SlideShare a Scribd company logo

Exploring web vulnerabilities

Information Technology Society Nepal
Information Technology Society Nepal

This presentation introduces common web vulnerabilities and tools for analyzing them. It aims to raise awareness of software quality issues rather than enable harm. The objectives are to define top vulnerabilities, review vulnerability scanning and analysis tools in a demonstration, and analyze the results report. Web vulnerabilities are widespread, with thousands of attack sites and hundreds of thousands of infected sites discovered monthly. The presentation establishes that no software is completely secure and emphasizes maintaining a high level of security through understanding vulnerabilities and using analysis tools.

Technology
1 of 16
Exploring Web Vulnerabilities
Purpose Of This Presentation For Awareness in Software Quality Strictly not for wrong use, I hope that you will be using it for SQA purpose and not to damage or harm any one’s intellectual property
Vote of thanks • ITS Nepal • BRAINDIGIT IT Solution • OWASP • OWASP Nepal • SQA Professionals
Objectives • Introduction • Top vulnerabilities • Top Tools • Demo (vulnerability scanning and analysis) • Analysis of report
Nearly 11K Attack sites are discovered monthly Nearly 150 K Infected sites are Discovered Monthly Ie nearly 5000 sites are infected daily Ie nearly 3 sites are infected per minute
Introduction • No software is 100% bug free • So as your site is • Difference is in level of security maintained
Lock Demonstration 1st lock is the simplest lock that can be broken easily and by huge mass of people(x). 2nd lock is bit more complex and can be broken by(x-10,000) no of people. 3rd lock is most complex and can be broken by few people on earth lets say 2 people
Familiar words
Tools
Demo • With joomscan • With Acunetix
LET’S ANALYSIS THE REOPRT WE HAVE NOW
The Hard Part Analysing the report of Automation (15-500 pgs) Analysing False Positives and Negatives (everything seems true) N Fixing The Holes
Web security Doesn't only depend on Security of servers Or Security of Application But to Whole Echo System of WEB Let’s Try More with our little knowledge
Thanking You

Recommended

Narain exploring web vulnerabilities
Narain exploring web vulnerabilitiesNarain exploring web vulnerabilities
Narain exploring web vulnerabilitiesEr. Narayan Koirala
 
Javelin Proactively Contains
Javelin Proactively Contains Javelin Proactively Contains
Javelin Proactively Contains Brian Campbell
 
To see things others can't - APTs, Incident Response, DDoS
To see things others can't - APTs, Incident Response, DDoSTo see things others can't - APTs, Incident Response, DDoS
To see things others can't - APTs, Incident Response, DDoSMarco Gioanola
 
IT Security Basics For Managers
IT Security Basics For ManagersIT Security Basics For Managers
IT Security Basics For ManagersDaniel Owens
 
What is keylogger
What is keyloggerWhat is keylogger
What is keyloggerhilarypark97
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Metasploit
MetasploitMetasploit
MetasploitParth Sahu
 
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...North Texas Chapter of the ISSA
 

Recommended

Narain exploring web vulnerabilities
Narain exploring web vulnerabilitiesNarain exploring web vulnerabilities
Narain exploring web vulnerabilitiesEr. Narayan Koirala
 
Javelin Proactively Contains
Javelin Proactively Contains Javelin Proactively Contains
Javelin Proactively Contains Brian Campbell
 
To see things others can't - APTs, Incident Response, DDoS
To see things others can't - APTs, Incident Response, DDoSTo see things others can't - APTs, Incident Response, DDoS
To see things others can't - APTs, Incident Response, DDoSMarco Gioanola
 
IT Security Basics For Managers
IT Security Basics For ManagersIT Security Basics For Managers
IT Security Basics For ManagersDaniel Owens
 
What is keylogger
What is keyloggerWhat is keylogger
What is keyloggerhilarypark97
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Metasploit
MetasploitMetasploit
MetasploitParth Sahu
 
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...North Texas Chapter of the ISSA
 
Power of logs: practices for network security
Power of logs: practices for network securityPower of logs: practices for network security
Power of logs: practices for network securityInformation Technology Society Nepal
 
7 Beautiful Lakes of Nepal
7 Beautiful Lakes of Nepal7 Beautiful Lakes of Nepal
7 Beautiful Lakes of NepalCrew Justice
 
Information security
Information securityInformation security
Information securityInformation Technology Society Nepal
 
Where should I be encrypting my data?
Where should I be encrypting my data? Where should I be encrypting my data?
Where should I be encrypting my data? Information Technology Society Nepal
 
11 interesting facts about nepal which will amuse
11 interesting facts about nepal which will amuse11 interesting facts about nepal which will amuse
11 interesting facts about nepal which will amuseCrew Justice
 
Cyber law in nepal and implementation
Cyber law in nepal and implementationCyber law in nepal and implementation
Cyber law in nepal and implementationInformation Technology Society Nepal
 
Top 10 Interesting and Amazing facts about Nepal
Top 10 Interesting and Amazing facts about NepalTop 10 Interesting and Amazing facts about Nepal
Top 10 Interesting and Amazing facts about NepalTech OneStop
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersDEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersFelipe Prado
 
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareUNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareSajjad "JJ" Arshad
 
