SlideShare uma empresa Scribd logo

Web Application Hacking

Transferir como ODP, PDF
Muchammad Sholeh
Muchammad Sholeh
Tecnologia
1 de 20
Web Application Hacking By Muchammad Sholeh Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
Hacking Methodology
Computer Search Engine By ShodanHq
Shodan Exploits
A n I n t r o d u c t io n t o Z A P T h e O W A S P Z e d A tta c k P ro x y
Main Feature A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g • I n t e r c e p t in g P r o x y • A c t iv e a n d P a s s iv e S c a n n e r s • S p id e r • R e p o r t G e n e r a t io n • B r u t e F o r c e ( u s in g O W A S P D ir B u s t e r c o d e ) • F u z z in g ( u s in g O W A S P J B r o F u z z c o d e )
The Additional Features • A u t o t a g g in g • Po rt sca n n e r • Sm a rt ca rd su p p o rt • S e s s io n c o m p a r is o n • In v o k e e xte rn a l a p p s • B e a n S h e ll in t e g r a t io n • A P I + H e a d le s s m o d e • D y n a m ic S S L C e r t if ic a t e s • A n t i C S R F t o k e n h a n d lin g
http://www.nuovoline.com/order.php?do=etc%2Fpasswd
List Tools Scanning and Enumeration ● Zap Proxy ● Arachni ● W3AF ● Wapiti ● OpenVas ● Nessus ● Nikto.PL ● NMAP ● ShodanHQ
Penetration Testing OS Base on OSS ● Backtrack Linux ● Kali Linux ● OWASP ● OSWTF ● Samurai Linux ● 4n6 ● etc
Common Vulnerability Reference ● CVE (Common Vulnerability Exposure) ● OSVDB (Open Source Vulenerability Database) ● ExploitDB (http://www.exploit-db.com/) ● National Vulnerability Database ● Common Vulnerability Scoring System (CVSSSIG) -FIRST ● CVE Details (http://www.cvedetails.com/) ● Injector Exploitation Tools ● Exploit-ID (http://www.exploit-id.com/)
EOF

Recomendados

Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Mike Lee
 
Edu614 session 3 presentation tools
Edu614 session 3 presentation toolsEdu614 session 3 presentation tools
Edu614 session 3 presentation toolsKathy Favazza
 
Comprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsComprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsLINE Corporation
 
Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...LINE Corporation
 
Robotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageRobotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageAlec Coughlin
 
OPVL Common Mistakes
OPVL Common MistakesOPVL Common Mistakes
OPVL Common Mistakesmczamora
 
Doctor Appointment App Development Company
Doctor Appointment App Development CompanyDoctor Appointment App Development Company
Doctor Appointment App Development Companydeorwine infotech
 
GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1Nicole Leslie
 

Recomendados

Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Mike Lee
 
Edu614 session 3 presentation tools
Edu614 session 3 presentation toolsEdu614 session 3 presentation tools
Edu614 session 3 presentation toolsKathy Favazza
 
Comprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsComprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsLINE Corporation
 
Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...LINE Corporation
 
Robotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageRobotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageAlec Coughlin
 
OPVL Common Mistakes
OPVL Common MistakesOPVL Common Mistakes
OPVL Common Mistakesmczamora
 
Doctor Appointment App Development Company
Doctor Appointment App Development CompanyDoctor Appointment App Development Company
Doctor Appointment App Development Companydeorwine infotech
 
GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1Nicole Leslie
 
Python (part 0)
Python (part 0)Python (part 0)
Python (part 0)Ramin Najjarbashi
 
Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Ankita Nagvekar
 
Mock proposal for digitisation project
Mock proposal for digitisation projectMock proposal for digitisation project
Mock proposal for digitisation projectGiada Gelli
 
AWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAlvaro García Loaisa
 
Investigacion oprativa silva
Investigacion oprativa silvaInvestigacion oprativa silva
Investigacion oprativa silvaybettsilva2014
 
