Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Web Application Security using Web Application Security using
Contents <ul><li>About me </li></ul><ul><li>About DVWA </li></ul><ul><li>Security overview </li></ul>
About Me tmacuk@laptop:~$ whois thomasmackenzie <ul><li>Geek – 1 U$3 L1||U>< </li></ul><ul><li>Student – Full time Ethical...
About DVWA <ul><li>BETA - (17 Dec 2008) </li></ul><ul><li>1.0 - (20 May 2009) </li></ul><ul><li>1.0.4 - (29 Jun 2009) </li...
About DVWA tmacuk@laptop:~$ whatis DVWA <ul><li>Ryan Dewhurst - @ethicalhack3r –  http://www.ethicalhack3r.co.uk </li></ul...
About DVWA tmacuk@laptop:~$ show DVWA <ul><li>Talk about the development of the project </li></ul><ul><li>Where you can do...
About DVWA PostgreSQL support - 50% New design/colour scheme - 0% Blind SQL injection - 99% Compare source – 99% Improved ...
About DVWA DVWA http://www.dvwa.co.uk/ DVWA LiveCD  http://www.dvwa.co.uk/blog SamuraiWTF 0.8 (LiveDVD) http://samurai.ing...
About DVWA tmacuk@laptop:~$ show livedemo
Conclusion <ul><li>Email:  [email_address] </li></ul><ul><li>Website:  http://www.tmacuk.co.uk </li></ul><ul><li>Talk to m...
About DVWA tmacuk@laptop:~$ questions
Upcoming SlideShare
Loading in …5
×

Web Application Security

1,052 views

Published on

A talk on web application security using DVWA

  • Be the first to comment

  • Be the first to like this

Web Application Security

  1. 1. Web Application Security using Web Application Security using
  2. 2. Contents <ul><li>About me </li></ul><ul><li>About DVWA </li></ul><ul><li>Security overview </li></ul>
  3. 3. About Me tmacuk@laptop:~$ whois thomasmackenzie <ul><li>Geek – 1 U$3 L1||U>< </li></ul><ul><li>Student – Full time Ethical Hacking for Computer Security </li></ul><ul><li>Security Engineer - Web application and network penetration tester for RandomStorm LTD. </li></ul><ul><li>Podcaster </li></ul><ul><li>@tmacuk && http://www.tmacuk.co.uk && http://www.tmacuk.com && http://www.thomasmackenzie.net && http://www.thomasmackenzie.co.uk </li></ul>
  4. 4. About DVWA <ul><li>BETA - (17 Dec 2008) </li></ul><ul><li>1.0 - (20 May 2009) </li></ul><ul><li>1.0.4 - (29 Jun 2009) </li></ul><ul><li>1.0.5 - (03 Sep 2009) </li></ul><ul><li>1.0.6 - (05 Oct 2009) </li></ul><ul><li>RandomStorm - (14 Dec 2009) </li></ul><ul><li>1.0.7 - (under development) </li></ul>
  5. 5. About DVWA tmacuk@laptop:~$ whatis DVWA <ul><li>Ryan Dewhurst - @ethicalhack3r – http://www.ethicalhack3r.co.uk </li></ul><ul><li>Recently acquired by RandomStorm LTD – http://www.randomstorm.com </li></ul><ul><li>Damn Vulnerable Web App – a web application made to be damn vulnerable? </li></ul><ul><li>The reason behind DVWA being vulnerable is? </li></ul><ul><li>Security Levels </li></ul><ul><li>PHP and MYSQL (new features being added soon) </li></ul>
  6. 6. About DVWA tmacuk@laptop:~$ show DVWA <ul><li>Talk about the development of the project </li></ul><ul><li>Where you can download </li></ul><ul><li>How you can help? </li></ul><ul><li>Quick overview of the whole web application </li></ul><ul><li>Exploit the SQL injection vulnerability </li></ul>
  7. 7. About DVWA PostgreSQL support - 50% New design/colour scheme - 0% Blind SQL injection - 99% Compare source – 99% Improved Help information - 99% Minor improvements - 99% Minor bug fixes - 99% DOCUMENTATION!!! - 20%
  8. 8. About DVWA DVWA http://www.dvwa.co.uk/ DVWA LiveCD http://www.dvwa.co.uk/blog SamuraiWTF 0.8 (LiveDVD) http://samurai.inguardians.com/ Web Security Dojo (VM) http://www.mavensecurity.com/dojo.php OWASP Broken Web Application Project (VM) http://code.google.com/p/owaspbwa/
  9. 9. About DVWA tmacuk@laptop:~$ show livedemo
  10. 10. Conclusion <ul><li>Email: [email_address] </li></ul><ul><li>Website: http://www.tmacuk.co.uk </li></ul><ul><li>Talk to me afterwards </li></ul>
  11. 11. About DVWA tmacuk@laptop:~$ questions

×