SlideShare a Scribd company logo

Intro to IronWASP

n|u - The Open Security Community
n|u - The Open Security Community

null Hyderabad Chapter - April 2014 Meet

EducationTechnology
1 of 13
Download to read offline
Intro to IronWASP -- ABHIJETH DUGGINAPEDDI
Hello Time to brag: Security Consultant at TCS for bread and butter Love speaking and training Got lucky with Google, Y!, Microsoft, Twitter .. Etc Love anime and politics !! Trying to contribute to the security community and start-ups in Hyd. Abhijeth Dugginapeddi www.abhijeth.com @abhijeth Fb.com/abhijethd
For the next 40 minutes Why What is How to use Pentesting with Few comparisons between IronWASP and Burpsuite Resources and Credits
What does it do??  Vulnerability Scanner  Intelligent crawler  Checks for OWASP top 10 and Sans top 25  Extensible via plug-ins or modules in Python, Ruby, C# or VB.NET  False positive detection  Generate reports in HTML and RTF formats
Why the developers think that the tool is great??  Powerful and effective  WiHawk - WiFi Router Vulnerability Scanner by  XmlChor - Automatic XPATH Injection Exploitation Tool IronSAP - SAP Security Scanner SSL Security Checker - Scanner to discover vulnerabilities in SSL installations  OWASP Skanda - Automatic SSRF Exploitation Tool  CSRF PoC Generator - Tool for automatically generating exploits for CSRF vulnerabilities  HAWAS - Tool for automatically detecting and decoding encoded strings and hashes in websites
Why do I like it??  HP WebInspect 10.0 starts at $1,500 and is licensed per application  IBM Appscan Singe User 4500$  IBM Appscan enterprise 155,000$  Acunetix 1 year 3195$  Acunetix with maintenance 5995$  BurpSuite Professional per year 299$
And ..  Nice framework  Simple to use  No rocket science required  Good for beginners  Good for companies to use during low budget projects  Little better than other free tools  Finally, developed by an Indian researcher. Support him !!
Questions ???
Special thanks Resources : http://blog.ironwasp.org/ And his team: WiHawk Anamika Singh XmlChor Harshal Jamdade IronSAP Prasanna K SSL Security Checker Manish Saindane OWASP Skanda Jayesh Singh Chauhan CSRF PoC Generator Jayesh Singh Chauhan Lavakumar Kuppan @lavakumark Founder of the IronWASP Project. Author of many Security Tools.
Lets catch up: Fb.com/abhijethd @abhijeth www.abhijeth.com Also thank you www.null.co.in fb.com/nullhyd @nullhyd

Recommended

ESAPI
ESAPIESAPI
ESAPI
n|u - The Open Security Community
 
Esapi
EsapiEsapi
Esapi
Satish Govindappa
 
Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]
Anna Völkl
 
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shAPIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
apidays
 
Automating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumAutomating Hybrid Applications with Appium
Automating Hybrid Applications with Appium
Sauce Labs
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | Edureka
Edureka!
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
Moshiul Islam, CISSP, CISA, CFE
 

Recommended

ESAPI
ESAPIESAPI
ESAPI
n|u - The Open Security Community
 
Esapi
EsapiEsapi
Esapi
Satish Govindappa
 
Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]
Anna Völkl
 
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shAPIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
apidays
 
Automating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumAutomating Hybrid Applications with Appium
Automating Hybrid Applications with Appium
Sauce Labs
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | Edureka
Edureka!
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
Moshiul Islam, CISSP, CISA, CFE
 
Mobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumMobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appium
Selenium Cucumber
 
What is Sauce Labs?
What is Sauce Labs? What is Sauce Labs?
What is Sauce Labs?
Sauce Labs
 
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Edureka!
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & Appium
Sauce Labs
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application Security
Shahee Mirza
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
OWASP
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
kieranjacobsen
 
Introduction To Appium With Robotframework
Introduction To Appium With RobotframeworkIntroduction To Appium With Robotframework
Introduction To Appium With Robotframework
Syam Sasi
 
Testing on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesTesting on Mobile Devices with Location Services
Testing on Mobile Devices with Location Services
Sauce Labs
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
Selenium, Appium, and Robots!
Selenium, Appium, and Robots!Selenium, Appium, and Robots!
Selenium, Appium, and Robots!
hugs
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Lorenzo Barbieri
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce Labs
Isaac Murchie
 
Testing Native iOS Apps with Appium
Testing Native iOS Apps with AppiumTesting Native iOS Apps with Appium
Testing Native iOS Apps with Appium
Sauce Labs
 
Wheat - Mobile functional test automation
Wheat - Mobile functional test automationWheat - Mobile functional test automation
Wheat - Mobile functional test automation
Sunny Tambi
 
Modern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioModern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressio
Marios Fakiolas
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation
42Crunch
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016
Dan Cuellar
 
Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)
Sauce Labs
 
Everything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumEverything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and Selenium
Lizzy Guido (she/her)
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-I
n|u - The Open Security Community
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinux
Rene Cunningham
 

More Related Content

What's hot

Mobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumMobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appium
Selenium Cucumber
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
OWASP
 
Testing on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesTesting on Mobile Devices with Location Services
Testing on Mobile Devices with Location Services
Sauce Labs
 
Testing Native iOS Apps with Appium
Testing Native iOS Apps with AppiumTesting Native iOS Apps with Appium
Testing Native iOS Apps with Appium
Sauce Labs
 
Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)
Sauce Labs
 

What's hot (20)

Mobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumMobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appium
 
What is Sauce Labs?
What is Sauce Labs? What is Sauce Labs?
What is Sauce Labs?
 
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & Appium
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application Security
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
 
Introduction To Appium With Robotframework
Introduction To Appium With RobotframeworkIntroduction To Appium With Robotframework
Introduction To Appium With Robotframework
 
Testing on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesTesting on Mobile Devices with Location Services
Testing on Mobile Devices with Location Services
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
Selenium, Appium, and Robots!
Selenium, Appium, and Robots!Selenium, Appium, and Robots!
Selenium, Appium, and Robots!
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce Labs
 
Testing Native iOS Apps with Appium
Testing Native iOS Apps with AppiumTesting Native iOS Apps with Appium
Testing Native iOS Apps with Appium
 
Wheat - Mobile functional test automation
Wheat - Mobile functional test automationWheat - Mobile functional test automation
Wheat - Mobile functional test automation
 
Modern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioModern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressio
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016
 
Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)
 
Everything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumEverything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and Selenium
 

Viewers also liked

Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)
cnokia
 
Operating system security
Operating system securityOperating system security
Operating system security
Rachel Jeewa
 
Operating system security
Operating system securityOperating system security
Operating system security
Sarmad Makhdoom
 
Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011
Wlad1m1r
 
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp
 
Pyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringPyscho-Strategies for Social Engineering
Pyscho-Strategies for Social Engineering
Ishan Girdhar
 
Wcf security session 1
Wcf security session 1Wcf security session 1
Wcf security session 1
Anil Kumar M
 

Viewers also liked (20)

Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-I
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinux
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEM
 
Operating system security
Operating system securityOperating system security
Operating system security
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011
 
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
 
Paypal-IPN
Paypal-IPNPaypal-IPN
Paypal-IPN
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an Hour
 
IronSAP
IronSAP IronSAP
IronSAP
 
Pyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringPyscho-Strategies for Social Engineering
Pyscho-Strategies for Social Engineering
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Windows Azure Versioning Strategies
Windows Azure Versioning StrategiesWindows Azure Versioning Strategies
Windows Azure Versioning Strategies
 
Wcf security session 1
Wcf security session 1Wcf security session 1
Wcf security session 1
 
Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)
 

Similar to Intro to IronWASP

AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
WordCamp Kathmandu
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014
Michael Petychakis
 
The Open Source... Behind the Tweets
The Open Source... Behind the TweetsThe Open Source... Behind the Tweets
The Open Source... Behind the Tweets
Chris Aniszczyk
 

Similar to Intro to IronWASP (20)

Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1
 
Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.
 
03_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB201903_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB2019
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
 
We-Donut.io presentation of Platform
We-Donut.io presentation of PlatformWe-Donut.io presentation of Platform
We-Donut.io presentation of Platform
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdf
 
AsyncAPI specification
AsyncAPI specificationAsyncAPI specification
AsyncAPI specification
 
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
 
Speaking APIsh makes your business more agile
Speaking APIsh makes your business more agileSpeaking APIsh makes your business more agile
Speaking APIsh makes your business more agile
 
Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days
 
Creating Datadipity
Creating DatadipityCreating Datadipity
Creating Datadipity
 
The impact of IoT on APIs
The impact of IoT on APIsThe impact of IoT on APIs
The impact of IoT on APIs
 
NZCS Cloud Computing Presentation
NZCS Cloud Computing PresentationNZCS Cloud Computing Presentation
NZCS Cloud Computing Presentation
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
 
Tastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierTastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work Easier
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014
 
The Open Source... Behind the Tweets
The Open Source... Behind the TweetsThe Open Source... Behind the Tweets
The Open Source... Behind the Tweets
 
Your API is not a Website!
Your API is not a Website!Your API is not a Website!
Your API is not a Website!
 

More from n|u - The Open Security Community

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 

Recently uploaded (20)

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 

Intro to IronWASP

  • 1. Intro to IronWASP -- ABHIJETH DUGGINAPEDDI
  • 2. Hello Time to brag: Security Consultant at TCS for bread and butter Love speaking and training Got lucky with Google, Y!, Microsoft, Twitter .. Etc Love anime and politics !! Trying to contribute to the security community and start-ups in Hyd. Abhijeth Dugginapeddi www.abhijeth.com @abhijeth Fb.com/abhijethd
  • 3. For the next 40 minutes Why What is How to use Pentesting with Few comparisons between IronWASP and Burpsuite Resources and Credits
  • 4.
  • 5. What does it do??  Vulnerability Scanner  Intelligent crawler  Checks for OWASP top 10 and Sans top 25  Extensible via plug-ins or modules in Python, Ruby, C# or VB.NET  False positive detection  Generate reports in HTML and RTF formats
  • 6.
  • 7. Why the developers think that the tool is great??  Powerful and effective  WiHawk - WiFi Router Vulnerability Scanner by  XmlChor - Automatic XPATH Injection Exploitation Tool IronSAP - SAP Security Scanner SSL Security Checker - Scanner to discover vulnerabilities in SSL installations  OWASP Skanda - Automatic SSRF Exploitation Tool  CSRF PoC Generator - Tool for automatically generating exploits for CSRF vulnerabilities  HAWAS - Tool for automatically detecting and decoding encoded strings and hashes in websites
  • 8. Why do I like it??  HP WebInspect 10.0 starts at $1,500 and is licensed per application  IBM Appscan Singe User 4500$  IBM Appscan enterprise 155,000$  Acunetix 1 year 3195$  Acunetix with maintenance 5995$  BurpSuite Professional per year 299$
  • 9. And ..  Nice framework  Simple to use  No rocket science required  Good for beginners  Good for companies to use during low budget projects  Little better than other free tools  Finally, developed by an Indian researcher. Support him !!
  • 10.
  • 12. Special thanks Resources : http://blog.ironwasp.org/ And his team: WiHawk Anamika Singh XmlChor Harshal Jamdade IronSAP Prasanna K SSL Security Checker Manish Saindane OWASP Skanda Jayesh Singh Chauhan CSRF PoC Generator Jayesh Singh Chauhan Lavakumar Kuppan @lavakumark Founder of the IronWASP Project. Author of many Security Tools.
  • 13. Lets catch up: Fb.com/abhijethd @abhijeth www.abhijeth.com Also thank you www.null.co.in fb.com/nullhyd @nullhyd