SlideShare uma empresa Scribd logo

Web application security - Course overview

Satish b
Satish b

Web Application penetration testing course content.

EducaçãoTecnologia
1 de 5
Baixar para ler offline
Web Application Security Course Overview Satish.B Email: satishb3@securitylearn.net
Course Content History of web application Introduction to web application architecture Uniform Resource Locator (URL) HTTP Introduction HTTP Methods WEBDAV methods Request/Response analysis Security problems with http HTTPS Handshake protocol Record protocol Proxy Man in the middle attack Tools: Burp proxy, Paros proxy, web scarab Encoding Techniques URL Encoding HTML Encoding Unicode Encoding Tools: Burp decoder Profiling Application Spiders, crawlers Search engine discovery Banner Grabbing Robots.txt Analysis of error codes Tools: HttpPrint, netcraft Attacking Authentication Authentication Types Brute force attacks Analyzing Auto complete options Insecure credential transmission Session puzzle attacks Authentication bypass techniques Shoulder surfing 2 http://www.securitylearn.net
CAPTCHA Rebinding attacks Countermeasures Tools: Bruter, Burp Repeater, Burp Intruder Attacking Authorization Authorization types Parameter tampering Horizontal privilege escalation Vertical privilege escalation Referrer spoofing Cryptography weakness Symmetric cryptography Asymmetric cryptography Substitution cipher Stream cipher Block cipher Steganography SSL cipher testing Cracking hashes Padding oracle attack Cracking ECB encryption Tools: SSLDigger, MD5 crack Attacking Session management Introduction Secure flag HTTPOnly flag Cookie Domain & Path Session Token analysis Session fixation Cookie transmission mechanisms Tools: Burp sequencer Timeout issues Cross site scripting attacks Same origin policy Reflective XSS Stored XSS DOM based XSS Anatomy of XSS Exploitation Impact of XSS XSS Shell 3 http://www.securitylearn.net
XSS & Metasploit Black list/White list Input validation Output encoding Remediation Tools: Beef SQL injection Error based SQLi Blind SQLi SQLi exploitation Data extraction with UNION queries Data extraction with inference techniques Command execution with SQLi Impact of SQLi Remediation Stored procedures Vs Parameterized queries Tools: SQLMap, Absinthe Cross site request forgery Anatomy of CSRF Remediation CAPTCHA Rebinding attack Tool: CSRFTester URL Redirection attacks Phishing attacks Remediation HTTP Response splitting Cache positioning Command execution Input validation attacks File Uploads Path traversal attacks Local file inclusions Remote file inclusions Command Execution Remediation Techniques Server Configuration issues WEBDAV methods Caching vulnerabilities Directory listing 4 http://www.securitylearn.net
Attacking Web Server Denial of service attacks Buffer over flows Remediation OWASP Top10 web application risks Scanners Usage of tools Pros, Cons & Problems with scanners IBM- AppScan HP- WebInspect Risk Assessment OWASP Risk Rating methodology Pentest Reports Executive reports Detailed reports Web Application Security Checklist Contact Satish B Email: satishb3@securitylearn.net satishb3@hotmail.com 5 http://www.securitylearn.net

Recomendados

Session7-XSS & CSRF
Session7-XSS & CSRFSession7-XSS & CSRF
Session7-XSS & CSRFzakieh alizadeh
 
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreUsing Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreJosh Sokol
 
S8-Session Managment
S8-Session ManagmentS8-Session Managment
S8-Session Managmentzakieh alizadeh
 
Application Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerApplication Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerOWASP-Qatar Chapter
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWebsecurify
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Session4-Authentication
Session4-AuthenticationSession4-Authentication
Session4-Authenticationzakieh alizadeh
 

Recomendados

Session7-XSS & CSRF
Session7-XSS & CSRFSession7-XSS & CSRF
Session7-XSS & CSRFzakieh alizadeh
 
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreUsing Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreJosh Sokol
 
S8-Session Managment
S8-Session ManagmentS8-Session Managment
S8-Session Managmentzakieh alizadeh
 
Application Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerApplication Security TRENDS – Lessons Learnt- Firosh Ummer
Application Security TRENDS – Lessons Learnt- Firosh UmmerOWASP-Qatar Chapter
 
Web Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWeb Application Security 101 - 04 Testing Methodology
Web Application Security 101 - 04 Testing MethodologyWebsecurify
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessmentRavikumar Paghdal
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
Session4-Authentication
Session4-AuthenticationSession4-Authentication
Session4-Authenticationzakieh alizadeh
 
Session3 data-validation-sql injection
Session3 data-validation-sql injectionSession3 data-validation-sql injection
Session3 data-validation-sql injectionzakieh alizadeh
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorizationzakieh alizadeh
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesMarco Morana
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmedRashid Khatmey
 
