security Meetup 24012024.pptx
Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx
 
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdfVulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
 
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptxSailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
 
Application security meetup 02032021
Application security meetup 02032021Application security meetup 02032021
Application security meetup 02032021
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Spice Up Your Application Security Tests

  • 2. AppSec Trends, Methodologies and Toolsets Useful tools and methods to spice up your penetration testing routines www.effectivesec.com Shay Chen
  • 3. Spicing up your application security tests Spice it up Fuzz, Bruteforce and Analyze prior to pentesting Be a cheater Obtain information relevant to hacking the app Make it easy Identify alternative / unprotected replicas / targets
  • 4. Organizations will typically try to secure assets they are either focused or even aware of – But What about assets & content they are NOT aware of ?
  • 6. Impacts So what can go wrong ? right?
  • 7. AWS Key leakage to Github
  • 8. Code leakage to public repositories
  • 10. Toolsets and Methodologies ▪ Unmonitored / Unprotected Assets ▪ Target associated assets of obsolete and/or unmonitored / or unprotected systems ▪ Dev / Test / Staging and Forgotten Replicas ▪ Ips not protected by WAF, TST/DEV replicas exposed to the internet, internal assets ▪ Unmonitored Applications ▪ Applications that can be found in unmonitored URLs and subdirectories ▪ Forgotten Entry points ▪ Hidden Pages ▪ Hidden APIs ▪ Hidden methods ▪ Hidden functionality through secret parameters
  • 11. What’s the benefits ▪ Unprotected Ips and Replicas ▪ Test / Dev replicas tend to be less protected and with less hardening implementation ▪ Unprotected Ips won’t include mechanism that block automation / fuzzing / attacks ▪ Unmonitored systems, applications and entry points ▪ More likely to include security vulnerabilities ▪ Less likely to be covered by monitoring systems that will alert the organization SOC and/or trigger the WAF/IDS/IPS
  • 12. Attack Pattern Flowchart Identify Search Tokens Org/Bran d/App Names Domains / Sub- domains Favicons / Titles Acquire Targets Subdomain Enumeratio n Associated Server IPs Cloud / SAAS Accounts Search Relevant Informatio n Source Code Repositorie s / Containers Leaked Keys & Credentials Cached / Indexed Entry- points Initial Attack Sequence Target DEV/Test Replicas Tech Specific Fuzzing Infrastruct ure Vulnscan / Exploits Vulnerabili ty Discovery Good Old Pentestin g Exploitatio n WAF Bypass via IP/TST/DEV Replicas Manual Exploitati on Analyze Content for Additional entry points
  • 13. Toolsets and Methodologies ▪ VPNs ▪ Bypass IP address restriction – useful for block evasion and for accessing DEV/TST/Admin instances ▪ Content Replicas ▪ Search via subdomains / associated domains ▪ Search via favicon hash / logo / title ▪ Code/Key/Credentials Discovery ▪ Technology specific code pattern search in github/gitlab/bitbucket/DOCKERHUB ▪ Fuzzing and Content Discovery ▪ Search engines and Caching engines ▪ Fuzzing specific technologies
  • 14. Data Sources ▪ Search engine indexing ▪ DNS servers, domain registrant repositories, certificate repositories ▪ Data Sharing repositories (pastebin, etc.), credential repositories ▪ Unintentional “leftovers” in public organization documents ▪ Document metadata ▪ Credentials, URLs, images and emails in documents and help pages ▪ Public Source Code Repositories ▪ Github, Bitbucket, Gitlab, etc. ▪ Container repositories such as DockerHub ▪ Data unintentionally leaked in the past and CACHED in the internet ▪ Wayback Machine ▪ Google Cache ▪ Mirroring services/BD Search Engines
  • 15. Identify Search Tokens Brandnames, Apps, Subdomains, Icon Hash, Titles
  • 16. Search tokens ▪ Organization / Application ▪ Brand name, CNs, alternate names ▪ Domains / Subdomains ▪ Search via subdomains / associated domains associated to the organization/app brand ▪ Certificates ▪ CN field ▪ O field ▪ Registrant email ▪ Favicon Hash ▪ https://mmhdan.herokuapp.com/ ▪ https://github.com/kh4sh3i/Favicon-Hash ▪ Search via title / content ▪ Search via asset title or response content
