SlideShare a Scribd company logo

webscarab

Download as PPTX, PDF
Dilan Warnakulasooriya
Dilan Warnakulasooriya

This presentation slides mostly contain headings and topics of disscused areas, since meet-up was a practical & live demonstration type of Application security.

Technology
1 of 12
Welcome to Colombo Security Meet-up (SL chapter of OWASP) 05th Sep 2012 Role of Webscarab in Application Security
• Agenda – Introduction to Webscarab – Plugins and Features – Test your Web Apps with Webscarab – Security Test Automation
• Proxy – Why we use proxy – Where we place proxy – Application Security Proxy – OWASP proxy
• OWASP Communities – Builders – Breakers – Defenders
• Webscarab – Security testing tool / Completely free / Open Source – Cross Platform / Project leader – Rogan Dawes – Contributors – All around the world – Webscarab classic & Webscarab-NG – Webscarab lite & Webscarab full
• Features of Webscarab – extracts Scripts and HTML comments from HTML pages – observes traffic between the browser and the web server – modify HTTP and HTTPS requests and responses on the fly – Manual request – execution of arbitrarily complex operations on requests and responses – Reveal hidden fields
• Features of Webscarab – Bandwidth simulator – Spider – SessionID analysis – Parameter fuzzer – Search – Compare – XSS/CRLF
• Webscarab Plugins – Proxy – Manual request – Spider – SessionID Analysis – Scripted – Fragments
• Webscarab Plugins – Compare – Fuzzer – Search – AMF plugin- to analysis flex web application
• Test your Web Apps with Webscarab – Spidering – SQLi & XSS – Discovering clues – Directory enumeration – Backup files scanning – Session hijacking – Parameter modification & Revealing hidding fields
• Automate your security testing – Webscarab + Selenium
• Q&A Thank You Dilan Warnakulasooriya 99X Technology https://www.linkedin.com/in/dilanwarnakulasooriya

Recommended

WSO2 Application Server
WSO2 Application ServerWSO2 Application Server
WSO2 Application ServerSagara Gunathunga
 
Application Monitoring with WSO2 App Server
Application Monitoring with WSO2 App ServerApplication Monitoring with WSO2 App Server
Application Monitoring with WSO2 App ServerSagara Gunathunga
 
SharePoint on Imaginary Hardware - IndyTechFest 2010
SharePoint on Imaginary Hardware - IndyTechFest 2010SharePoint on Imaginary Hardware - IndyTechFest 2010
SharePoint on Imaginary Hardware - IndyTechFest 2010John Ferringer
 
Indic threads pune12-typesafe stack software development on the jvm
Indic threads pune12-typesafe stack software development on the jvmIndic threads pune12-typesafe stack software development on the jvm
Indic threads pune12-typesafe stack software development on the jvmIndicThreads
 
Buiding and Deploying SaaS with WSO2 as as-a-Service
Buiding and Deploying SaaS with WSO2 as as-a-ServiceBuiding and Deploying SaaS with WSO2 as as-a-Service
Buiding and Deploying SaaS with WSO2 as as-a-ServiceWSO2
 
Express yourself
Express yourselfExpress yourself
Express yourselfYaniv Rodenski
 
PLAT-8 Spring Web Scripts and Spring Surf
PLAT-8 Spring Web Scripts and Spring SurfPLAT-8 Spring Web Scripts and Spring Surf
PLAT-8 Spring Web Scripts and Spring SurfAlfresco Software
 
Rails 3.1 Asset pipeline
Rails 3.1 Asset pipelineRails 3.1 Asset pipeline
Rails 3.1 Asset pipelinejeremyolliver
 

Recommended

WSO2 Application Server
WSO2 Application ServerWSO2 Application Server
WSO2 Application ServerSagara Gunathunga
 
Application Monitoring with WSO2 App Server
Application Monitoring with WSO2 App ServerApplication Monitoring with WSO2 App Server
Application Monitoring with WSO2 App ServerSagara Gunathunga
 
