SlideShare a Scribd company logo

Web application Testing

OWASP Foundation
OWASP Foundation

Before start testing web site it’s very important to know about which all testing methods needs to cover. # The current state of the penetration test practice is far from optimal # Automating them may bring them to a new level of quality # But in doing so we will face many technical problems # It may be a new challenge for the IS industry in the near future

1 of 56
Web Application Penetration Tests: A new challenge for the IT industry? By:
Agenda  The PenetrationTest  Problems in the current PenetrationTest practice  Automating PenetrationTests  TheTechnical Challenges  Overcoming theTechnical Challenges  Conclusiones
The PenetrationTest
The Penetration Test  What is it?  What is it good for?  How is it actually done?
 Black Art or Science?  A penetration test is a method of evaluating the security of a computer system or network by simulating an attack. AWeb Application Penetration Test focuses only on evaluating the security of a web application.The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. (OWASP)  Targets the legitimate business functions users use everyday.  The supporting infrastructure is generally off limits  It is not a code review What isWebApplicationTesting?
Common Misnomers “Our site is safe”:  We have firewalls in place  We encrypt our data  We have IDS / IPS  We have a privacy policy WhyTest?
 The firewall is going to let them in  Encryption will hide most of the attacks  Privacy? Like they care! Your Front Door Hacker
How does it work? Xyz.pqr.com Data Base Server Firewall IDS / IPS SQL injection over HTTPS (port 443) Network Security Controls Database returns Account Passwords
OWASPTen Vulnerability / OWASP Enterprise Security API)
Key Underlying Concepts from our Definition  “Localized”  Implies definition of scope  “Time-constrained”  A pentest does not last forever  “Attempt to breach the security”  A pentest is not a full security audit  “Using the attacker’s techniques”  Implies definition of the attacker’s role
Requirement s and Goal  Scope  Security architecture  Attacker’s profile  Results
The Goal  To improve information security awareness  To assess risk  To mitigate risk immediately  To reinforce the IS process  To assist in decision making processes
The Scope: What will be tested?  IT infrastructure  Security architecture  Prevention capabilities  Detection capabilities  Response capabilities  Policies and procedures  Business processes
The Scope: When it will be tested? Start Duration  Weakest/Strongest moment  Normal operational state  Periodically, random date within limits  Before/After specific projects
Security Architecture  Security Infrastructure (PKI/FWs/IDSes)  Network security  Host security  Workstation security  Application security  Physical security  Human security
The Attacker’s Profile  External  With zero previous knowledge  With some degree of knowledge  Internal  With zero previous knowledge  With some degree of knowledge  Associate
The Result: Final Report  Clear description of scope and methodology  Reproducible and accountable process  High level analysis and description (suitable for upper/non technical management)  General recommendations and conclusions  Detailed findings
Information Gathering How is it usually done?  Information Gathering  Information Analysis and Planning  Vulnerability Detection  Penetration  Attack/Privilege Escalation  Analysis and reporting  Clean-up Vulnerability Detection Penetration Attack/ Privilege Escalation Information Analysis and Planning Analysis and Reporting Clean Up
Information Gathering  Organizational intelligence  Access point discovery  Network discovery  Infrastructure fingerprinting
Information Analysis and Planning  Understanding of component relationships  High level attack planning  Target identification  Time & effort estimation  Alternative attacks
Vulnerability Detection  Automated vulnerability scanning  Manual scanning  In-house research  Target acquisition
Penetration Phase  Known/available exploit selection  Exploit customization  Exploit development  Exploit testing  Attack
Attack/ Privilege Escalation Phase  Final target compromise: SUCCESS!  Intermediate target: full compromise, pivoting  Intermediate target: partial compromise, pivoting  Point of attack/attacker profile switching  Back to information gathering phase
Clean Up Phase  Definition of specific clean up tasks  Definition of specific clean up procedures  Clean up execution
Analysis and Reporting Phase  Information gathering and consolidation  Analysis and extraction of general conclusions and recommendations  Generation of deliverables  Final presentation
Problems in the current penetration test practice
Information Gathering Phase: OK  Public organization information  M&A, SEC fillings, patent grants,etc.  Job openings  Employee information  Web browsing  Web crawling  Mailing list and newsgroups posts  Nmap, traceroute, firewall, ping sweeps, etc  NIC registrations  DNS records  SNMP scanning  OS fingerprinting  Banner grabbing  War dialers  Social engineering  Dumpster diving  Etcetera
