Rashid Khatmey, profile picture
Uploaded byRashid Khatmey
PPTX, PDF273 views

2 . web app s canners

Web application scanners crawl a web application to locate vulnerabilities by simulating attacks. They work by supporting various protocols, crawling and parsing content, testing for vulnerabilities, and generating reports. While scanners help find issues, developers should focus on learning secure coding practices to build applications securely from the start.

Embed presentation

Downloaded 10 times
How web application scanners Work Future University Computer Science Open Day August 2016
Who Am I  TGy aldeen abdalmoniem  Software Engineer / InfoSec researcher.  Interested in machine learning usage in intrusion detection systems and IOT security. If any one interested, please contact me. Contact: http://tagy.sd tagy-aldeen@hotmail.com
OWASP … ... and OWASP Khartoum.
Around the world
OWASP is not L33t haxorzing Private 0day Private forums Mad 0wnag3 sk1lz
Top 10 Web Dev. Guides Design Guides Testing Guides WebGoat WebScarab ZAP ESAPI Browser Security Industry Sectors Access Control Education Local Chapters Conferences Tutorials Mailing Lists Documentation Tools Groups Community
Wanna join? Join our community (free cookies?) Share and learn. Attend meetings and sessions. Push us to do better. Become a member?
Content  Introduction.  Who is this for.  Why should we use it.  How magic really happen?  Scan Steps.  Code Samples.  Advice and References.  Questions.
Introduction What is Web application scanner !! • Briefly, these tools crawl a web application and locate application layer vulnerabilities and weaknesses, either by manipulating HTTP messages or by inspecting them for suspicious attributes. • In other words: the scanner search the application for vulnerabilities by simulating attacks on it. • So it is software that detects security weaknesses and vulnerabilities.
Who Is this for ! Software engineers interested in developing Security applications. Web application Developers. On the other Hand: Software Testers. Quality assurance section in companies. Penetration Testers.
Small note The aim of this session is not to define a list of scanners, and evaluating specific products. Goals Provide scanner users with a reference that can be used to conduct a thorough scanner evaluation and make an informed decision. Provide scanner developers with a list of capabilities to compare their tools against to help them create a roadmap of future enhancements
Why should we use scanner ! o First of all Network Firewalls, SSL and locked-down servers can’t stop your web applications and websites from being hacked. Any note on this ! o Do you grantee your code is secure ! o Do you know how to write secure code ! o Web application scanners help reduce the number of vulnerabilities in web applications. o Scanners are an important part of most application security programs.
Steps of the scan: 1. Protocol support 2. Crawling 3. Parsing 4. Testing 5. Command and Control 6. Reporting
Protocol Support & Authentication Check the protocol support list of the scanner and verify that SSL/TLS, required HTTP versions, HTTP compression. Check the ability of the scanner to keep the connections open for multiple requests. o What types of authentication are used by the application you’ll be scanning? o HTML form-based. o Login process that can’t be fully automated ( CAPTCHA). Authentication:
Crawl and coverage  Ensure that representation of your web application includes Files. Scripts. Client scripts. Input parameters. Directories etc…  If not all objects are listed, it means that the crawler is not able to automatically crawl all of the web application, thus might not identify all vulnerabilities.
Crawling procedure o Scanner must first find the page in order to find the vulnerability! o How well does the scanner support redirects? AJAX? o Lots of details in this section for developers who would like to improve their scanners!
Scanner view of the pages: The web scanner Track links by searching for <a href > tags
Parsing Some of it can be done through manual training of the scanner but the intelligence of the tool depends on the ability to parse web content of the application. What Content is supported The essential web content types that the scanner should be able to parse are HTML, JavaScript, VBScript, XML, Plaintext, ActiveX Objects, Java Applets, Flash, CSS, and many more.
How parser see the page !
Parsing The web scanner will submit this form and start testing the form inputs with various payloads looking for vulnerabilities.
Command, Control  The primary factors to be considered here are as follows:  Ability to schedule scans  Ability to Pause and resume scans  Ability to view real time scan status  Ability to define re-usable configurable templates  Multi user and multi scan support
Testing and Reporting  A scanner should allow configurations to include/exclude/set URL, file extensions, parameters, host names/IP, cookies and http headers.  It should be able to identify vulnerabilities, architectural weaknesses, authorization and authentication related problems.
Report Sample
Vulnerability Example The scanners assess a target application by constructing HTTP or HTTPS requests that are known to elicit a response indicating susceptibility to various types of attack. POST /bank/search.aspx HTTP/1.0<br> Host: www.acme-hackme.com rn ...rn searchterms=<script>alert('xss')</script> "/%20<script>alert('css')</script>%20.shtml" If the response contains the submitted "searchterms" parameter value in the exact format it was submitted, then the input value is vulnerable to cross-site scripting.
SQl Injection Example
Detecting DB Stander Error message
Sample From B3ati 1 3 4 3 2
Advice for a Scanner Evaluation Obtain latest version of each scanner. For commercial scanners, contact vendor for free trial. Don’t download old versions off of PirateBay!
References:  For Developers and Testers o https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools o Securitytube.net o Nikto By Linux CBT  For Software engineers o Python Scripting Expert (Security Tube) o Wa3f o Vega (open source) for java developers. o B3ati (written by me) o https://github.com/TGyAlDeen/B3ati. Contribute if you can, believe me you can (wa3f report) and many more .
Summary o Scanners will help you to find vulnerabilities in your applications, But why even vulnerability can be found!! o Learn how to write secure application from scratch. o Use WAF, check mazin paper for more information.
Questions !

