SlideShare a Scribd company logo

Intro to IronWASP

n|u - The Open Security Community
n|u - The Open Security Community

null Hyderabad Chapter - April 2014 Meet

EducationTechnology
1 of 13
Download to read offline
Intro to IronWASP -- ABHIJETH DUGGINAPEDDI
Hello Time to brag: Security Consultant at TCS for bread and butter Love speaking and training Got lucky with Google, Y!, Microsoft, Twitter .. Etc Love anime and politics !! Trying to contribute to the security community and start-ups in Hyd. Abhijeth Dugginapeddi www.abhijeth.com @abhijeth Fb.com/abhijethd
For the next 40 minutes Why What is How to use Pentesting with Few comparisons between IronWASP and Burpsuite Resources and Credits
What does it do??  Vulnerability Scanner  Intelligent crawler  Checks for OWASP top 10 and Sans top 25  Extensible via plug-ins or modules in Python, Ruby, C# or VB.NET  False positive detection  Generate reports in HTML and RTF formats
Why the developers think that the tool is great??  Powerful and effective  WiHawk - WiFi Router Vulnerability Scanner by  XmlChor - Automatic XPATH Injection Exploitation Tool IronSAP - SAP Security Scanner SSL Security Checker - Scanner to discover vulnerabilities in SSL installations  OWASP Skanda - Automatic SSRF Exploitation Tool  CSRF PoC Generator - Tool for automatically generating exploits for CSRF vulnerabilities  HAWAS - Tool for automatically detecting and decoding encoded strings and hashes in websites
Why do I like it??  HP WebInspect 10.0 starts at $1,500 and is licensed per application  IBM Appscan Singe User 4500$  IBM Appscan enterprise 155,000$  Acunetix 1 year 3195$  Acunetix with maintenance 5995$  BurpSuite Professional per year 299$
And ..  Nice framework  Simple to use  No rocket science required  Good for beginners  Good for companies to use during low budget projects  Little better than other free tools  Finally, developed by an Indian researcher. Support him !!
Questions ???
Special thanks Resources : http://blog.ironwasp.org/ And his team: WiHawk Anamika Singh XmlChor Harshal Jamdade IronSAP Prasanna K SSL Security Checker Manish Saindane OWASP Skanda Jayesh Singh Chauhan CSRF PoC Generator Jayesh Singh Chauhan Lavakumar Kuppan @lavakumark Founder of the IronWASP Project. Author of many Security Tools.
Lets catch up: Fb.com/abhijethd @abhijeth www.abhijeth.com Also thank you www.null.co.in fb.com/nullhyd @nullhyd

Recommended

ESAPI
ESAPIESAPI
ESAPIn|u - The Open Security Community
 
Esapi
EsapiEsapi
EsapiSatish Govindappa
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shAPIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shapidays
 
Automating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumAutomating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumSauce Labs
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaEdureka!
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”Moshiul Islam, CISSP, CISA, CFE
 

Recommended

ESAPI
ESAPIESAPI
ESAPIn|u - The Open Security Community
 
Esapi
EsapiEsapi
EsapiSatish Govindappa
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shAPIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shapidays
 
Automating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumAutomating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumSauce Labs
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaEdureka!
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”Moshiul Islam, CISSP, CISA, CFE
 
Mobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumMobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumSelenium Cucumber
 
What is Sauce Labs?
What is Sauce Labs? What is Sauce Labs?
What is Sauce Labs? Sauce Labs
 
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Edureka!
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumSauce Labs
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application SecurityShahee Mirza
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
Introduction To Appium With Robotframework
Introduction To Appium With RobotframeworkIntroduction To Appium With Robotframework
Introduction To Appium With RobotframeworkSyam Sasi
 
Testing on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesTesting on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesSauce Labs
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
Selenium, Appium, and Robots!
Selenium, Appium, and Robots!Selenium, Appium, and Robots!
Selenium, Appium, and Robots!hugs
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Lorenzo Barbieri
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsIsaac Murchie
 
Testing Native iOS Apps with Appium
Testing Native iOS Apps with AppiumTesting Native iOS Apps with Appium
Testing Native iOS Apps with AppiumSauce Labs
 
Wheat - Mobile functional test automation
Wheat - Mobile functional test automationWheat - Mobile functional test automation
Wheat - Mobile functional test automationSunny Tambi
 
Modern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioModern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioMarios Fakiolas
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation42Crunch
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016Dan Cuellar
 
Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Sauce Labs
 
Everything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumEverything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumLizzy Guido (she/her)
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-In|u - The Open Security Community
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinuxRene Cunningham
 

More Related Content

What's hot

Mobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumMobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumSelenium Cucumber
 
What is Sauce Labs?
What is Sauce Labs? What is Sauce Labs?
What is Sauce Labs? Sauce Labs
 
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Edureka!
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumSauce Labs
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application SecurityShahee Mirza
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
Introduction To Appium With Robotframework
Introduction To Appium With RobotframeworkIntroduction To Appium With Robotframework
Introduction To Appium With RobotframeworkSyam Sasi
 
Testing on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesTesting on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesSauce Labs
 
Selenium, Appium, and Robots!
Selenium, Appium, and Robots!Selenium, Appium, and Robots!
Selenium, Appium, and Robots!hugs
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Lorenzo Barbieri
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsIsaac Murchie
 
Testing Native iOS Apps with Appium
Testing Native iOS Apps with AppiumTesting Native iOS Apps with Appium
Testing Native iOS Apps with AppiumSauce Labs
 
Wheat - Mobile functional test automation
Wheat - Mobile functional test automationWheat - Mobile functional test automation
Wheat - Mobile functional test automationSunny Tambi
 
Modern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioModern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioMarios Fakiolas
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation42Crunch
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016Dan Cuellar
 
Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Sauce Labs
 
Everything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumEverything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumLizzy Guido (she/her)
 

What's hot (20)

Mobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumMobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appium
 
What is Sauce Labs?
What is Sauce Labs? What is Sauce Labs?
What is Sauce Labs?
 
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & Appium
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application Security
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
 
Introduction To Appium With Robotframework
Introduction To Appium With RobotframeworkIntroduction To Appium With Robotframework
Introduction To Appium With Robotframework
 
Testing on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesTesting on Mobile Devices with Location Services
Testing on Mobile Devices with Location Services
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
Selenium, Appium, and Robots!
Selenium, Appium, and Robots!Selenium, Appium, and Robots!
Selenium, Appium, and Robots!
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce Labs
 
Testing Native iOS Apps with Appium
Testing Native iOS Apps with AppiumTesting Native iOS Apps with Appium
Testing Native iOS Apps with Appium
 
Wheat - Mobile functional test automation
Wheat - Mobile functional test automationWheat - Mobile functional test automation
Wheat - Mobile functional test automation
 
Modern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioModern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressio
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016
 
Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)
 
Everything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumEverything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and Selenium
 

Viewers also liked

Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)cnokia
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMfaraz hussain
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Wlad1m1r
 
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourCyren, Inc
 
Pyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringPyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringIshan Girdhar
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsAugust Detlefsen
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
Windows Azure Versioning Strategies
Windows Azure Versioning StrategiesWindows Azure Versioning Strategies
Windows Azure Versioning StrategiesPavel Revenkov
 
Wcf security session 1
Wcf security session 1Wcf security session 1
Wcf security session 1Anil Kumar M
 
Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)Marc Wickenden
 

Viewers also liked (20)

Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-I
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinux
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEM
 
Operating system security
Operating system securityOperating system security
Operating system security
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011
 
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
 
Paypal-IPN
Paypal-IPNPaypal-IPN
Paypal-IPN
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an Hour
 
IronSAP
IronSAP IronSAP
IronSAP
 
Pyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringPyscho-Strategies for Social Engineering
Pyscho-Strategies for Social Engineering
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Windows Azure Versioning Strategies
Windows Azure Versioning StrategiesWindows Azure Versioning Strategies
Windows Azure Versioning Strategies
 
Wcf security session 1
Wcf security session 1Wcf security session 1
Wcf security session 1
 
Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)
 

Similar to Intro to IronWASP

Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1Gabriel Ortiz
 
Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2Brian Pichman
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Apigee | Google Cloud
 
03_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB201903_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB2019Kumton Suttiraksiri
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
We-Donut.io presentation of Platform
We-Donut.io presentation of PlatformWe-Donut.io presentation of Platform
We-Donut.io presentation of PlatformDennis Reurings
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfsivaganeshsivakumar1
 
AsyncAPI specification
AsyncAPI specificationAsyncAPI specification
AsyncAPI specificationfmvilas
 
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...WordCamp Kathmandu
 
Speaking APIsh makes your business more agile
Speaking APIsh makes your business more agileSpeaking APIsh makes your business more agile
Speaking APIsh makes your business more agileMarjukka Niinioja
 