Information Analysis and Planning Phase: Not OK  Difficult and time consuming task of consolidating all the information gathered and extract high level conclusions that will help to define an attack strategy  Hard to keep an up to date general overview of the components and their interaction  No specific tools aimed at addressing this phase  Experienced and knowledgeable resources required for this stage, overall time constraint could limit the extent of their work  No formal processes or tools to help estimate time and efforts
Vulnerability Detection Phase: OK  Large variety of tools available:  CommercialVulnerability scanners  Free & Open source scanners  Application level testing tools  OS specific testing tools  Large amount of information available:  Publicly known vulnerability information  Vulnerability database  Various sources of security advisories (vendors, CERTs, information security companies, etc.)  SecurityFocus.com  Bugtraq, NT bugtraq, pentest mailing list  Newsgroups, papers, CVE  In-house research is not avoidable
Penetration Phase: Not OK  Although there are some tools available, they generally require customization and testing  Publicly available exploits are generally unreliable and require customization and testing (quick hacks, proof of concept code)  In-house developed exploits are generally aimed at specific tasks or pen test engagements (mostly due to time constraints)  Knowing that a vulnerability exist does not always imply that it can be exploited easily, thus it is not possible to successfully penetrate even though it is theoretically possible (weakens the overall result of the engagement)  Knowledge and specialization required for exploit and tool development  Considerable lab infrastructure required for successful research, development and testing (platforms, OS flavors, OS versions, applications, networking equipment, etc.)
Attack/ Privilege Escalation Phase: Not OK  Some tools and exploits available, usually require customization and testing (local host exploits, backdoors, sniffers, sniffing/spoofing libraries, etc.)  Monotonous and time consuming task: setting up the new “acquired” vantage point (installing software and tools, compiling for the new platforms, taking into account configuration specific details, etc.)  Pivoting might be a key part for success in a pen test yet it is the less formalized process  Considerable lab infrastructure required for research, development, customization and testing
Analysis and Reporting Phase: Not OK  Maintaining a record of all actions, commands, inputs and outputs of all tasks performed during the pentest is left as methodology to be enforced by the team members, that does not guarantee accountability and compliance.  Gathering and consolidating all the log information from all phases, including all the program and tools used, is time consuming, boring and prone to error  Organizing the information in a format suitable for analysis and extraction of high level conclusions and recommendations is not trivial  Analysis and definitions for general conclusions and recommendations require experienced and knowledgeable resources  The actual writing of final reports is usually considered the boring leftovers of the penetration test, security expertise and experience is required to ensure quality but such resources could be better assigned to more promising endeavors  No specialized tools dedicated to cover the issues raised above
Clean Up Phase: Not OK  A detailed and exact list of all actions performed must be kept, yet there are just rudimentary tools for this  Clean up of compromised hosts must be done securely and without affecting normal operations (if possible)  The clean up process should be verifiable and non- repudiable, the current practice does not address this problem.  Often clean up is left as a backup restore job for the pentest customer, affecting normal operations and IT resources.
Automating PenetrationTests
Automating Penetration Tests  Why?  What is it good for?  What are the technical challenges?  How could they be addressed?
Rationale  Penetration tests are becoming a common practice that involve a mix of hacker handiwork, monotonous tasks and non formal knowledge. Automating penetration tests will bring professionalism to the practice.
APT: What is it good for?  To make available valuable resources for the more important phases: high level overview and analysis, strategic attack planning, results analysis and recommendations.  To encompass all the penetration test phases under a single framework  To define and standardize the methodology  To enforce following of the methodology and ensure quality  To improve the security of the practice  To simplify and speed up monotonous and time consuming tasks
TheTechnical Challenges
The Technical Challenges (1/3)  Modeling penetration testing, considering all phases in an intuitive and usable fashion  Building a tool that reflects the model capable of adopting arbitrary methodologies defined and redefined by the user  Development and maintenance of a wide range of exploits for different platforms, operating systems and applications and multiple combinations of versions
The Technical Challenges (2/3)  Assurance that the developed code is functional under different network and host configurations (reliability)  Addressing the attack/privilege escalation phase in a seamless way.  Handling interactions between different exploits  Building a framework that lets the team develop and customize new or existing exploits quickly