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?collaborator.pro
 
Transforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesTransforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesKishore Yekkanti
 
Ninja Correlation of APT Binaries
Ninja Correlation of APT BinariesNinja Correlation of APT Binaries
Ninja Correlation of APT BinariesCODE BLUE
 
Switching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileSwitching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileDoc Norton
 
The Road to QA
The Road to QAThe Road to QA
The Road to QABenjamin Bischoff
 
Information Security Project Management
Information Security Project ManagementInformation Security Project Management
Information Security Project ManagementIgor Pertsovsky
 
PRESENTATION
PRESENTATIONPRESENTATION
PRESENTATIONMTalhaQureshi1
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX
 
SharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindSharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindChris Johnson
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress DevelopersDavid Brumbaugh
 
From Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsFrom Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsRonald Ashri
 
From Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsFrom Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsRonald Ashri
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Kancil San
 
Selection
SelectionSelection
SelectionAli Kamran
 
Offline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresOffline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresPedro Teixeira
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitAmazon Web Services
 
Uncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningUncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningKan Ouivirach, Ph.D.
 

Mais conteúdo relacionado

Mais procurados

Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Ankita Nagvekar
 
Mock proposal for digitisation project
Mock proposal for digitisation projectMock proposal for digitisation project
Mock proposal for digitisation projectGiada Gelli
 
AWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAlvaro García Loaisa
 
Investigacion oprativa silva
Investigacion oprativa silvaInvestigacion oprativa silva
Investigacion oprativa silvaybettsilva2014
 
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?collaborator.pro
 

Mais procurados (6)

Python (part 0)
Python (part 0)Python (part 0)
Python (part 0)
 
Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree?
 
Mock proposal for digitisation project
Mock proposal for digitisation projectMock proposal for digitisation project
Mock proposal for digitisation project
 
AWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWS
 
Investigacion oprativa silva
Investigacion oprativa silvaInvestigacion oprativa silva
Investigacion oprativa silva
 
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
 

Semelhante a Web Application Hacking

Transforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesTransforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesKishore Yekkanti
 
Ninja Correlation of APT Binaries
Ninja Correlation of APT BinariesNinja Correlation of APT Binaries
Ninja Correlation of APT BinariesCODE BLUE
 
Switching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileSwitching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileDoc Norton
 
Information Security Project Management
Information Security Project ManagementInformation Security Project Management
Information Security Project ManagementIgor Pertsovsky
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX
 
SharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindSharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindChris Johnson
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress DevelopersDavid Brumbaugh
 
From Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsFrom Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsRonald Ashri
 
From Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsFrom Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsRonald Ashri
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Kancil San
 
Offline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresOffline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresPedro Teixeira
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitAmazon Web Services
 
Uncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningUncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningKan Ouivirach, Ph.D.
 
Gain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS SummitGain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS SummitAmazon Web Services
 
MVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & ProfitMVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & ProfitJohn Mark Troyer
 

Semelhante a Web Application Hacking (20)

Transforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesTransforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservices
 
Ninja Correlation of APT Binaries
Ninja Correlation of APT BinariesNinja Correlation of APT Binaries
Ninja Correlation of APT Binaries
 
Switching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileSwitching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to Agile
 
The Road to QA
The Road to QAThe Road to QA
The Road to QA
 
Information Security Project Management
Information Security Project ManagementInformation Security Project Management
Information Security Project Management
 
PRESENTATION
PRESENTATIONPRESENTATION
PRESENTATION
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
 
SharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindSharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mind
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress Developers
 
From Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsFrom Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dots
 
From Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsFrom Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the Dots
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
 
Selection
SelectionSelection
Selection
 
Offline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresOffline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failures
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
 
Uncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningUncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine Learning
 
Gain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS SummitGain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS Summit
 
Yammer time
Yammer timeYammer time
Yammer time
 
War robot.pptx
War robot.pptxWar robot.pptx
War robot.pptx
 
MVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & ProfitMVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & Profit
 

