Perform fuzz on appplications web interface

•Transferir como PPT, PDF•

1 gostou•984 visualizações

Session Presented at 2nd IndicThreads.com Conference On Software Quality held on 25-26 March 2011 in Pune, India. WEB: http://Q11.IndicThreads.com

Tecnologia

“ PerformFuzz” On Application’s Web Interface. Aniket Kulkarni Symantec , India.

Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Agenda Contd.. ,[object Object],[object Object],[object Object],[object Object]

Brief Overview. ,[object Object],[object Object],[object Object],[object Object],[object Object]

What Is Performance Testing ? ,[object Object],[object Object]

What’s Fuzzing &What Can Be Fuzzed ? ,[object Object],[object Object],[object Object]

[object Object],[object Object],What Is Fuzzer ? Fuzzer Input File File File File File File Software Application Original Input

Common Defects By Fuzzing. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

So, what’s PerformFuzz? ,[object Object],[object Object],[object Object],[object Object]

How Packetort Fuzzing Is Done ? ,[object Object],[object Object]

But, How Performance Degrades ? ,[object Object],[object Object],[object Object],[object Object],[object Object]

View: Ideal & Malicious Packet. ,[object Object],[object Object]

Impact On 3 rd Party Components. ,[object Object],[object Object],[object Object],[object Object]

Case Study & Crash Analysis. ,[object Object],[object Object],[object Object]

Best Practices To Avoid Such Issues. ,[object Object],[object Object],[object Object],[object Object]

What’s Out From This Presentation? ,[object Object],[object Object],[object Object],[object Object]

Question To think ? ,[object Object],[object Object]

Reference. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

The End. ,[object Object],[object Object],[object Object],[object Object]

Mais conteúdo relacionado

Mais procurados

20160211 OWASP Charlotte RASPchadtindel

ESAPIn|u - The Open Security Community

Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationDerrick Hunter

Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Stephan Chenette

Security hole #5 application security science or quality assuranceTjylen Veselyj

Reversing malware analysis training part11 exploit development advancedCysinfo Cyber Security Community

Introduction to security testingNagasahas DS

Hack through InjectionsNazar Tymoshyk, CEH, Ph.D.

Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)

Secure develpment 2014Ariel Evans

Server Side Template Injection by Mandeep JadonMandeep Jadon

How to secure web applicationsMohammed A. Imran

Security-testing presentationEzhilan Elangovan (Eril)

Stephanie Vanroelen - Mobile Anti-Virus apps exposedNoNameCon

Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)Akmal Hisyam

Automation of Security scanning easy or cheeseKatherine Golovinova

Automation of Security scanning easy or cheese?Dmitriy Gumeniuk

OWASP Top 10 practice workshop by Stanislav BreslavskyiNazar Tymoshyk, CEH, Ph.D.

Mobile security services 2012Tjylen Veselyj

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded

Mais procurados (20)

20160211 OWASP Charlotte RASP

ESAPI

Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation

Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...

Security hole #5 application security science or quality assurance

Reversing malware analysis training part11 exploit development advanced

Introduction to security testing

Hack through Injections

Penetration testing dont just leave it to chance

Secure develpment 2014

Server Side Template Injection by Mandeep Jadon

How to secure web applications

Security-testing presentation

Stephanie Vanroelen - Mobile Anti-Virus apps exposed

Breaking Antivirus Software - Joxean Koret (SYSCAN 2014)

Automation of Security scanning easy or cheese

Automation of Security scanning easy or cheese?