More Related Content

PPTX
3. backup file artifacts - mazin ahmed
byRashid Khatmey
 
PPTX
4 . future uni presentation
byRashid Khatmey
 
PDF
Penetration testing web application web application (in) security
byNahidul Kibria
 
PDF
Web Application Security 101
byCybersecurity Education and Research Centre
 
PPTX
Owasp top 10 security threats
byVishal Kumar
 
PPTX
Web Application Penetration Testing Introduction
bygbud7
 
PPTX
Security testing
byKhizra Sammad
 
PPTX
Web application Security tools
byNico Penaredondo
 
3. backup file artifacts - mazin ahmed
byRashid Khatmey
 
4 . future uni presentation
byRashid Khatmey
 
Penetration testing web application web application (in) security
byNahidul Kibria
 
Web Application Security 101
byCybersecurity Education and Research Centre
 
Owasp top 10 security threats
byVishal Kumar
 
Web Application Penetration Testing Introduction
bygbud7
 
Security testing
byKhizra Sammad
 
Web application Security tools
byNico Penaredondo
 

What's hot

PPT
Using Proxies To Secure Applications And More
byJosh Sokol
 
PPTX
A5: Security Misconfiguration
byTariq Islam
 
PPT
Step by step guide for web application security testing
byAvyaan, Web Security Company in India
 
PDF
Web App Security Presentation by Ryan Holland - 05-31-2017
byTriNimbus
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
PPTX
A7 Missing Function Level Access Control
bystevil1224
 
PPTX
Security Testing Training With Examples
byAlwin Thayyil
 
PDF
How to find Zero day vulnerabilities
byMohammed A. Imran
 
PDF
Web Application Security with PHP
byjikbal
 
PPTX
Cyber ppt
bykarthik menon
 
PDF
Web application security & Testing
byDeepu S Nath
 
PPTX
Application Security Vulnerabilities: OWASP Top 10 -2007
byVaibhav Gupta
 
PPTX
Owasp top 10 2017
byibrahimumer2
 
PDF
The Complete Web Application Security Testing Checklist
byCigital
 
PPTX
A10 - Unvalidated Redirects and Forwards
byShane Stanley
 
PDF
Owasp top 10 web application security hazards part 2
byAbhinav Sejpal
 
PPTX
Owasp top 10 vulnerabilities
byOWASP Delhi
 
PPTX
Security hole #5 application security science or quality assurance
byTjylen Veselyj
 
PPT
Intro to Web Application Security
byRob Ragan
 
PPTX
Web application security: Threats & Countermeasures
byAung Thu Rha Hein
 
Using Proxies To Secure Applications And More
byJosh Sokol
 
A5: Security Misconfiguration
byTariq Islam
 
Step by step guide for web application security testing
byAvyaan, Web Security Company in India
 
Web App Security Presentation by Ryan Holland - 05-31-2017
byTriNimbus
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
A7 Missing Function Level Access Control
bystevil1224
 