Mais de Muchammad Sholeh

Roadmap govcsirt versi sholeh
Roadmap govcsirt versi sholehRoadmap govcsirt versi sholeh
Roadmap govcsirt versi sholehMuchammad Sholeh
 
Ssl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholehSsl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholehMuchammad Sholeh
 
Softwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholehSoftwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholehMuchammad Sholeh
 
Openoffice 3.2.1 presentation
Openoffice 3.2.1 presentationOpenoffice 3.2.1 presentation
Openoffice 3.2.1 presentationMuchammad Sholeh
 
Open source Traning at Brebes
Open source Traning at BrebesOpen source Traning at Brebes
Open source Traning at BrebesMuchammad Sholeh
 

Mais de Muchammad Sholeh (13)

Roadmap govcsirt versi sholeh
Roadmap govcsirt versi sholehRoadmap govcsirt versi sholeh
Roadmap govcsirt versi sholeh
 
Ssl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholehSsl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholeh
 
Spreadsheet
SpreadsheetSpreadsheet
Spreadsheet
 
Softwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholehSoftwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholeh
 
Se legal foss makassar
Se legal foss makassarSe legal foss makassar
Se legal foss makassar
 
Openoffice 3.2.1 presentation
Openoffice 3.2.1 presentationOpenoffice 3.2.1 presentation
Openoffice 3.2.1 presentation
 
Ooo writer pendahuluan
Ooo writer pendahuluanOoo writer pendahuluan
Ooo writer pendahuluan
 
Ooo writer
Ooo writerOoo writer
Ooo writer
 
IT Government
IT GovernmentIT Government
IT Government
 
Open source Traning at Brebes
Open source Traning at BrebesOpen source Traning at Brebes
Open source Traning at Brebes
 
Dss pert1
Dss pert1Dss pert1
Dss pert1
 
Pert1 netprog
Pert1 netprogPert1 netprog
Pert1 netprog
 
Gov csirt sholeh
Gov csirt sholehGov csirt sholeh
Gov csirt sholeh
 

Último

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Último (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Web Application Hacking

  • 1. Web Application Hacking By Muchammad Sholeh Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 9.
  • 12. A n I n t r o d u c t io n t o Z A P T h e O W A S P Z e d A tta c k P ro x y
  • 13. Main Feature A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g • I n t e r c e p t in g P r o x y • A c t iv e a n d P a s s iv e S c a n n e r s • S p id e r • R e p o r t G e n e r a t io n • B r u t e F o r c e ( u s in g O W A S P D ir B u s t e r c o d e ) • F u z z in g ( u s in g O W A S P J B r o F u z z c o d e )
  • 14. The Additional Features • A u t o t a g g in g • Po rt sca n n e r • Sm a rt ca rd su p p o rt • S e s s io n c o m p a r is o n • In v o k e e xte rn a l a p p s • B e a n S h e ll in t e g r a t io n • A P I + H e a d le s s m o d e • D y n a m ic S S L C e r t if ic a t e s • A n t i C S R F t o k e n h a n d lin g
  • 16.
  • 17. List Tools Scanning and Enumeration ● Zap Proxy ● Arachni ● W3AF ● Wapiti ● OpenVas ● Nessus ● Nikto.PL ● NMAP ● ShodanHQ
  • 18. Penetration Testing OS Base on OSS ● Backtrack Linux ● Kali Linux ● OWASP ● OSWTF ● Samurai Linux ● 4n6 ● etc
  • 19. Common Vulnerability Reference ● CVE (Common Vulnerability Exposure) ● OSVDB (Open Source Vulenerability Database) ● ExploitDB (http://www.exploit-db.com/) ● National Vulnerability Database ● Common Vulnerability Scoring System (CVSSSIG) -FIRST ● CVE Details (http://www.cvedetails.com/) ● Injector Exploitation Tools ● Exploit-ID (http://www.exploit-id.com/)
  • 20. EOF