The Technical Challenges (3/3)  Not having to re-invent the wheel each time a new vulnerability is discovered  Keeping such a beast manageable in terms of size and complexity  Providing different degrees of ‘stealth-ness’ (to comply with pen-test requirements)  Having autonomous capabilities (worm-like?)  Having mechanism for acquiring and reusing knowledge and experience from successive penetration tests
And more…  Buffer overflows  Exec/no-exec stack  Multiple platforms/Multiple Operating systems  Encoding, compression, encryption, etc.  Sniffing/Spoofing  IP Stack based attacks
Overcoming the technical challenges
The model  Simplify and abstract all the components of the system and their relations  Provide a base on which to construct  Provide a common language to talk about the different components
The model Agent Host Network Host Host Network HostHost NetService Account NetService Agent Module Module
Agents and Modules  Agents  “The pivoting point” or “the vantage point”  Run modules  Installable on any compromised host  Local stealth techniques for hiding (ala rootkit)  Some autonomy (worm-like) and limited life- span  Secure (shouldn’t render the client infrastructure more insecure than before the pentest)  Remotely control other agents  Clean up functionality (uninstall)  Modules  “Any executable task”  Information gathering, information analysis, attacks, reporting, scripting of other modules  Simple and easy to extend  Have every tool together, under the same framework
Syscall Proxying  Provides a uniform layer for the interaction with the underlying system  All modules ultimately access any resource through this layer  Changing this layer with a proxy effectively simulates the remote execution of the module Module Syscall stub Local server Remote server Local execution remote execution RPC
Using a Virtual Machine  Isolates the particular characteristics of the “pivoting host” platform from the module  This effectively eliminates all the burden related to the setup of a vantage point  Just port theVM  Provides a comfortable environment for the development of new exploits  Productivity is higher on interpreted languages than on compiled ones  Provides a simple way of scripting (automating) any task, even higher level ones  Lots of free and powerfulVMs are available (Perl, Python, Squeak)
APIs and Helpers Libraries  Any common and general use functionality related to the coding of exploits should evolve into an API  Prioritizes code-reuse and sharing  Simplifies exploit code, focused on the particular vulnerability and not on common vulnerability- writing tasks  Makes the life of the exploit developer easier (just build on top of existing code)  API’s can evolve independently of written exploits  Some examples  Shellcode building for different platforms  Sniffing and packet parsing  Spoofing (packet crafting)  Application layer protocols  HTTP, FTP, DNS, SMTP, SNMP, etc
Component Communications  Use crypto protocols to provide privacy & mutual authentication  Define an abstract “transport” than can be interchangeable and mounted on top of any networking protocol  Firewall piercing  Fragmentation (recent ipf bug)  Application layer (HTTP, DNS)  Stealth  IDS evasion  Chaining (ala source-routing) of different transports in between agents  Provides a way of “jumping” between vantage points, allowing communication across diverse security domains (with different security policies)
Logging and Reporting  Since a single-tool / single-framework is used for all the pen-test related tasks, it’s easy to keep logs of every single activity  Use a common document format (such as XML) that can be easily transformed into what is best for the particular customer or that follows the company style (HTML, PDF, DOC)  Getting the information together and building a report can be done by a module that accesses the objects in the model
Scripting  Scripting of modules  Module “macros”  Autonomous action (for more worm-like attacks, or for scenarios where online communication with agents before compromise might not be possible)  A more constructive approach to module development. Build higher level attacks/strategies using available modules  If a scripting language is used (with aVM) is possible to take advantage of its capabilities to script the execution of modules
Knowledge Base  A database of information on common attack strategies and success configurations on common customer scenarios  Guidelines on how to do a specific pentest depending on target characteristics  IT Infrastructure: Platforms, Network characteristics, Firewalling strategy (screened host, packet filtering, appl. proxy, DMZ)  Technology:ASP, PHP, DCOM, SOAP, Perl-CGI, etc.  Business / Services: web portal, mail, online store, corporate services, etc.  Full activity logs  Easier to identify common strategies & trends along different projects
Conclusions
Conclusions  The current state of the penetration test practice is far from optimal  Automating them may bring them to a new level of quality  But in doing so we will face many technical problems  It may be a new challenge for the IS industry in the near future
ThankYou!