SharePoint on Imaginary Hardware - IndyTechFest 2010
SharePoint on Imaginary Hardware - IndyTechFest 2010SharePoint on Imaginary Hardware - IndyTechFest 2010
SharePoint on Imaginary Hardware - IndyTechFest 2010John Ferringer
 
Indic threads pune12-typesafe stack software development on the jvm
Indic threads pune12-typesafe stack software development on the jvmIndic threads pune12-typesafe stack software development on the jvm
Indic threads pune12-typesafe stack software development on the jvmIndicThreads
 
Buiding and Deploying SaaS with WSO2 as as-a-Service
Buiding and Deploying SaaS with WSO2 as as-a-ServiceBuiding and Deploying SaaS with WSO2 as as-a-Service
Buiding and Deploying SaaS with WSO2 as as-a-ServiceWSO2
 
Express yourself
Express yourselfExpress yourself
Express yourselfYaniv Rodenski
 
PLAT-8 Spring Web Scripts and Spring Surf
PLAT-8 Spring Web Scripts and Spring SurfPLAT-8 Spring Web Scripts and Spring Surf
PLAT-8 Spring Web Scripts and Spring SurfAlfresco Software
 
Rails 3.1 Asset pipeline
Rails 3.1 Asset pipelineRails 3.1 Asset pipeline
Rails 3.1 Asset pipelinejeremyolliver
 
Client Side MVC with Backbone and Rails
Client Side MVC with Backbone and RailsClient Side MVC with Backbone and Rails
Client Side MVC with Backbone and RailsTom Z Zeng
 
RubyConf Bangladesh 2017 - Introduction to Ruby on Rails
RubyConf Bangladesh 2017 - Introduction to Ruby on RailsRubyConf Bangladesh 2017 - Introduction to Ruby on Rails
RubyConf Bangladesh 2017 - Introduction to Ruby on RailsRuby Bangladesh
 
Advance java session 2
Advance java session 2Advance java session 2
Advance java session 2Smita B Kumar
 
2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...
2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...
2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...aOS Community
 
Microsoft Azure News - March 2017
Microsoft Azure News - March 2017Microsoft Azure News - March 2017
Microsoft Azure News - March 2017Daniel Toomey
 
Rest assured
Rest assuredRest assured
Rest assuredYaniv Rodenski
 
Sinatra Introduction
Sinatra IntroductionSinatra Introduction
Sinatra IntroductionYi-Ting Cheng
 
Laravel 4 presentation
Laravel 4 presentationLaravel 4 presentation
Laravel 4 presentationAbu Saleh Muhammad Shaon
 
Single Page Apps
Single Page AppsSingle Page Apps
Single Page AppsGil Fink
 
End to-end W3C - JS.everywhere(2012) Europe
End to-end W3C - JS.everywhere(2012) EuropeEnd to-end W3C - JS.everywhere(2012) Europe
End to-end W3C - JS.everywhere(2012) EuropeAlexandre Morgaut
 
Scala in the Enterprise
Scala in the EnterpriseScala in the Enterprise
Scala in the EnterpriseEric Pederson
 
Automating security for cloud workloads (1)
Automating security for cloud workloads (1)Automating security for cloud workloads (1)
Automating security for cloud workloads (1)AnneLin19
 
Spring Boot. Boot up your development
Spring Boot. Boot up your developmentSpring Boot. Boot up your development
Spring Boot. Boot up your developmentStrannik_2013
 
Spring.new hope.1.3
Spring.new hope.1.3Spring.new hope.1.3
Spring.new hope.1.3Alex Tumanoff
 
Materi devcussion 1.0
Materi devcussion 1.0Materi devcussion 1.0
Materi devcussion 1.0CodePolitan
 
From Web App Model Design to Production with Wakanda
From Web App Model Design to Production with WakandaFrom Web App Model Design to Production with Wakanda
From Web App Model Design to Production with WakandaAlexandre Morgaut
 
Solving Enterprise Integration with Apache Camel
Solving Enterprise Integration with Apache CamelSolving Enterprise Integration with Apache Camel
Solving Enterprise Integration with Apache CamelChristian Posta
 
Using the Cascade Server Web Service API, by Artur Tomusiak
Using the Cascade Server Web Service API, by Artur TomusiakUsing the Cascade Server Web Service API, by Artur Tomusiak
Using the Cascade Server Web Service API, by Artur Tomusiakhannonhill
 
Un problème 10 solutions : Azure Fighter
Un problème 10 solutions : Azure FighterUn problème 10 solutions : Azure Fighter
Un problème 10 solutions : Azure Fighterfelixbillon
 
Building Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesBuilding Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesRahul Singh
 
Building Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesBuilding Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesAnant Corporation
 
Rapid Prototyping with Solr
Rapid Prototyping with SolrRapid Prototyping with Solr
Rapid Prototyping with SolrLucidworks (Archived)
 

More Related Content

What's hot

Client Side MVC with Backbone and Rails
Client Side MVC with Backbone and RailsClient Side MVC with Backbone and Rails
Client Side MVC with Backbone and RailsTom Z Zeng
 
RubyConf Bangladesh 2017 - Introduction to Ruby on Rails
RubyConf Bangladesh 2017 - Introduction to Ruby on RailsRubyConf Bangladesh 2017 - Introduction to Ruby on Rails
RubyConf Bangladesh 2017 - Introduction to Ruby on RailsRuby Bangladesh
 
Advance java session 2
Advance java session 2Advance java session 2
Advance java session 2Smita B Kumar
 
2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...
2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...
2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...aOS Community
 
Microsoft Azure News - March 2017
Microsoft Azure News - March 2017Microsoft Azure News - March 2017
Microsoft Azure News - March 2017Daniel Toomey
 
Sinatra Introduction
Sinatra IntroductionSinatra Introduction
Sinatra IntroductionYi-Ting Cheng
 
Single Page Apps
Single Page AppsSingle Page Apps
Single Page AppsGil Fink
 
End to-end W3C - JS.everywhere(2012) Europe
End to-end W3C - JS.everywhere(2012) EuropeEnd to-end W3C - JS.everywhere(2012) Europe
End to-end W3C - JS.everywhere(2012) EuropeAlexandre Morgaut
 
Scala in the Enterprise
Scala in the EnterpriseScala in the Enterprise
Scala in the EnterpriseEric Pederson
 
Automating security for cloud workloads (1)
Automating security for cloud workloads (1)Automating security for cloud workloads (1)
Automating security for cloud workloads (1)AnneLin19
 
Spring Boot. Boot up your development
Spring Boot. Boot up your developmentSpring Boot. Boot up your development
Spring Boot. Boot up your developmentStrannik_2013
 
Materi devcussion 1.0
Materi devcussion 1.0Materi devcussion 1.0
Materi devcussion 1.0CodePolitan
 
From Web App Model Design to Production with Wakanda
From Web App Model Design to Production with WakandaFrom Web App Model Design to Production with Wakanda
From Web App Model Design to Production with WakandaAlexandre Morgaut
 
Solving Enterprise Integration with Apache Camel
Solving Enterprise Integration with Apache CamelSolving Enterprise Integration with Apache Camel
Solving Enterprise Integration with Apache CamelChristian Posta
 
Using the Cascade Server Web Service API, by Artur Tomusiak
Using the Cascade Server Web Service API, by Artur TomusiakUsing the Cascade Server Web Service API, by Artur Tomusiak
Using the Cascade Server Web Service API, by Artur Tomusiakhannonhill
 
Un problème 10 solutions : Azure Fighter
Un problème 10 solutions : Azure FighterUn problème 10 solutions : Azure Fighter
Un problème 10 solutions : Azure Fighterfelixbillon
 