Security Testing Training With Examples
byAlwin Thayyil
 
How to find Zero day vulnerabilities
byMohammed A. Imran
 
Web Application Security with PHP
byjikbal
 
Cyber ppt
bykarthik menon
 
Web application security & Testing
byDeepu S Nath
 
Application Security Vulnerabilities: OWASP Top 10 -2007
byVaibhav Gupta
 
Owasp top 10 2017
byibrahimumer2
 
The Complete Web Application Security Testing Checklist
byCigital
 
A10 - Unvalidated Redirects and Forwards
byShane Stanley
 
Owasp top 10 web application security hazards part 2
byAbhinav Sejpal
 
Owasp top 10 vulnerabilities
byOWASP Delhi
 
Security hole #5 application security science or quality assurance
byTjylen Veselyj
 
Intro to Web Application Security
byRob Ragan
 
Web application security: Threats & Countermeasures
byAung Thu Rha Hein
 

Viewers also liked

PPT
Business cases for software security
byMarco Morana
 
PPTX
Serenity Project: Security in Software Enginering
byFrancisco Sanchez Cid
 
PDF
Cyber security rule of use internet safely
byAlexander Decker
 
PPTX
Poker Game
byREHMAT ULLAH
 
PPT
Protect Data in Your Software Client - Data Obfuscation
bySteven Davis
 
PPTX
Assessment of project management practices in pakistani software industry
byjehan1987
 
PPT
project on software industry
byAamir chouhan
 
PPTX
software project management Assumption about conventional model
byREHMAT ULLAH
 
PPTX
Conventional sources of energy
bySnehal Bhargava
 
DOC
Sample project plan
bymamoonnift
 
Business cases for software security
byMarco Morana
 
Serenity Project: Security in Software Enginering
byFrancisco Sanchez Cid
 
Cyber security rule of use internet safely
byAlexander Decker
 
Poker Game
byREHMAT ULLAH
 
Protect Data in Your Software Client - Data Obfuscation
bySteven Davis
 
Assessment of project management practices in pakistani software industry
byjehan1987
 
project on software industry
byAamir chouhan
 
software project management Assumption about conventional model
byREHMAT ULLAH
 
Conventional sources of energy
bySnehal Bhargava
 
Sample project plan
bymamoonnift
 

Similar to 2 . web app s canners

PPTX
Web Application Scanning Flow and features.pptx
byalphaa2test
 
PDF
Benchmarking Web Application Scanners for YOUR Organization
byDenim Group
 
PPT
Scanning web vulnerabilities
byMohit Dholakiya
 
PPTX
Automating Web Applications Security Assessments Through Scanners
bynfteodoro
 
PDF
Defcon 20-zulla-improving-web-vulnerability-scanning
byzulla
 
PDF
Defcon 20-zulla-improving-web-vulnerability-scanning
byzulla
 
ODP
Effective DevSecOps
byPawel Krawczyk
 
PDF
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
bySecurity Bootcamp
 
PPT
Web 2.0 Hacking
byblake101
 
PPTX
Project Presentation
byInaam Ishaque Shaikh
 
PPTX
Introduction to cyber security
byGeevarghese Titus
 
PPTX
Hacker Proof web app using Functional tests
byAnkita Gupta
 
PDF
HP WebInspect
byrohit_ta
 
PDF
IRJET- Testing Web Application using Vulnerability Scan
byIRJET Journal
 
PPTX
Burp Suite is a powerful and widely-used tool
bywaudit1
 
PPTX
webscannerwithpythontoscanthe website.pptx
bygopisettipradeep
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PPTX
vulnerability scanner on web application.pptx
byjayakrishna1536
 
PPTX
B&W Netsparker overview
byMarusya Maruzhenko
 
PDF
Web application penetration testing lab setup guide
bySudhanshu Chauhan
 
Web Application Scanning Flow and features.pptx
byalphaa2test
 
Benchmarking Web Application Scanners for YOUR Organization
byDenim Group
 
Scanning web vulnerabilities
byMohit Dholakiya
 
Automating Web Applications Security Assessments Through Scanners
bynfteodoro
 
Defcon 20-zulla-improving-web-vulnerability-scanning
byzulla
 
Defcon 20-zulla-improving-web-vulnerability-scanning
byzulla
 
Effective DevSecOps
byPawel Krawczyk
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
bySecurity Bootcamp
 
Web 2.0 Hacking
byblake101
 
Project Presentation
byInaam Ishaque Shaikh
 
Introduction to cyber security
byGeevarghese Titus
 
Hacker Proof web app using Functional tests
byAnkita Gupta
 
HP WebInspect
byrohit_ta
 
IRJET- Testing Web Application using Vulnerability Scan
byIRJET Journal
 
Burp Suite is a powerful and widely-used tool
bywaudit1
 
webscannerwithpythontoscanthe website.pptx
bygopisettipradeep
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
vulnerability scanner on web application.pptx
byjayakrishna1536
 