Recommended

Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
Won Ju Jub
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
Hadi Fadlallah
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
Chris Gates
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 

Recommended

Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
Won Ju Jub
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
Hadi Fadlallah
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
Chris Gates
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
Dmitry Evteev
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
Cyber 51 LLC
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
Rama krishna
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
dc612
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 
What is pentest
What is pentestWhat is pentest
What is pentest
itissolutions
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Nameen Singh
 
Penetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration TestingPenetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration Testing
eNinja Technologies
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
Sumedt Jitpukdebodin
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Hanaysha
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 

More Related Content

What's hot

Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
Dmitry Evteev
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
Cyber 51 LLC
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
Rama krishna
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
dc612
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
EndgameInc
 
What is pentest
What is pentestWhat is pentest
What is pentest
itissolutions
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Nameen Singh
 
Penetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration TestingPenetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration Testing
eNinja Technologies
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
Sumedt Jitpukdebodin
 

What's hot (20)

Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Penetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration TestingPenetration Testing Services, Penetration Testing
Penetration Testing Services, Penetration Testing
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
 

Viewers also liked

Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Hanaysha
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
NetSPI
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Vulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements inVulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements in
Keith G. Tidball
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
NetSPI
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
Thick client application security assessment
Thick client application security assessmentThick client application security assessment
Thick client application security assessment
Sanjay Kumar (Seeking options outside India)
 
PCI Guidance On Penetration Testing
PCI Guidance On Penetration TestingPCI Guidance On Penetration Testing
PCI Guidance On Penetration Testing
The Hacker News
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
Antonio Fontes
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
Harshit Singh Bhatia
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
gbud7
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
Surachai Chatchalermpun
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testing
Engr Md Yusuf Miah
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
Georgia Weidman
 

Viewers also liked (19)

Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
 
Attack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration TestingAttack All The Layers - What's Working in Penetration Testing
Attack All The Layers - What's Working in Penetration Testing
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Vulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements inVulnerability Assessment and Rapid Warning System Enhancements in
Vulnerability Assessment and Rapid Warning System Enhancements in
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
Thick client application security assessment
Thick client application security assessmentThick client application security assessment
Thick client application security assessment
 
PCI Guidance On Penetration Testing
PCI Guidance On Penetration TestingPCI Guidance On Penetration Testing
PCI Guidance On Penetration Testing
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Vulnerability Assessment Report
Vulnerability Assessment ReportVulnerability Assessment Report
Vulnerability Assessment Report
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Analysis of web application penetration testing
Analysis of web application penetration testingAnalysis of web application penetration testing
Analysis of web application penetration testing
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 

Similar to Web application Testing

Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
Nutan Kumar Panda
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
PivotPointSecurity
 
Risk Assessment Methodologies
Risk Assessment MethodologiesRisk Assessment Methodologies
Risk Assessment Methodologies
Philippe A. R. Schaeffer
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseFIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident Response
Anton Chuvakin
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011
dma1965
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
cscpconf
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Successful Software Projects - What you need to consider
Successful Software Projects - What you need to considerSuccessful Software Projects - What you need to consider
Successful Software Projects - What you need to consider
LloydMoore
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
penetration Tester
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar Tymoshyk
SoftServe
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
Nazar Tymoshyk, CEH, Ph.D.
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
Anton Chuvakin
 
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web TestingThe Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
Perfecto by Perforce
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
zapp0
 
Module 6.pptx
Module 6.pptxModule 6.pptx
Module 6.pptx
ssuser66c4d5
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
Sasha Nunke
 
CohenNancyPresentation.ppt
CohenNancyPresentation.pptCohenNancyPresentation.ppt
CohenNancyPresentation.ppt
mypc72
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
Ramya Nellutla
 

Similar to Web application Testing (20)

Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
Network Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision PointsNetwork Vulnerability Assessment: Key Decision Points
Network Vulnerability Assessment: Key Decision Points
 
Risk Assessment Methodologies
Risk Assessment MethodologiesRisk Assessment Methodologies
Risk Assessment Methodologies
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseFIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident Response
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Successful Software Projects - What you need to consider
Successful Software Projects - What you need to considerSuccessful Software Projects - What you need to consider
Successful Software Projects - What you need to consider
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar Tymoshyk
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
 
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web TestingThe Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
 
Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
 
Module 6.pptx
Module 6.pptxModule 6.pptx
Module 6.pptx
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
CohenNancyPresentation.ppt
CohenNancyPresentation.pptCohenNancyPresentation.ppt
CohenNancyPresentation.ppt
 
pentration testing.pdf
pentration testing.pdfpentration testing.pdf
pentration testing.pdf
 