  • 17. Subdomain enumeration – search tokens
  • 18. Org Names / Brand Names / Titles
  • 19. Acquire / Identify Targets Subdomain / Servers / Ips / SAAS Accounts
  • 20. Discover replicas / assets by signature Organization Subdomain Certificate Title Favicon Technology Host/Server search engines Search tokens
  • 21. Discover replicas / assets by signature
  • 22. Search for relevant information Code, Containers, Keys, Credentials, Docs, URLs
  • 23. Identify information relevant to search tokens ▪ Code / Keys / Credentials / URLs ▪ Github, Gitlab, Bitbucket, etc. ▪ Containers ▪ Dockerhub ▪ Employee / User Credentials ▪ Paste repositories ▪ Credential repositories (intelx / etc.) ▪ Documentation ▪ Default URLs / credentials ▪ Replicas ▪ Indexed URLs / credentials of technology replicas
  • 25. Data Sharing / Pasting Repositories
  • 26. Identify entry points Via fuzzing / analysis / cache
  • 27. Identify entry points ▪ Cached Content ▪ Indexed URLs / content ▪ Wayback machine ▪ Fuzzing ▪ Identify directories and subdirectories ▪ Identify files and APIs ▪ Search content / log hacking ▪ Locate entry points in HTML/JS content displayed by the target site ▪ Search via similar systems ▪ Similar systems of the same developer ▪ Indexed pages of different deployments of the same application
  • 28. Cached content - archive
  • 29. Cached content - indexed
  • 33. Technology Specific Entry Point Discovery Tech. Fingerprint Fuzzing Shortname Scan Microsoft CGIs Secondary Fuzzing Tech. Fingerprint Fuzzing AppServer Content Secondary Fuzzing Tech. Fingerprint Fuzzing Server Content Secondary Fuzzing Tech. Fingerprint Fuzzing Route Content Secondary Fuzzing Tech. Fingerprint Fuzzing Server Content Secondary Fuzzing ASP/.Net/MVC/C ore Java/JSP/JAXRS/Spri ng PHP / Drupal / Joomla / WP NodeJS / Express / MeteorJS Python / Flask / Django
  • 36. PAGE Yuval Rabinowitz | Cyber Security Researcher at Pentera Presentation actually by ChatGPT and Midjourney Automating security research prioritization How to Calculate CVE Reputation
  • 37. PAGE A little bit about me 37 Built Escape Rooms while finishing my BCS Joined the army - Windows Forensics and Incident Response PENTERA Cyber Security Researcher Backend Developer Lives in Ramat Gan, Israel 25 Years old
  • 38. PAGE CVE Common Vulnerabilities and Exposures CVE Structure CVE - 2019 - 1214 Year Numbering Prefix Identical for each ID Four digits, year of publication Ongoing: four, five or seven digits 38
  • 39. PAGE Identifying a Problem • Task - Find the next CVE to research 39
  • 40. PAGE Identifying a Problem • Task - Find the next CVE to research • Challenges of manual CVE lookups • Huge number of CVEs! • Constantly changing • Expensive man hours • Time consuming • Human error 40
  • 41. PAGE Identifying a Problem • Task - Find the next CVE to research • Challenges of manual CVE lookups • Huge number of CVEs! • Constantly changing • Expensive man hours • Time consuming • Human error 41
  • 42. PAGE Identifying a Problem • Task - Find the next CVE to research • Challenges of manual CVE lookups • Huge number of CVEs! • Constantly changing • Expensive man hours • Time consuming • Human error • Side note - Midjourney drew me -> 42
  • 43. PAGE What happens when we have a lot of work to do? So lets create a python script to do it for us! 43
  • 44. PAGE The evolution of a script We will talk about: • How we started with a small script and ended with a full infrastructure • How we use this system to stay ahead of attackers • Results and successes • How we can improve this system in the future 44
  • 45. PAGE Automation challenges • What service does the vulnerability affect? • How harmful can it be were it to be implemented? • Does it cause a denial of service? Or maybe an entire system shutdown? • What are the vulnerable products and versions? • Could our existing clients be affected by them? • Was there a big hype around it? 45 • Are they widespread enough that it’s reasonable to think that future clients will be vulnerable? • Is there a public PoC available? That could save us days of researching • Is the vulnerability attractive for an external attacker • And more How can we automatically ID the importance of a CVE? There are so many factors…