OWASP Top 10 practice workshop by Stanislav Breslavskyi

Mobile security services 2012

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

Semelhante a Perform fuzz on appplications web interface

Testingfor Sw Securityankitmehta21

Web application penetration testing lab setup guideSudhanshu Chauhan

Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky

Manual testing interview questionsBABAR MANZAR

sts-scanner_tutorialtutorialsruby

Crash Analysis with Reverse Taintmarekzmyslowski

Bank One App Sec TrainingMike Spaulding

Breaking av softwareJoxean Koret

Breaking av softwareThomas Pollet

Breaking Antivirus Softwarerahmanprojectd

VAPT_FINAL SLIDES.pptxkarthikvcyber

Layer 7 Technologies: Web Services Hacking And HardeningCA API Management

Manual testing interview question by INFOTECHPravinsinh

Apt presso good to learnFajar Isnanto

Real-World WebAppSec Flaws - Examples and Countermeasuesvolvent

Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver

VAPT PRESENTATION full.pptxDARSHANBHAVSAR14

Effectiveness of AV in Detecting Web Application Backdoorsn|u - The Open Security Community

Info manual testing questionsSandeep

Semelhante a Perform fuzz on appplications web interface (20)

Testingfor Sw Security

Web application penetration testing lab setup guide

Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying

Manual testing interview questions

sts-scanner_tutorial

Crash Analysis with Reverse Taint

Bank One App Sec Training

Breaking av software

Breaking Antivirus Software

VAPT_FINAL SLIDES.pptx

Layer 7 Technologies: Web Services Hacking And Hardening

Manual testing interview question by INFOTECH

Apt presso good to learn

Real-World WebAppSec Flaws - Examples and Countermeasues

Network Vulnerabilities And Cyber Kill Chain Essay

VAPT PRESENTATION full.pptx

Effectiveness of AV in Detecting Web Application Backdoors

Info manual testing questions

Mais de IndicThreads

Http2 is here! And why the web needs itIndicThreads

Understanding Bitcoin (Blockchain) and its Potential for Disruptive ApplicationsIndicThreads

Go Programming Language - Learning The Go Lang wayIndicThreads

Building Resilient Microservices IndicThreads

App using golang indicthreadsIndicThreads

Building on quicksand microservices indicthreadsIndicThreads

How to Think in RxJava Before ReactingIndicThreads

Iot secure connected devices indicthreadsIndicThreads

Real world IoT for enterprisesIndicThreads

IoT testing and quality assurance indicthreadsIndicThreads

Functional Programming Past Present FutureIndicThreads

Harnessing the Power of Java 8 Streams IndicThreads

Building & scaling a live streaming mobile platform - Gr8 road to fameIndicThreads

Internet of things architecture perspective - IndicThreads ConferenceIndicThreads

Cars and Computers: Building a Java CarputerIndicThreads

Scrap Your MapReduce - Apache SparkIndicThreads

Continuous Integration (CI) and Continuous Delivery (CD) using Jenkins & DockerIndicThreads

Speed up your build pipeline for faster feedbackIndicThreads

Unraveling OpenStack CloudsIndicThreads

Digital Transformation of the Enterprise. What IT leaders need to know!IndicThreads

Mais de IndicThreads (20)

Http2 is here! And why the web needs it

Understanding Bitcoin (Blockchain) and its Potential for Disruptive Applications

Go Programming Language - Learning The Go Lang way

Building Resilient Microservices

App using golang indicthreads

Building on quicksand microservices indicthreads

How to Think in RxJava Before Reacting

Iot secure connected devices indicthreads

Real world IoT for enterprises

IoT testing and quality assurance indicthreads

Functional Programming Past Present Future

Harnessing the Power of Java 8 Streams

Building & scaling a live streaming mobile platform - Gr8 road to fame

Internet of things architecture perspective - IndicThreads Conference

Cars and Computers: Building a Java Carputer

Scrap Your MapReduce - Apache Spark

Continuous Integration (CI) and Continuous Delivery (CD) using Jenkins & Docker

Speed up your build pipeline for faster feedback

Unraveling OpenStack Clouds

Digital Transformation of the Enterprise. What IT leaders need to know!

Último

Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada

Anypoint Exchange: It’s Not Just a Repo!Manik S Magar

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos

Artificial intelligence in cctv survelliance.pptxhariprasad279825

Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi

SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero

Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz

Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays

Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity

Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation

Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays

Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst