Rumeysa Bozdemir is an IT security specialist and leader of the OWASP Istanbul chapter. She provides information about OWASP, an open source organization that works to improve software security. She discusses the tool Burp Suite, explaining that it is a Java-based web proxy used for web application testing. She then gives steps on how to use Burp Suite to perform a brute force attack on a login page of a target web application.

1. @owaspistanbul - rumeysabozdemir@gmail.com

2. RUMEYSA BOZDEMİR
• Computer Programming - Associate Degree
• Management Information System - Bachelor’s Degree
• ITIL 4 Foundation Certificate in IT Service Management
• ISO27001 LA - CQI|IRCA
• C|EH - EC - Council
• IT Expertise – BEM
• Cyber Security Specialist – TUBITAK
• OWASP Chapter Leaders - Istanbul
@owaspistanbul - rumeysabozdemir@gmail.com

3. OWASP
• Kar amacı gütmeyen ve yazılım güvenliğini artırmak için çalışan bir
kuruluştur.
• Yaklaşık 20 yıldır hizmet vermektedir.
• Açık kaynak yazılım projeleri
• Yüzlerce yerel bölüm
• On binlerce üye
• Eğitim / Konferans
@owaspistanbul - rumeysabozdemir@gmail.com

4. OWASP
@owaspistanbul
@rumeysabzdmr
@owaspistanbul - rumeysabozdemir@gmail.com
@owaspistanbul

5. OWASP INFO
@owaspistanbul - rumeysabozdemir@gmail.com
• Burp Suite Nedir?
• Burp Suite Nasıl Kullanılır?
• Burp Suite ile Brufe Force Saldırısı Nasıl Yapılır?

6. OWASP | BURP SUİTE NEDİR?
@owaspistanbul - rumeysabozdemir@gmail.com
• JAVA dilinde yazılmıştır.
• Web Proxy uygulamasıdır.
• Web uygulama testlerinde kullanılır.

7. OWASP | BURP SUİTE NASIL KULLANILIR?
@owaspistanbul - rumeysabozdemir@gmail.com
https://portswigger.net/

8. OWASP | BURP SUİTE NASIL KULLANILIR?
@owaspistanbul - rumeysabozdemir@gmail.com
• Uygulama için ihtiyacımız olanlar;
• Metasploitable 2
• https://sourceforge.net/projects/metasploitable/files/latest/download
• Burp Suite Community Edition
• https://portswigger.net/burp/communitydownload
• Kali Linux
• https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/

9. OWASP | BURP SUİTE NASIL KULLANILIR?
@owaspistanbul - rumeysabozdemir@gmail.com
Kullanıcı Adı/Parola: msfadmin:msfadmin

10. OWASP | BURP SUİTE NASIL KULLANILIR?
@owaspistanbul - rumeysabozdemir@gmail.com
Metasploitable 2 makinasını tarayıcı ile ziyaret et.

11. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com
Hedef Web Uygulaması

12. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

13. OWASP | PROXY AYARI
@owaspistanbul - rumeysabozdemir@gmail.com

14. OWASP | PROXY AYARI
@owaspistanbul - rumeysabozdemir@gmail.com

15. OWASP | PROXY AYARI
@owaspistanbul - rumeysabozdemir@gmail.com

16. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

17. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

18. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

19. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

20. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

21. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

22. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

23. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

24. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

25. OWASP | BRUFE FORCE SALDIRISI
@owaspistanbul - rumeysabozdemir@gmail.com

26. OWASP
@owaspistanbul
@rumeysabzdmr
@owaspistanbul - rumeysabozdemir@gmail.com
@owaspistanbul

27. OWASP
@owaspistanbul - rumeysabozdemir@gmail.com

28. KAYNAKLAR
@owaspistanbul - rumeysabozdemir@gmail.com
• https://docs.rapid7.com/metasploit/metasploitable-2/
• https://sourceforge.net/projects/metasploitable/files/latest/downloa
d
• https://portswigger.net/burp/communitydownload
• https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-
image-download/
• https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
• https://portswigger.net/support/using-burp-to-brute-force-a-login-
page