Recently uploaded

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

Web application Testing

  • 1. Web Application Penetration Tests: A new challenge for the IT industry? By:
  • 2. Agenda  The PenetrationTest  Problems in the current PenetrationTest practice  Automating PenetrationTests  TheTechnical Challenges  Overcoming theTechnical Challenges  Conclusiones
  • 4. The Penetration Test  What is it?  What is it good for?  How is it actually done?
  • 5.  Black Art or Science?  A penetration test is a method of evaluating the security of a computer system or network by simulating an attack. AWeb Application Penetration Test focuses only on evaluating the security of a web application.The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. (OWASP)  Targets the legitimate business functions users use everyday.  The supporting infrastructure is generally off limits  It is not a code review What isWebApplicationTesting?
  • 6. Common Misnomers “Our site is safe”:  We have firewalls in place  We encrypt our data  We have IDS / IPS  We have a privacy policy WhyTest?
  • 7.  The firewall is going to let them in  Encryption will hide most of the attacks  Privacy? Like they care! Your Front Door Hacker
  • 8. How does it work? Xyz.pqr.com Data Base Server Firewall IDS / IPS SQL injection over HTTPS (port 443) Network Security Controls Database returns Account Passwords
  • 10. Key Underlying Concepts from our Definition  “Localized”  Implies definition of scope  “Time-constrained”  A pentest does not last forever  “Attempt to breach the security”  A pentest is not a full security audit  “Using the attacker’s techniques”  Implies definition of the attacker’s role
  • 11. Requirement s and Goal  Scope  Security architecture  Attacker’s profile  Results
  • 12. The Goal  To improve information security awareness  To assess risk  To mitigate risk immediately  To reinforce the IS process  To assist in decision making processes
  • 13. The Scope: What will be tested?  IT infrastructure  Security architecture  Prevention capabilities  Detection capabilities  Response capabilities  Policies and procedures  Business processes
  • 14. The Scope: When it will be tested? Start Duration  Weakest/Strongest moment  Normal operational state  Periodically, random date within limits  Before/After specific projects
  • 15. Security Architecture  Security Infrastructure (PKI/FWs/IDSes)  Network security  Host security  Workstation security  Application security  Physical security  Human security
  • 16. The Attacker’s Profile  External  With zero previous knowledge  With some degree of knowledge  Internal  With zero previous knowledge  With some degree of knowledge  Associate
  • 17. The Result: Final Report  Clear description of scope and methodology  Reproducible and accountable process  High level analysis and description (suitable for upper/non technical management)  General recommendations and conclusions  Detailed findings
  • 18. Information Gathering How is it usually done?  Information Gathering  Information Analysis and Planning  Vulnerability Detection  Penetration  Attack/Privilege Escalation  Analysis and reporting  Clean-up Vulnerability Detection Penetration Attack/ Privilege Escalation Information Analysis and Planning Analysis and Reporting Clean Up
  • 19. Information Gathering  Organizational intelligence  Access point discovery  Network discovery  Infrastructure fingerprinting
  • 20. Information Analysis and Planning  Understanding of component relationships  High level attack planning  Target identification  Time & effort estimation  Alternative attacks
  • 21. Vulnerability Detection  Automated vulnerability scanning  Manual scanning  In-house research  Target acquisition
  • 22. Penetration Phase  Known/available exploit selection  Exploit customization  Exploit development  Exploit testing  Attack
  • 23. Attack/ Privilege Escalation Phase  Final target compromise: SUCCESS!  Intermediate target: full compromise, pivoting  Intermediate target: partial compromise, pivoting  Point of attack/attacker profile switching  Back to information gathering phase
  • 24. Clean Up Phase  Definition of specific clean up tasks  Definition of specific clean up procedures  Clean up execution
  • 25. Analysis and Reporting Phase  Information gathering and consolidation  Analysis and extraction of general conclusions and recommendations  Generation of deliverables  Final presentation
  • 26. Problems in the current penetration test practice
  • 27. Information Gathering Phase: OK  Public organization information  M&A, SEC fillings, patent grants,etc.  Job openings  Employee information  Web browsing  Web crawling  Mailing list and newsgroups posts  Nmap, traceroute, firewall, ping sweeps, etc  NIC registrations  DNS records  SNMP scanning  OS fingerprinting  Banner grabbing  War dialers  Social engineering  Dumpster diving  Etcetera
  • 28. Information Analysis and Planning Phase: Not OK  Difficult and time consuming task of consolidating all the information gathered and extract high level conclusions that will help to define an attack strategy  Hard to keep an up to date general overview of the components and their interaction  No specific tools aimed at addressing this phase  Experienced and knowledgeable resources required for this stage, overall time constraint could limit the extent of their work  No formal processes or tools to help estimate time and efforts