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentationA8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentationAlbena Asenova-Belal
 
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”Capgemini
 
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers zakieh alizadeh
 
121 desarrollando aplicaciones-seguras_con_gene_xus
121 desarrollando aplicaciones-seguras_con_gene_xus121 desarrollando aplicaciones-seguras_con_gene_xus
121 desarrollando aplicaciones-seguras_con_gene_xusGeneXus
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request ForgeryTony Bibbs
 
Session10-PHP Misconfiguration
Session10-PHP MisconfigurationSession10-PHP Misconfiguration
Session10-PHP Misconfigurationzakieh alizadeh
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3vhimsikal
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationshipn|u - The Open Security Community
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modelingzakieh alizadeh
 
Cross site scripting
Cross site scripting Cross site scripting
Cross site scripting Bilal Mazhar MS(IS)Cyber Security II Privacy Professional
 
Web 2.0 Hacking
Web 2.0 HackingWeb 2.0 Hacking
Web 2.0 Hackingblake101
 
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryGrey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryChristopher Grayson
 
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & DefenseIntroduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & DefenseSurya Subhash
 
Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2robin_bene
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
Romulus OWASP
Romulus OWASPRomulus OWASP
Romulus OWASPGrupo Gesfor I+D+i
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applicationsSatish b
 

Mais conteúdo relacionado

Mais procurados

Session3 data-validation-sql injection
Session3 data-validation-sql injectionSession3 data-validation-sql injection
Session3 data-validation-sql injectionzakieh alizadeh
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesMarco Morana
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmedRashid Khatmey
 
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentationA8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentationAlbena Asenova-Belal
 
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”Capgemini
 
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers zakieh alizadeh
 
121 desarrollando aplicaciones-seguras_con_gene_xus
121 desarrollando aplicaciones-seguras_con_gene_xus121 desarrollando aplicaciones-seguras_con_gene_xus
121 desarrollando aplicaciones-seguras_con_gene_xusGeneXus
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request ForgeryTony Bibbs
 
Session10-PHP Misconfiguration
Session10-PHP MisconfigurationSession10-PHP Misconfiguration
Session10-PHP Misconfigurationzakieh alizadeh
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3vhimsikal
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modelingzakieh alizadeh
 
Web 2.0 Hacking
Web 2.0 HackingWeb 2.0 Hacking
Web 2.0 Hackingblake101
 
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryGrey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryChristopher Grayson
 
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & DefenseIntroduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & DefenseSurya Subhash
 
Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2robin_bene
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 

Mais procurados (20)

Session3 data-validation-sql injection
Session3 data-validation-sql injectionSession3 data-validation-sql injection
Session3 data-validation-sql injection
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery Vulnerabilities
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
 
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentationA8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
 
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
 
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers
 
121 desarrollando aplicaciones-seguras_con_gene_xus
121 desarrollando aplicaciones-seguras_con_gene_xus121 desarrollando aplicaciones-seguras_con_gene_xus
121 desarrollando aplicaciones-seguras_con_gene_xus
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request Forgery
 
Session10-PHP Misconfiguration
Session10-PHP MisconfigurationSession10-PHP Misconfiguration
Session10-PHP Misconfiguration
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
 
Cross site scripting
Cross site scripting Cross site scripting
Cross site scripting
 
Web 2.0 Hacking
Web 2.0 HackingWeb 2.0 Hacking
Web 2.0 Hacking
 
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryGrey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request Forgery
 
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & DefenseIntroduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & Defense
 
Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2Owasp security testing methodlogies –part2
Owasp security testing methodlogies –part2
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 

Semelhante a Web application security - Course overview

Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applicationsSatish b
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingShreeraj Shah
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Assessment methodology and approach
Assessment methodology and approachAssessment methodology and approach
Assessment methodology and approachBlueinfy Solutions
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hackerbestip
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsphanleson
 
Fraud detection system
Fraud detection systemFraud detection system
Fraud detection systembaladutt
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software Shreeraj Shah
 
Hack applications
Hack applicationsHack applications
Hack applicationsenrizmoore
 
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...MrityunjayaHikkalgut1
 
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptSecure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptJonathan LeBlanc
 
Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeAltitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeFastly
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP SpainChristian Martorella
 

Semelhante a Web application security - Course overview (20)

Romulus OWASP
Romulus OWASPRomulus OWASP
Romulus OWASP
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applications
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
Assessment methodology and approach
Assessment methodology and approachAssessment methodology and approach
Assessment methodology and approach
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
Practical web-attacks2
Practical web-attacks2Practical web-attacks2
Practical web-attacks2
 