Luis Grangeia IBWAS
Luis Grangeia IBWASLuis Grangeia IBWAS
Luis Grangeia IBWASLuis Grangeia
 
IBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's StandpointIBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's StandpointLuis Grangeia
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...Orbid
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing toolmedoelkang600
 
1 (20 files merged).ppt
1 (20 files merged).ppt1 (20 files merged).ppt
1 (20 files merged).pptseshas1
 
Te chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityTe chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityKartik Rao
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat RansomwareIvanti
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 

More Related Content

Viewers also liked

7 Beautiful Lakes of Nepal
7 Beautiful Lakes of Nepal7 Beautiful Lakes of Nepal
7 Beautiful Lakes of NepalCrew Justice
 
11 interesting facts about nepal which will amuse
11 interesting facts about nepal which will amuse11 interesting facts about nepal which will amuse
11 interesting facts about nepal which will amuseCrew Justice
 
Top 10 Interesting and Amazing facts about Nepal
Top 10 Interesting and Amazing facts about NepalTop 10 Interesting and Amazing facts about Nepal
Top 10 Interesting and Amazing facts about NepalTech OneStop
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 

Viewers also liked (8)

Power of logs: practices for network security
Power of logs: practices for network securityPower of logs: practices for network security
Power of logs: practices for network security
 
7 Beautiful Lakes of Nepal
7 Beautiful Lakes of Nepal7 Beautiful Lakes of Nepal
7 Beautiful Lakes of Nepal
 
Information security
Information securityInformation security
Information security
 
Where should I be encrypting my data?
Where should I be encrypting my data? Where should I be encrypting my data?
Where should I be encrypting my data?
 
11 interesting facts about nepal which will amuse
11 interesting facts about nepal which will amuse11 interesting facts about nepal which will amuse
11 interesting facts about nepal which will amuse
 
Cyber law in nepal and implementation
Cyber law in nepal and implementationCyber law in nepal and implementation
Cyber law in nepal and implementation
 
Top 10 Interesting and Amazing facts about Nepal
Top 10 Interesting and Amazing facts about NepalTop 10 Interesting and Amazing facts about Nepal
Top 10 Interesting and Amazing facts about Nepal
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 

Similar to Exploring web vulnerabilities

DEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersDEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersFelipe Prado
 
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareUNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareSajjad "JJ" Arshad
 
IBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's StandpointIBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's StandpointLuis Grangeia
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...Orbid
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing toolmedoelkang600
 
1 (20 files merged).ppt
1 (20 files merged).ppt1 (20 files merged).ppt
1 (20 files merged).pptseshas1
 
Te chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityTe chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityKartik Rao
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat RansomwareIvanti
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Vulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq HanayshaVulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq HanayshaHanaysha
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Setia Juli Irzal Ismail
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 

Similar to Exploring web vulnerabilities (20)

DEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersDEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testers
 
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareUNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
 
Luis Grangeia IBWAS
Luis Grangeia IBWASLuis Grangeia IBWAS
Luis Grangeia IBWAS
 
IBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's StandpointIBWAS 2010: Web Security From an Auditor's Standpoint
IBWAS 2010: Web Security From an Auditor's Standpoint
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 
Metasploit Computer security testing tool
Metasploit Computer security testing toolMetasploit Computer security testing tool
Metasploit Computer security testing tool
 
1 (20 files merged).ppt
1 (20 files merged).ppt1 (20 files merged).ppt
1 (20 files merged).ppt
 
Te chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityTe chnical presentation networkexploits and security
Te chnical presentation networkexploits and security
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
Vulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq HanayshaVulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq Hanaysha
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Metaploit
MetaploitMetaploit
Metaploit
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
 

Recently uploaded

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Exploring web vulnerabilities

  • 2. Purpose Of This Presentation For Awareness in Software Quality Strictly not for wrong use, I hope that you will be using it for SQA purpose and not to damage or harm any one’s intellectual property
  • 3. Vote of thanks • ITS Nepal • BRAINDIGIT IT Solution • OWASP • OWASP Nepal • SQA Professionals
  • 4. Objectives • Introduction • Top vulnerabilities • Top Tools • Demo (vulnerability scanning and analysis) • Analysis of report
  • 5.
  • 6. Nearly 11K Attack sites are discovered monthly Nearly 150 K Infected sites are Discovered Monthly Ie nearly 5000 sites are infected daily Ie nearly 3 sites are infected per minute
  • 7.
  • 8. Introduction • No software is 100% bug free • So as your site is • Difference is in level of security maintained
  • 9. Lock Demonstration 1st lock is the simplest lock that can be broken easily and by huge mass of people(x). 2nd lock is bit more complex and can be broken by(x-10,000) no of people. 3rd lock is most complex and can be broken by few people on earth lets say 2 people
  • 11. Tools
  • 12. Demo • With joomscan • With Acunetix
  • 14. The Hard Part Analysing the report of Automation (15-500 pgs) Analysing False Positives and Negatives (everything seems true) N Fixing The Holes
  • 15. Web security Doesn't only depend on Security of servers Or Security of Application But to Whole Echo System of WEB Let’s Try More with our little knowledge