  • 29. Vulnerability Detection Phase: OK  Large variety of tools available:  CommercialVulnerability scanners  Free & Open source scanners  Application level testing tools  OS specific testing tools  Large amount of information available:  Publicly known vulnerability information  Vulnerability database  Various sources of security advisories (vendors, CERTs, information security companies, etc.)  SecurityFocus.com  Bugtraq, NT bugtraq, pentest mailing list  Newsgroups, papers, CVE  In-house research is not avoidable
  • 30. Penetration Phase: Not OK  Although there are some tools available, they generally require customization and testing  Publicly available exploits are generally unreliable and require customization and testing (quick hacks, proof of concept code)  In-house developed exploits are generally aimed at specific tasks or pen test engagements (mostly due to time constraints)  Knowing that a vulnerability exist does not always imply that it can be exploited easily, thus it is not possible to successfully penetrate even though it is theoretically possible (weakens the overall result of the engagement)  Knowledge and specialization required for exploit and tool development  Considerable lab infrastructure required for successful research, development and testing (platforms, OS flavors, OS versions, applications, networking equipment, etc.)
  • 31. Attack/ Privilege Escalation Phase: Not OK  Some tools and exploits available, usually require customization and testing (local host exploits, backdoors, sniffers, sniffing/spoofing libraries, etc.)  Monotonous and time consuming task: setting up the new “acquired” vantage point (installing software and tools, compiling for the new platforms, taking into account configuration specific details, etc.)  Pivoting might be a key part for success in a pen test yet it is the less formalized process  Considerable lab infrastructure required for research, development, customization and testing
  • 32. Analysis and Reporting Phase: Not OK  Maintaining a record of all actions, commands, inputs and outputs of all tasks performed during the pentest is left as methodology to be enforced by the team members, that does not guarantee accountability and compliance.  Gathering and consolidating all the log information from all phases, including all the program and tools used, is time consuming, boring and prone to error  Organizing the information in a format suitable for analysis and extraction of high level conclusions and recommendations is not trivial  Analysis and definitions for general conclusions and recommendations require experienced and knowledgeable resources  The actual writing of final reports is usually considered the boring leftovers of the penetration test, security expertise and experience is required to ensure quality but such resources could be better assigned to more promising endeavors  No specialized tools dedicated to cover the issues raised above
  • 33. Clean Up Phase: Not OK  A detailed and exact list of all actions performed must be kept, yet there are just rudimentary tools for this  Clean up of compromised hosts must be done securely and without affecting normal operations (if possible)  The clean up process should be verifiable and non- repudiable, the current practice does not address this problem.  Often clean up is left as a backup restore job for the pentest customer, affecting normal operations and IT resources.
  • 35. Automating Penetration Tests  Why?  What is it good for?  What are the technical challenges?  How could they be addressed?
  • 36. Rationale  Penetration tests are becoming a common practice that involve a mix of hacker handiwork, monotonous tasks and non formal knowledge. Automating penetration tests will bring professionalism to the practice.
  • 37. APT: What is it good for?  To make available valuable resources for the more important phases: high level overview and analysis, strategic attack planning, results analysis and recommendations.  To encompass all the penetration test phases under a single framework  To define and standardize the methodology  To enforce following of the methodology and ensure quality  To improve the security of the practice  To simplify and speed up monotonous and time consuming tasks
  • 39. The Technical Challenges (1/3)  Modeling penetration testing, considering all phases in an intuitive and usable fashion  Building a tool that reflects the model capable of adopting arbitrary methodologies defined and redefined by the user  Development and maintenance of a wide range of exploits for different platforms, operating systems and applications and multiple combinations of versions
  • 40. The Technical Challenges (2/3)  Assurance that the developed code is functional under different network and host configurations (reliability)  Addressing the attack/privilege escalation phase in a seamless way.  Handling interactions between different exploits  Building a framework that lets the team develop and customize new or existing exploits quickly