  • 46. PAGE Start small • Lets create a POC, even if it just writes data to an Excel file • We’ll start finding data sources online that can help us • Importance of generic code from the start • Basic data sources like - Nist NVD and RedHat • Basic data like - CVE number, name, score, etc… 46
  • 47. PAGE GO BIGGE R • The script begins to take shape - we even have a database instead of Excel • Let's add more advanced data sources based on what might interest us if we were to search for a CVE manually • Can we find a public POC? Lets search on github! • Is the CVE interesting? Lets check on GoogleTwitteretc.! • Is the vulnerable version common in the world? Lets search on Shodan and ZoomEye! • Does Pentera have users with vulnerable machines? Lets integrate with our databases! • And as many more as you can think of 47
  • 48. PAGE We have a lot of data! Now what? • Let's look into the data and see how we can prioritize • We should create a scoring system! • Each data component has its own “weight” • We can create a “formula” for calculating the score • Heavily based on trial and error when starting 48
  • 49. PAGE Scoring system • Main goal - Find the CVEs that are most critical for our clients • We need to think like an attacker • Clients’ assets that are visible from the Internet - External attack surface • CVEs that have public POCs • CVEs that can achieve code execution • Every scoring system must be customized 49
  • 50. PAGE How can a hacker use it 50 Find the easiest vulnerabilities to exploit Immediately identify vulnerabilities when they arise Automated attacks from POCs
  • 51. PAGE Let's show our findings • Let's turn our script into a system with a clear interface to easily highlight our findings • All of our data and scores are already in a database, we only need to query it • Open source system - Redash • Server with a nice UI • Supports queries and dashboards 51
  • 52. PAGE Let's show our findings • Let's turn our script into a system with a clear interface to easily highlight our findings • All of our data and scores are already in a database, we only need to query it • Open source system - Redash • Server with a nice UI • Supports queries and dashboards 52
  • 53. PAGE Results • After using the prioritizer for a short period, we found relevant CVEs to start researching • The information and graphs are easily accessible for users to see 53
  • 56. PAGE Actual results on a client’s account!
  • 57. PAGE CVE Summary • We did it! We saw immediate success. • The system is now used by the product team to identify which CVE could cause the most damage • The scoring system can still be tweaked to apply to more applications • What else can we do? 57
  • 58. PAGE Expanding CVE Prioritizer's Capabilities • Generic architecture for prioritization can allow us to use this system for whatever we wish to prioritize • For example: Static code analysis 58
  • 59. PAGE Expanding CVE Prioritizer's Capabilities • Generic architecture for prioritization can allow us to use this system for whatever we wish to prioritize • For example: Static code analysis • Inspects the source code without executing the program • Identifies possible security vulnerabilities in the code • Detects patterns that may lead to security breaches such as SQL injection, cross-site scripting (XSS), and buffer overflow 59
  • 60. PAGE OSP Prioritization • Scan open source projects (OSP) • Identify the most common open source projects used by our clients • Automatically run static code analysis scans on the projects • Prioritize which projects may be vulnerable for additional research 60
  • 62. PAGE OSP Prioritization - Results (Example) • Example: ProFTPd • Why did we choose the project? • FTP server used by several of our clients that was identified as potentially vulnerable • Initial findings showed the project was susceptible to almost 40 different code analysis queries 62
  • 63. PAGE OSP Prioritization - Results (Example) 63
  • 64. PAGE Next steps 64 AI Automated POC testing ● For open source projects ● For CVEs Ongoing use by our product and research teams 1. 2. 3.