Creating Datadipity
Creating DatadipityCreating Datadipity
Creating DatadipityClickslide
 
NZCS Cloud Computing Presentation
NZCS Cloud Computing PresentationNZCS Cloud Computing Presentation
NZCS Cloud Computing PresentationAbhinav Keswani
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open StandardsAPIsecure_ Official
 
Tastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierTastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierHarvard Web Working Group
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014openi_ict
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014Michael Petychakis
 
The Open Source... Behind the Tweets
The Open Source... Behind the TweetsThe Open Source... Behind the Tweets
The Open Source... Behind the TweetsChris Aniszczyk
 

Similar to Intro to IronWASP (20)

Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1
 
Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.
 
03_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB201903_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB2019
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
 
We-Donut.io presentation of Platform
We-Donut.io presentation of PlatformWe-Donut.io presentation of Platform
We-Donut.io presentation of Platform
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdf
 
AsyncAPI specification
AsyncAPI specificationAsyncAPI specification
AsyncAPI specification
 
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
 
Speaking APIsh makes your business more agile
Speaking APIsh makes your business more agileSpeaking APIsh makes your business more agile
Speaking APIsh makes your business more agile
 
Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days
 
Creating Datadipity
Creating DatadipityCreating Datadipity
Creating Datadipity
 
The impact of IoT on APIs
The impact of IoT on APIsThe impact of IoT on APIs
The impact of IoT on APIs
 
NZCS Cloud Computing Presentation
NZCS Cloud Computing PresentationNZCS Cloud Computing Presentation
NZCS Cloud Computing Presentation
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
 
Tastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierTastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work Easier
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014
 
The Open Source... Behind the Tweets
The Open Source... Behind the TweetsThe Open Source... Behind the Tweets
The Open Source... Behind the Tweets
 
Your API is not a Website!
Your API is not a Website!Your API is not a Website!
Your API is not a Website!
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 

Recently uploaded (20)

Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 

Intro to IronWASP

  • 1. Intro to IronWASP -- ABHIJETH DUGGINAPEDDI
  • 2. Hello Time to brag: Security Consultant at TCS for bread and butter Love speaking and training Got lucky with Google, Y!, Microsoft, Twitter .. Etc Love anime and politics !! Trying to contribute to the security community and start-ups in Hyd. Abhijeth Dugginapeddi www.abhijeth.com @abhijeth Fb.com/abhijethd
  • 3. For the next 40 minutes Why What is How to use Pentesting with Few comparisons between IronWASP and Burpsuite Resources and Credits
  • 4.
  • 5. What does it do??  Vulnerability Scanner  Intelligent crawler  Checks for OWASP top 10 and Sans top 25  Extensible via plug-ins or modules in Python, Ruby, C# or VB.NET  False positive detection  Generate reports in HTML and RTF formats
  • 6.
  • 7. Why the developers think that the tool is great??  Powerful and effective  WiHawk - WiFi Router Vulnerability Scanner by  XmlChor - Automatic XPATH Injection Exploitation Tool IronSAP - SAP Security Scanner SSL Security Checker - Scanner to discover vulnerabilities in SSL installations  OWASP Skanda - Automatic SSRF Exploitation Tool  CSRF PoC Generator - Tool for automatically generating exploits for CSRF vulnerabilities  HAWAS - Tool for automatically detecting and decoding encoded strings and hashes in websites
  • 8. Why do I like it??  HP WebInspect 10.0 starts at $1,500 and is licensed per application  IBM Appscan Singe User 4500$  IBM Appscan enterprise 155,000$  Acunetix 1 year 3195$  Acunetix with maintenance 5995$  BurpSuite Professional per year 299$
  • 9. And ..  Nice framework  Simple to use  No rocket science required  Good for beginners  Good for companies to use during low budget projects  Little better than other free tools  Finally, developed by an Indian researcher. Support him !!
  • 10.
  • 12. Special thanks Resources : http://blog.ironwasp.org/ And his team: WiHawk Anamika Singh XmlChor Harshal Jamdade IronSAP Prasanna K SSL Security Checker Manish Saindane OWASP Skanda Jayesh Singh Chauhan CSRF PoC Generator Jayesh Singh Chauhan Lavakumar Kuppan @lavakumark Founder of the IronWASP Project. Author of many Security Tools.
  • 13. Lets catch up: Fb.com/abhijethd @abhijeth www.abhijeth.com Also thank you www.null.co.in fb.com/nullhyd @nullhyd