What's hot (19)

Client Side MVC with Backbone and Rails
Client Side MVC with Backbone and RailsClient Side MVC with Backbone and Rails
Client Side MVC with Backbone and Rails
 
RubyConf Bangladesh 2017 - Introduction to Ruby on Rails
RubyConf Bangladesh 2017 - Introduction to Ruby on RailsRubyConf Bangladesh 2017 - Introduction to Ruby on Rails
RubyConf Bangladesh 2017 - Introduction to Ruby on Rails
 
Advance java session 2
Advance java session 2Advance java session 2
Advance java session 2
 
2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...
2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...
2019-06-12 aOS Aix Marseille - C4 - Un besoin 10 solutions Azure Fighter - Fé...
 
Microsoft Azure News - March 2017
Microsoft Azure News - March 2017Microsoft Azure News - March 2017
Microsoft Azure News - March 2017
 
Rest assured
Rest assuredRest assured
Rest assured
 
Sinatra Introduction
Sinatra IntroductionSinatra Introduction
Sinatra Introduction
 
Laravel 4 presentation
Laravel 4 presentationLaravel 4 presentation
Laravel 4 presentation
 
Single Page Apps
Single Page AppsSingle Page Apps
Single Page Apps
 
End to-end W3C - JS.everywhere(2012) Europe
End to-end W3C - JS.everywhere(2012) EuropeEnd to-end W3C - JS.everywhere(2012) Europe
End to-end W3C - JS.everywhere(2012) Europe
 
Scala in the Enterprise
Scala in the EnterpriseScala in the Enterprise
Scala in the Enterprise
 
Automating security for cloud workloads (1)
Automating security for cloud workloads (1)Automating security for cloud workloads (1)
Automating security for cloud workloads (1)
 
Spring Boot. Boot up your development
Spring Boot. Boot up your developmentSpring Boot. Boot up your development
Spring Boot. Boot up your development
 
Spring.new hope.1.3
Spring.new hope.1.3Spring.new hope.1.3
Spring.new hope.1.3
 
Materi devcussion 1.0
Materi devcussion 1.0Materi devcussion 1.0
Materi devcussion 1.0
 
From Web App Model Design to Production with Wakanda
From Web App Model Design to Production with WakandaFrom Web App Model Design to Production with Wakanda
From Web App Model Design to Production with Wakanda
 
Solving Enterprise Integration with Apache Camel
Solving Enterprise Integration with Apache CamelSolving Enterprise Integration with Apache Camel
Solving Enterprise Integration with Apache Camel
 
Using the Cascade Server Web Service API, by Artur Tomusiak
Using the Cascade Server Web Service API, by Artur TomusiakUsing the Cascade Server Web Service API, by Artur Tomusiak
Using the Cascade Server Web Service API, by Artur Tomusiak
 
Un problème 10 solutions : Azure Fighter
Un problème 10 solutions : Azure FighterUn problème 10 solutions : Azure Fighter
Un problème 10 solutions : Azure Fighter
 

Similar to webscarab

Building Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesBuilding Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesRahul Singh
 
Building Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesBuilding Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesAnant Corporation
 
Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher lucenerevolution
 
SOA and WCF (Windows Communication Foundation) basics
SOA and WCF (Windows Communication Foundation) basicsSOA and WCF (Windows Communication Foundation) basics
SOA and WCF (Windows Communication Foundation) basicsYaniv Pessach
 
Kinesis and Spark Streaming - Advanced AWS Meetup - August 2014
Kinesis and Spark Streaming - Advanced AWS Meetup - August 2014Kinesis and Spark Streaming - Advanced AWS Meetup - August 2014
Kinesis and Spark Streaming - Advanced AWS Meetup - August 2014Chris Fregly
 