Fraud detection system
Fraud detection systemFraud detection system
Fraud detection system
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
 
Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software
 
Hack applications
Hack applicationsHack applications
Hack applications
 
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
 
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptSecure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScript
 
Altitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edgeAltitude SF 2017: Security at the edge
Altitude SF 2017: Security at the edge
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encoding
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
 

Mais de Satish b

Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Satish b
 
iPhone forensics course overview
iPhone forensics course overviewiPhone forensics course overview
iPhone forensics course overviewSatish b
 
iPhone forensics on iOS5
iPhone forensics on iOS5iPhone forensics on iOS5
iPhone forensics on iOS5Satish b
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applicationsSatish b
 
padding oracle attack
padding oracle attackpadding oracle attack
padding oracle attackSatish b
 

Mais de Satish b (6)

Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
 
Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)Forensic analysis of iPhone backups (iOS 5)
Forensic analysis of iPhone backups (iOS 5)
 
iPhone forensics course overview
iPhone forensics course overviewiPhone forensics course overview
iPhone forensics course overview
 
iPhone forensics on iOS5
iPhone forensics on iOS5iPhone forensics on iOS5
iPhone forensics on iOS5
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applications
 
padding oracle attack
padding oracle attackpadding oracle attack
padding oracle attack
 

Último

Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesVijayaLaxmi84
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research DiscourseAnita GoswamiGiri
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxMichelleTuguinay1
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Developmentchesterberbo7
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Celine George
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...DhatriParmar
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxAneriPatwari
 

Último (20)

Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their uses
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research Discourse
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptx
 

Web application security - Course overview

  • 1. Web Application Security Course Overview Satish.B Email: satishb3@securitylearn.net
  • 2. Course Content History of web application Introduction to web application architecture Uniform Resource Locator (URL) HTTP Introduction HTTP Methods WEBDAV methods Request/Response analysis Security problems with http HTTPS Handshake protocol Record protocol Proxy Man in the middle attack Tools: Burp proxy, Paros proxy, web scarab Encoding Techniques URL Encoding HTML Encoding Unicode Encoding Tools: Burp decoder Profiling Application Spiders, crawlers Search engine discovery Banner Grabbing Robots.txt Analysis of error codes Tools: HttpPrint, netcraft Attacking Authentication Authentication Types Brute force attacks Analyzing Auto complete options Insecure credential transmission Session puzzle attacks Authentication bypass techniques Shoulder surfing 2 http://www.securitylearn.net
  • 3. CAPTCHA Rebinding attacks Countermeasures Tools: Bruter, Burp Repeater, Burp Intruder Attacking Authorization Authorization types Parameter tampering Horizontal privilege escalation Vertical privilege escalation Referrer spoofing Cryptography weakness Symmetric cryptography Asymmetric cryptography Substitution cipher Stream cipher Block cipher Steganography SSL cipher testing Cracking hashes Padding oracle attack Cracking ECB encryption Tools: SSLDigger, MD5 crack Attacking Session management Introduction Secure flag HTTPOnly flag Cookie Domain & Path Session Token analysis Session fixation Cookie transmission mechanisms Tools: Burp sequencer Timeout issues Cross site scripting attacks Same origin policy Reflective XSS Stored XSS DOM based XSS Anatomy of XSS Exploitation Impact of XSS XSS Shell 3 http://www.securitylearn.net
  • 4. XSS & Metasploit Black list/White list Input validation Output encoding Remediation Tools: Beef SQL injection Error based SQLi Blind SQLi SQLi exploitation Data extraction with UNION queries Data extraction with inference techniques Command execution with SQLi Impact of SQLi Remediation Stored procedures Vs Parameterized queries Tools: SQLMap, Absinthe Cross site request forgery Anatomy of CSRF Remediation CAPTCHA Rebinding attack Tool: CSRFTester URL Redirection attacks Phishing attacks Remediation HTTP Response splitting Cache positioning Command execution Input validation attacks File Uploads Path traversal attacks Local file inclusions Remote file inclusions Command Execution Remediation Techniques Server Configuration issues WEBDAV methods Caching vulnerabilities Directory listing 4 http://www.securitylearn.net
  • 5. Attacking Web Server Denial of service attacks Buffer over flows Remediation OWASP Top10 web application risks Scanners Usage of tools Pros, Cons & Problems with scanners IBM- AppScan HP- WebInspect Risk Assessment OWASP Risk Rating methodology Pentest Reports Executive reports Detailed reports Web Application Security Checklist Contact Satish B Email: satishb3@securitylearn.net satishb3@hotmail.com 5 http://www.securitylearn.net