SlideShare uma empresa Scribd logo
1 de 25
Webscarab, an introduction. Philippe Bogaerts Bee-ware [email_address]
Who am I? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why am I here ? ,[object Object],[object Object],[object Object]
What is WebScarab? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What can you do with WebScarab? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Obtaining WebScarab ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Installing WebScarab ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is new in the beta version? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Setting up the environment ,[object Object],[object Object],[object Object]
Configuring WebScarab ,[object Object],[object Object],[object Object],[object Object],[object Object]
WebScarab is ready to capture traffic ,[object Object]
Credential caching/learning ,[object Object],[object Object],[object Object]
Is this useful ? Authenticated Un-authenticated Any tool not supporting authentication can now be used to access the application in authenticated domains ! Ex. nc, web service invocation tools … but also build in features such as manual crafted requests, the spider and extension module Authenticated (w/o  WS)
SSL support <-   Server certificate <-  WS certificate <- Server certificate (w/o  WS)
SSL and client certificate support SSL with client certificate SSL SSL with client certificate (w/o  WS) ,[object Object],[object Object],[object Object],[object Object]
Shared Cookies plug-in ,[object Object],[object Object],[object Object],[object Object]
Manual Request plug-in ,[object Object],[object Object],[object Object],[object Object]
Demo ,[object Object],[object Object],[object Object],[object Object]
Spider plug-in ,[object Object],[object Object],[object Object]
Extension plug-in ,[object Object]
Web Services plug-in ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Demo ,[object Object],[object Object],[object Object],[object Object],[object Object]
Other features ,[object Object],[object Object],[object Object],[object Object],[object Object]
Other products ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thank You

Mais conteúdo relacionado

Mais procurados

[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriOWASP Delhi
 
Security issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAASecurity issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAAKarri Huhtanen
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Network penetration testing
Network penetration testingNetwork penetration testing
Network penetration testingImaginea
 
User expert forum user-id
User expert forum   user-idUser expert forum   user-id
User expert forum user-idAlberto Rivai
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
Defcon 22-nir-valtman-a-journey-to-protect-pos
Defcon 22-nir-valtman-a-journey-to-protect-posDefcon 22-nir-valtman-a-journey-to-protect-pos
Defcon 22-nir-valtman-a-journey-to-protect-posPriyanka Aash
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and YouChris Stone
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch   ASM WAF  unified learning – building policy with asm v12Lior rotkovitch   ASM WAF  unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior Rotkovitch
 
Layer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallLayer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallCA API Management
 
GDP Product Presentation
GDP Product PresentationGDP Product Presentation
GDP Product Presentationtswong
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threatsKishore Kumar
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling BlindspotBrian A. McHenry
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...PROBOTEK
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 

Mais procurados (20)

[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
 
Security issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAASecurity issues in RADIUS based Wi-Fi AAA
Security issues in RADIUS based Wi-Fi AAA
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Network penetration testing
Network penetration testingNetwork penetration testing
Network penetration testing
 
User expert forum user-id
User expert forum   user-idUser expert forum   user-id
User expert forum user-id
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
 
Defcon 22-nir-valtman-a-journey-to-protect-pos
Defcon 22-nir-valtman-a-journey-to-protect-posDefcon 22-nir-valtman-a-journey-to-protect-pos
Defcon 22-nir-valtman-a-journey-to-protect-pos
 
Authenticated key exchange protocols
Authenticated key exchange protocolsAuthenticated key exchange protocols
Authenticated key exchange protocols
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and You
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch   ASM WAF  unified learning – building policy with asm v12Lior rotkovitch   ASM WAF  unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
 
Layer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallLayer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml Firewall
 
GDP Product Presentation
GDP Product PresentationGDP Product Presentation
GDP Product Presentation
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 
EAP-TLS
EAP-TLSEAP-TLS
EAP-TLS
 
Ali shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1XAli shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1X
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling Blindspot
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 

Semelhante a Webscarab demo @ OWASP Belgium

Securing web applications
Securing web applicationsSecuring web applications
Securing web applicationsSupreme O
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreUsing Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreJosh Sokol
 
MongoDB.local Berlin: App development in a Serverless World
MongoDB.local Berlin: App development in a Serverless WorldMongoDB.local Berlin: App development in a Serverless World
MongoDB.local Berlin: App development in a Serverless WorldMongoDB
 
Pervasive Web Application Architecture
Pervasive Web Application ArchitecturePervasive Web Application Architecture
Pervasive Web Application ArchitectureUC San Diego
 
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdfWeb sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdfaquacareser
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricSpiffy
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWebsecurify
 
Web API or WCF - An Architectural Comparison
Web API or WCF - An Architectural ComparisonWeb API or WCF - An Architectural Comparison
Web API or WCF - An Architectural ComparisonAdnan Masood
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxkarthikvcyber
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations CenterJimmy Mesta
 

Semelhante a Webscarab demo @ OWASP Belgium (20)

Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applications
 
It and ej
It and ejIt and ej
It and ej
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Progressive Web Apps
Progressive Web AppsProgressive Web Apps
Progressive Web Apps
 
Using Proxies To Secure Applications And More
Using Proxies To Secure Applications And MoreUsing Proxies To Secure Applications And More
Using Proxies To Secure Applications And More
 
MongoDB.local Berlin: App development in a Serverless World
MongoDB.local Berlin: App development in a Serverless WorldMongoDB.local Berlin: App development in a Serverless World
MongoDB.local Berlin: App development in a Serverless World
 
Pervasive Web Application Architecture
Pervasive Web Application ArchitecturePervasive Web Application Architecture
Pervasive Web Application Architecture
 
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdfWeb sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
CTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App FabricCTU June 2011 - Windows Azure App Fabric
CTU June 2011 - Windows Azure App Fabric
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
 
zigbee
zigbeezigbee
zigbee
 
Securing RESTful API
Securing RESTful APISecuring RESTful API
Securing RESTful API
 
Web API or WCF - An Architectural Comparison
Web API or WCF - An Architectural ComparisonWeb API or WCF - An Architectural Comparison
Web API or WCF - An Architectural Comparison
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
 
Effectiveness of AV in Detecting Web Application Backdoors
Effectiveness of AV in Detecting Web Application BackdoorsEffectiveness of AV in Detecting Web Application Backdoors
Effectiveness of AV in Detecting Web Application Backdoors
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
 

Último

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Último (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Webscarab demo @ OWASP Belgium

  • 1. Webscarab, an introduction. Philippe Bogaerts Bee-ware [email_address]
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. Is this useful ? Authenticated Un-authenticated Any tool not supporting authentication can now be used to access the application in authenticated domains ! Ex. nc, web service invocation tools … but also build in features such as manual crafted requests, the spider and extension module Authenticated (w/o WS)
  • 14. SSL support <- Server certificate <- WS certificate <- Server certificate (w/o WS)
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.