  • 41. The Technical Challenges (3/3)  Not having to re-invent the wheel each time a new vulnerability is discovered  Keeping such a beast manageable in terms of size and complexity  Providing different degrees of ‘stealth-ness’ (to comply with pen-test requirements)  Having autonomous capabilities (worm-like?)  Having mechanism for acquiring and reusing knowledge and experience from successive penetration tests
  • 42. And more…  Buffer overflows  Exec/no-exec stack  Multiple platforms/Multiple Operating systems  Encoding, compression, encryption, etc.  Sniffing/Spoofing  IP Stack based attacks
  • 44. The model  Simplify and abstract all the components of the system and their relations  Provide a base on which to construct  Provide a common language to talk about the different components
  • 46. Agents and Modules  Agents  “The pivoting point” or “the vantage point”  Run modules  Installable on any compromised host  Local stealth techniques for hiding (ala rootkit)  Some autonomy (worm-like) and limited life- span  Secure (shouldn’t render the client infrastructure more insecure than before the pentest)  Remotely control other agents  Clean up functionality (uninstall)  Modules  “Any executable task”  Information gathering, information analysis, attacks, reporting, scripting of other modules  Simple and easy to extend  Have every tool together, under the same framework
  • 47. Syscall Proxying  Provides a uniform layer for the interaction with the underlying system  All modules ultimately access any resource through this layer  Changing this layer with a proxy effectively simulates the remote execution of the module Module Syscall stub Local server Remote server Local execution remote execution RPC
  • 48. Using a Virtual Machine  Isolates the particular characteristics of the “pivoting host” platform from the module  This effectively eliminates all the burden related to the setup of a vantage point  Just port theVM  Provides a comfortable environment for the development of new exploits  Productivity is higher on interpreted languages than on compiled ones  Provides a simple way of scripting (automating) any task, even higher level ones  Lots of free and powerfulVMs are available (Perl, Python, Squeak)
  • 49. APIs and Helpers Libraries  Any common and general use functionality related to the coding of exploits should evolve into an API  Prioritizes code-reuse and sharing  Simplifies exploit code, focused on the particular vulnerability and not on common vulnerability- writing tasks  Makes the life of the exploit developer easier (just build on top of existing code)  API’s can evolve independently of written exploits  Some examples  Shellcode building for different platforms  Sniffing and packet parsing  Spoofing (packet crafting)  Application layer protocols  HTTP, FTP, DNS, SMTP, SNMP, etc
  • 50. Component Communications  Use crypto protocols to provide privacy & mutual authentication  Define an abstract “transport” than can be interchangeable and mounted on top of any networking protocol  Firewall piercing  Fragmentation (recent ipf bug)  Application layer (HTTP, DNS)  Stealth  IDS evasion  Chaining (ala source-routing) of different transports in between agents  Provides a way of “jumping” between vantage points, allowing communication across diverse security domains (with different security policies)
  • 51. Logging and Reporting  Since a single-tool / single-framework is used for all the pen-test related tasks, it’s easy to keep logs of every single activity  Use a common document format (such as XML) that can be easily transformed into what is best for the particular customer or that follows the company style (HTML, PDF, DOC)  Getting the information together and building a report can be done by a module that accesses the objects in the model
  • 52. Scripting  Scripting of modules  Module “macros”  Autonomous action (for more worm-like attacks, or for scenarios where online communication with agents before compromise might not be possible)  A more constructive approach to module development. Build higher level attacks/strategies using available modules  If a scripting language is used (with aVM) is possible to take advantage of its capabilities to script the execution of modules
  • 53. Knowledge Base  A database of information on common attack strategies and success configurations on common customer scenarios  Guidelines on how to do a specific pentest depending on target characteristics  IT Infrastructure: Platforms, Network characteristics, Firewalling strategy (screened host, packet filtering, appl. proxy, DMZ)  Technology:ASP, PHP, DCOM, SOAP, Perl-CGI, etc.  Business / Services: web portal, mail, online store, corporate services, etc.  Full activity logs  Easier to identify common strategies & trends along different projects
  • 55. Conclusions  The current state of the penetration test practice is far from optimal  Automating them may bring them to a new level of quality  But in doing so we will face many technical problems  It may be a new challenge for the IS industry in the near future