B&W Netsparker overview
byMarusya Maruzhenko
 
Web application penetration testing lab setup guide
bySudhanshu Chauhan
 

Recently uploaded

PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PDF
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
PDF
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PDF
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
Workflow and decision Automation with Flowable
bychakib ch
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 

2 . web app s canners

  • 1.
    How web applicationscanners Work Future University Computer Science Open Day August 2016
  • 2.
    Who Am I TGy aldeen abdalmoniem  Software Engineer / InfoSec researcher.  Interested in machine learning usage in intrusion detection systems and IOT security. If any one interested, please contact me. Contact: http://tagy.sd tagy-aldeen@hotmail.com
  • 3.
    OWASP … ... andOWASP Khartoum.
  • 4.
  • 5.
    OWASP is not L33thaxorzing Private 0day Private forums Mad 0wnag3 sk1lz
  • 6.
    Top 10 Web Dev.Guides Design Guides Testing Guides WebGoat WebScarab ZAP ESAPI Browser Security Industry Sectors Access Control Education Local Chapters Conferences Tutorials Mailing Lists Documentation Tools Groups Community
  • 7.
    Wanna join? Join ourcommunity (free cookies?) Share and learn. Attend meetings and sessions. Push us to do better. Become a member?
  • 8.
    Content  Introduction.  Whois this for.  Why should we use it.  How magic really happen?  Scan Steps.  Code Samples.  Advice and References.  Questions.
  • 9.
    Introduction What is Webapplication scanner !! • Briefly, these tools crawl a web application and locate application layer vulnerabilities and weaknesses, either by manipulating HTTP messages or by inspecting them for suspicious attributes. • In other words: the scanner search the application for vulnerabilities by simulating attacks on it. • So it is software that detects security weaknesses and vulnerabilities.
  • 10.
    Who Is thisfor ! Software engineers interested in developing Security applications. Web application Developers. On the other Hand: Software Testers. Quality assurance section in companies. Penetration Testers.
  • 11.
    Small note The aimof this session is not to define a list of scanners, and evaluating specific products. Goals Provide scanner users with a reference that can be used to conduct a thorough scanner evaluation and make an informed decision. Provide scanner developers with a list of capabilities to compare their tools against to help them create a roadmap of future enhancements
  • 12.
    Why should weuse scanner ! o First of all Network Firewalls, SSL and locked-down servers can’t stop your web applications and websites from being hacked. Any note on this ! o Do you grantee your code is secure ! o Do you know how to write secure code ! o Web application scanners help reduce the number of vulnerabilities in web applications. o Scanners are an important part of most application security programs.
  • 13.
    Steps of thescan: 1. Protocol support 2. Crawling 3. Parsing 4. Testing 5. Command and Control 6. Reporting
  • 14.
    Protocol Support &Authentication Check the protocol support list of the scanner and verify that SSL/TLS, required HTTP versions, HTTP compression. Check the ability of the scanner to keep the connections open for multiple requests. o What types of authentication are used by the application you’ll be scanning? o HTML form-based. o Login process that can’t be fully automated ( CAPTCHA). Authentication:
  • 15.
    Crawl and coverage Ensure that representation of your web application includes Files. Scripts. Client scripts. Input parameters. Directories etc…  If not all objects are listed, it means that the crawler is not able to automatically crawl all of the web application, thus might not identify all vulnerabilities.
  • 16.
    Crawling procedure o Scannermust first find the page in order to find the vulnerability! o How well does the scanner support redirects? AJAX? o Lots of details in this section for developers who would like to improve their scanners!
  • 17.
    Scanner view ofthe pages: The web scanner Track links by searching for <a href > tags
  • 19.
    Parsing Some of itcan be done through manual training of the scanner but the intelligence of the tool depends on the ability to parse web content of the application. What Content is supported The essential web content types that the scanner should be able to parse are HTML, JavaScript, VBScript, XML, Plaintext, ActiveX Objects, Java Applets, Flash, CSS, and many more.
  • 20.
    How parser seethe page !
  • 21.
    Parsing The web scannerwill submit this form and start testing the form inputs with various payloads looking for vulnerabilities.
  • 22.
    Command, Control  Theprimary factors to be considered here are as follows:  Ability to schedule scans  Ability to Pause and resume scans  Ability to view real time scan status  Ability to define re-usable configurable templates  Multi user and multi scan support
  • 23.
    Testing and Reporting A scanner should allow configurations to include/exclude/set URL, file extensions, parameters, host names/IP, cookies and http headers.  It should be able to identify vulnerabilities, architectural weaknesses, authorization and authentication related problems.
  • 24.
  • 25.
    Vulnerability Example The scannersassess a target application by constructing HTTP or HTTPS requests that are known to elicit a response indicating susceptibility to various types of attack. POST /bank/search.aspx HTTP/1.0<br> Host: www.acme-hackme.com rn ...rn searchterms=<script>alert('xss')</script> "/%20<script>alert('css')</script>%20.shtml" If the response contains the submitted "searchterms" parameter value in the exact format it was submitted, then the input value is vulnerable to cross-site scripting.
  • 26.
  • 27.
  • 28.
  • 29.
    Advice for aScanner Evaluation Obtain latest version of each scanner. For commercial scanners, contact vendor for free trial. Don’t download old versions off of PirateBay!
  • 30.
    References:  For Developersand Testers o https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools o Securitytube.net o Nikto By Linux CBT  For Software engineers o Python Scripting Expert (Security Tube) o Wa3f o Vega (open source) for java developers. o B3ati (written by me) o https://github.com/TGyAlDeen/B3ati. Contribute if you can, believe me you can (wa3f report) and many more .
  • 31.
    Summary o Scanners willhelp you to find vulnerabilities in your applications, But why even vulnerability can be found!! o Learn how to write secure application from scratch. o Use WAF, check mazin paper for more information.
  • 32.