  • 65. PAGE Think like a hacker • Hackers can do what we did automatically - and without avoiding DOS attacks • And they probably are • We always need to find their next step, and if we can, automate that process 65
  • 66. Thank you! Questions? ● Contact us at labs@pentera.io ● Read more Pentera Labs research at pentera.io/pentera-labs
  • 68. Beware, Hacker!! Rotem Bar - Cyber Paladin - Ethical Hacker Appsec Innovation Labs @ Palo Alto Networks
  • 69. Why Hackers do Bug hunting? Why Companies do Bug Hunting? Going back to bug bounty hunters Inside the mind of a bug hunter Why should a company use them? What do they actually do? 01 02 03 04 Summary
  • 70. WHY do hackers Hunt?
  • 71. Money 1. The more you hack the more money you will receive 1. One bug can get you multiplications 2. Automate yourself for passive income
  • 72. Collaboration 1. Knowledge sharing 2. Give and Receive help 3. Part of a community 4. Together we push our limits
  • 73. Challenge 1. This is not a CTF. You are the first person to find this specific flaw 1. Hacking into the most secure systems 1. Finding a new ZERO- DAY
  • 74. HERO 1. Make the world a safer place 1. Help Humanity 1. Get Recognition
  • 75. Compare to Pentest Bug Hunting Pentest Compensation ●Impact Based ●Endless ●Fixed ●Promised ●Capped Challenge ●No Trivial issues ●Constant Competition ●Pre-Production ●First eyes Coverage ●Statistical Only ●Time based
  • 76. The Company & Bug Hunting Do we need pentest or bug bounty?
  • 78. Code Configuration Servers Cloud Assets Apps Code Configuration Servers Cloud Assets Apps App Developers Code Devops IT BI Configuration Servers Cloud Assets Apps … Adding Security Continuously PR Scanning IDE Scanning Peer Review – App Scanning Infra Scanning Cloud Scanning CVE Scanning CICD Scanning Yearly/Quarterly Code Review Configuration Audit App Pentest Infra Pentest
  • 79. Reality Check Continuously PR Scanning No all languages supported, Needs appsec customization IDE Scanning Many developers bypass this, work in unsupported ides Peer Review Most developers don’t really look at security – App Scanning Crawlers get stuck, IDOR/BOLA not supported, … Infra Scanning It’s all about the payloads, Hackers are learning much faster Cloud Scanning Mainly CSPM and configurations, too many living assets going up and down CVE Scanning False positives, False Negatives, Too much results, No one validating CICD Scanning Early stages of maturity, Attackers have the upper hand Yearly/Quarterly Code Review Audit only critical systems once a year, fix only the bugs with severity Configuration Audit high and above, Give the auditor company minimum resources and limit App Pentest the time they have for each audit. Infra Pentest Need a clean report for compliance and/or to send to customers
  • 80. Closing the GAP Bug Bounty Hunters!!!
  • 81. ● Recon ○ Scanning for new assets ● New 1-Days ● Fuzzing Targets ● They don’t have a time limit.. Can go deep, learn your systems and find those crazy bugs ● Understand your systems better than your security team Heard about dependency confusion? They like to share with each other, With the world Scanning Manual Testing New Tactics Community What exactly do Bounty Hunters do?
  • 82. BUT!! They are sensitive creatures ● They go with the interest/money ○ You have to engage them constantly ● They smell weak programs ○ If you have many duplicates, screw with them, They and their friends will ditch you ● Have a large selection of customers ○ Need to focus them on hacking you (LHE, bonuses, new scope, …)
  • 83. Some Bug Bounty Examples:
  • 84. Do you have the bug bounty Immune System in your company?
  • 85. Does anyone have any questions? THANKS!
  • 86. Thank You! Questions? To be continued… https://www.linkedin.com/company/application-security-virtual-meetups