Swaggered web apis in Clojure
Swaggered web apis in ClojureSwaggered web apis in Clojure
Swaggered web apis in ClojureMetosin Oy
 
Spider进化论
Spider进化论Spider进化论
Spider进化论cjhacker
 
How Netflix’s Tools Can Help Accelerate Your Start-up (SVC202) | AWS re:Inven...
How Netflix’s Tools Can Help Accelerate Your Start-up (SVC202) | AWS re:Inven...How Netflix’s Tools Can Help Accelerate Your Start-up (SVC202) | AWS re:Inven...
How Netflix’s Tools Can Help Accelerate Your Start-up (SVC202) | AWS re:Inven...Amazon Web Services
 
AWS Česko-Slovenský Webinár 03: Vývoj v AWS
AWS Česko-Slovenský Webinár 03: Vývoj v AWSAWS Česko-Slovenský Webinár 03: Vývoj v AWS
AWS Česko-Slovenský Webinár 03: Vývoj v AWSVladimir Simek
 
East Bay Java User Group Oct 2014 Spark Streaming Kinesis Machine Learning
East Bay Java User Group Oct 2014 Spark Streaming Kinesis Machine Learning East Bay Java User Group Oct 2014 Spark Streaming Kinesis Machine Learning
East Bay Java User Group Oct 2014 Spark Streaming Kinesis Machine LearningChris Fregly
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...Aditya K Sood
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 
Getting started with Apache Spark
Getting started with Apache SparkGetting started with Apache Spark
Getting started with Apache SparkHabib Ahmed Bhutto
 
Alfresco Day Stockholm 2015 - Alfresco One
Alfresco Day Stockholm 2015 - Alfresco OneAlfresco Day Stockholm 2015 - Alfresco One
Alfresco Day Stockholm 2015 - Alfresco OneNicole Szigeti
 
Self-Service Apache Spark Structured Streaming Applications and Analytics
Self-Service Apache Spark Structured Streaming Applications and AnalyticsSelf-Service Apache Spark Structured Streaming Applications and Analytics
Self-Service Apache Spark Structured Streaming Applications and AnalyticsDatabricks
 

Similar to webscarab (20)

Building Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesBuilding Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source Technologies
 
Building Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source TechnologiesBuilding Enterprise Search Engines using Open Source Technologies
Building Enterprise Search Engines using Open Source Technologies
 
Rapid Prototyping with Solr
Rapid Prototyping with SolrRapid Prototyping with Solr
Rapid Prototyping with Solr
 
Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher Rapid prototyping with solr - By Erik Hatcher
Rapid prototyping with solr - By Erik Hatcher
 
SOA and WCF (Windows Communication Foundation) basics
SOA and WCF (Windows Communication Foundation) basicsSOA and WCF (Windows Communication Foundation) basics
SOA and WCF (Windows Communication Foundation) basics
 
Kinesis and Spark Streaming - Advanced AWS Meetup - August 2014
Kinesis and Spark Streaming - Advanced AWS Meetup - August 2014Kinesis and Spark Streaming - Advanced AWS Meetup - August 2014
Kinesis and Spark Streaming - Advanced AWS Meetup - August 2014
 
Swaggered web apis in Clojure
Swaggered web apis in ClojureSwaggered web apis in Clojure
Swaggered web apis in Clojure
 
Spider进化论
Spider进化论Spider进化论
Spider进化论
 
Svc 202-netflix-open-source
Svc 202-netflix-open-sourceSvc 202-netflix-open-source
Svc 202-netflix-open-source
 
How Netflix’s Tools Can Help Accelerate Your Start-up (SVC202) | AWS re:Inven...
How Netflix’s Tools Can Help Accelerate Your Start-up (SVC202) | AWS re:Inven...How Netflix’s Tools Can Help Accelerate Your Start-up (SVC202) | AWS re:Inven...
How Netflix’s Tools Can Help Accelerate Your Start-up (SVC202) | AWS re:Inven...
 