Editor's Notes

  • #4 عالميه خيريه لا تهدف للربح Founded: 2001 42,000+ volunteer 100+ countries Open source non-profit charitable foundation dedicated to enabling organizations so they can develop, maintain, and acquire software they can trust Making Security Visible , through… Documentation Top Ten, Dev. Guide, Design Guide, Testing Guide, … Tools WebGoat, WebScarab, Site Generator, Report Generator, ESAPI, CSRF Guard, CSRF Tester, Stinger, Pantera, … Working Groups Browser Security, Industry Sectors, Access Control (XACML), Education, Mobile Phone Security, Preventive Security, OWASP SDL, OWASP Governance, RIA SecurityCommunity and Awareness Local Chapters, Conferences, Tutorials, Mailing Lists
  • #5 Photo 2011 للوقت داك ماف اوساب خرطوم ولا مصر
  • #7 الوسائل البتوصل بيها واسب المشن حقتها...
  • #8 https://s-media-cache-ak0.pinimg.com/564x/6e/d5/39/6ed53976fb1598429a969a1e7060591c.jpg
  • #11 Software engineers interested in developing Security applications. Web application Developers. On the other Hand: Software Testers. Quality assurance section in companies. Penetration Testers.
  • #17 قبل ما نخوض في التفاصيل: لازم في تفاصيل نخلي بالنا منها Scanner must first find the page in order to find the vulnerability! How well does the scanner support redirects? AJAX? Lots of details in this section for developers who would like to improve their scanners!
  • #24  دي النقطة المهمة واللي هي اكتشاف الثغرات الأهم من كدا اكتضاف المعلومات....الاي بي الهوست نيم الهيدر بيقبل شنو وما بقبل شنو.. دي نقاط مهمة شديد هل هو قابل لاكتشاف الاي بي والكوكيز واكتشاف مشاكل ال
  • #25 الفئة المستهدفة هي المبرمجين.. وقلنا انو المبرمجين بعرفو يبرمجو لكن ما بعرف مفاهيم السكيورتي فلازم نوفر ليو تقرير يوضح المشكلة بصورة كويسة وطريقة حلها
  • #26 من التعريف قلنا انو السكانر بعرف الثغرات عن طريق التلاعب بالـ http ودي أصلا النقطة العن طريقها بتكتشف اغلب الثغرات. مثلا
  • #27 دا كود.. خليكم منو... اهم حاجة الحتة بتاعت اللون الأحمر دي ... ان شاء الله الناس شايفاها..
  • #29 االمكونات الأساسية لكل سكانر زي ما قلنا.... بدعم البرتكولات والاختلافات البرمجية بعمل زحف علي كل الموقع لانو ما ممكن يكتشف ثغرة في حتة هو ما عارفا إمكانيات التحكم في السكان والحالة بتاعتو...بالاضافة لامكانية التعديل... والريبورت و