HTML Level II (CyberAdvantage) Session III Introduction to Web
15 Slides1.18 MB
HTML Level II (CyberAdvantage) Session III Introduction to Web Application Vulnerability Testing www.profburnett.com
Class Outline Web Application Security Web Application Vulnerabilities Review of Commercial & Open Source Web App Vulnerability Scanning Tools Web Browser App Development Tools Web App Vulnerability Scanning Tools Exercise 03/20/2024 Copyright Carl M. Burnett 2
Why do we need information security?
How can we protect an ?
Network Security vs Web Application Security Network Security Web Application Security Perimeter defenses Allow Port 80 & 443 traffic. Unwanted Traffic Hope clients play by the Firewalls rules.
Web Application Firewalls Analyze incoming traffic Delay an attack Won’t fix Security holes in web Apps Not immune to attacks Extra Admin Overhead to ever changing web traffic
Automated Web Vulnerability Scanners Check Web Server Vulnerabilities Check Web Server Configuration Crawls a Web Application for Signatures Checks for: Application Errors Source Code Disclosure Scans Input & Parameters for Vulnerabilities SQL Injection XSS More .
Advanced Penetration Test Tools HTTP Sniffers HTTP Fuzzer HTTP Editors - Analyze HTTP requests from an automated crawl or scan, modify or craft HTTP requests and analyze the web server’s response. Eases Manual Security Processing
Web Vulnerabilities OWASP - 2013 Top 10 Web Vulnerabilities Acunetix - Web Application Vulnerabilities Wikipedia - Web Application Vulnerabilities
Vulnerability Scanning Tools SECTOOL Market: Price and Feature Comparison of Web Application Scanners OWASP: Web Application Vulnerability Scanning Tools SecTools.Org: Top 20 Web Vulnerability Scanners
Internet Explorer Developer Tools F12
Firefox Firebug
Safari Developer Tools
Chrome Developer
Class Review Web Application Security Web Application Vulnerabilities Review of Commercial & Open Source Web App Vulnerability Scanning Tools Web Browser App Development Tools 03/20/2024 Copyright Carl M. Burnett 16