AWS Česko-Slovenský Webinár 03: Vývoj v AWS
AWS Česko-Slovenský Webinár 03: Vývoj v AWSAWS Česko-Slovenský Webinár 03: Vývoj v AWS
AWS Česko-Slovenský Webinár 03: Vývoj v AWS
 
East Bay Java User Group Oct 2014 Spark Streaming Kinesis Machine Learning
East Bay Java User Group Oct 2014 Spark Streaming Kinesis Machine Learning East Bay Java User Group Oct 2014 Spark Streaming Kinesis Machine Learning
East Bay Java User Group Oct 2014 Spark Streaming Kinesis Machine Learning
 
Solr
SolrSolr
Solr
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Getting started with Apache Spark
Getting started with Apache SparkGetting started with Apache Spark
Getting started with Apache Spark
 
Alfresco Day Stockholm 2015 - Alfresco One
Alfresco Day Stockholm 2015 - Alfresco OneAlfresco Day Stockholm 2015 - Alfresco One
Alfresco Day Stockholm 2015 - Alfresco One
 
Solr 101
Solr 101Solr 101
Solr 101
 
Self-Service Apache Spark Structured Streaming Applications and Analytics
Self-Service Apache Spark Structured Streaming Applications and AnalyticsSelf-Service Apache Spark Structured Streaming Applications and Analytics
Self-Service Apache Spark Structured Streaming Applications and Analytics
 
Cloud Jacking™
Cloud Jacking™Cloud Jacking™
Cloud Jacking™
 

More from Dilan Warnakulasooriya

More from Dilan Warnakulasooriya (8)

Sql injection
Sql injectionSql injection
Sql injection
 
Session Hijacking
Session HijackingSession Hijacking
Session Hijacking
 
Parameter tampering
Parameter tamperingParameter tampering
Parameter tampering
 
CSRF
CSRFCSRF
CSRF
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Secure coding
Secure codingSecure coding
Secure coding
 
Application security overview
Application security overviewApplication security overview
Application security overview
 
Application security overview
Application security overviewApplication security overview
Application security overview
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Recently uploaded (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

webscarab

  • 1. Welcome to Colombo Security Meet-up (SL chapter of OWASP) 05th Sep 2012 Role of Webscarab in Application Security
  • 2. • Agenda – Introduction to Webscarab – Plugins and Features – Test your Web Apps with Webscarab – Security Test Automation
  • 3. • Proxy – Why we use proxy – Where we place proxy – Application Security Proxy – OWASP proxy
  • 4. • OWASP Communities – Builders – Breakers – Defenders
  • 5. • Webscarab – Security testing tool / Completely free / Open Source – Cross Platform / Project leader – Rogan Dawes – Contributors – All around the world – Webscarab classic & Webscarab-NG – Webscarab lite & Webscarab full
  • 6. • Features of Webscarab – extracts Scripts and HTML comments from HTML pages – observes traffic between the browser and the web server – modify HTTP and HTTPS requests and responses on the fly – Manual request – execution of arbitrarily complex operations on requests and responses – Reveal hidden fields
  • 7. • Features of Webscarab – Bandwidth simulator – Spider – SessionID analysis – Parameter fuzzer – Search – Compare – XSS/CRLF
  • 8. • Webscarab Plugins – Proxy – Manual request – Spider – SessionID Analysis – Scripted – Fragments
  • 9. • Webscarab Plugins – Compare – Fuzzer – Search – AMF plugin- to analysis flex web application
  • 10. • Test your Web Apps with Webscarab – Spidering – SQLi & XSS – Discovering clues – Directory enumeration – Backup files scanning – Session hijacking – Parameter modification & Revealing hidding fields
  • 11. • Automate your security testing – Webscarab + Selenium
  • 12. • Q&A Thank You Dilan Warnakulasooriya 99X Technology https://www.linkedin.com/in/dilanwarnakulasooriya