SlideShare a Scribd company logo

Web Application Hacking

Muchammad Sholeh, profile picture
Muchammad Sholeh

The document discusses web application hacking and penetration testing. It introduces the Zed Attack Proxy (ZAP) tool for testing web applications. ZAP allows intercepting proxies, active and passive scanning, spidering, brute force tests, fuzzing and more. The document also lists other scanning and enumeration tools like Arachni, Wapiti, OpenVas and Nmap. It discusses penetration testing operating systems like Kali Linux and provides references for common vulnerabilities.

Technology
1 of 20
Downloaded 66 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Web Application Hacking By Muchammad Sholeh Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
Web Application Hacking
Web Application Hacking
Web Application Hacking
Web Application Hacking
Web Application Hacking
Web Application Hacking
Hacking Methodology
Web Application Hacking
Computer Search Engine By ShodanHq
Shodan Exploits
A n I n t r o d u c t io n t o Z A P T h e O W A S P Z e d A tta c k P ro x y
Main Feature A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g • I n t e r c e p t in g P r o x y • A c t iv e a n d P a s s iv e S c a n n e r s • S p id e r • R e p o r t G e n e r a t io n • B r u t e F o r c e ( u s in g O W A S P D ir B u s t e r c o d e ) • F u z z in g ( u s in g O W A S P J B r o F u z z c o d e )
The Additional Features • A u t o t a g g in g • Po rt sca n n e r • Sm a rt ca rd su p p o rt • S e s s io n c o m p a r is o n • In v o k e e xte rn a l a p p s • B e a n S h e ll in t e g r a t io n • A P I + H e a d le s s m o d e • D y n a m ic S S L C e r t if ic a t e s • A n t i C S R F t o k e n h a n d lin g
http://www.nuovoline.com/order.php?do=etc%2Fpasswd
Web Application Hacking
List Tools Scanning and Enumeration ● Zap Proxy ● Arachni ● W3AF ● Wapiti ● OpenVas ● Nessus ● Nikto.PL ● NMAP ● ShodanHQ
Penetration Testing OS Base on OSS ● Backtrack Linux ● Kali Linux ● OWASP ● OSWTF ● Samurai Linux ● 4n6 ● etc
Common Vulnerability Reference ● CVE (Common Vulnerability Exposure) ● OSVDB (Open Source Vulenerability Database) ● ExploitDB (http://www.exploit-db.com/) ● National Vulnerability Database ● Common Vulnerability Scoring System (CVSSSIG) -FIRST ● CVE Details (http://www.cvedetails.com/) ● Injector Exploitation Tools ● Exploit-ID (http://www.exploit-id.com/)
EOF

More Related Content

PPT
Edu614 session 3 presentation tools
Kathy Favazza
 
PDF
Comprehensive approach to delivering great developer products
LINE Corporation
 
PDF
Collaboration between LINE, Microsoft and AI by the developers, for the devel...
LINE Corporation
 
PDF
Robotic Process Automation (RPA)_Harvesting a Competitive Advantage
Alec Coughlin
 
PDF
OPVL Common Mistakes
mczamora
 
PPTX
Doctor Appointment App Development Company
deorwine infotech
 
PPT
GIS in Natural and Built Environments - Lecture 1
Nicole Leslie
 
PDF
Python (part 0)
Ramin Najjarbashi
 
Edu614 session 3 presentation tools
Kathy Favazza
 
Comprehensive approach to delivering great developer products
LINE Corporation
 
Collaboration between LINE, Microsoft and AI by the developers, for the devel...
LINE Corporation
 
Robotic Process Automation (RPA)_Harvesting a Competitive Advantage
Alec Coughlin
 
OPVL Common Mistakes
mczamora
 
Doctor Appointment App Development Company
deorwine infotech
 
GIS in Natural and Built Environments - Lecture 1
Nicole Leslie
 
Python (part 0)
Ramin Najjarbashi
 

Similar to Web Application Hacking (20)

PDF
Transforming developer from Commodity to Premium - A tale of micorservices
Kishore Yekkanti
 
PDF
Ninja Correlation of APT Binaries
CODE BLUE
 
PDF
Switching horses midstream - From Waterfall to Agile
Doc Norton
 
PDF
The Road to QA
Benjamin Bischoff
 
PDF
Information Security Project Management
Igor Pertsovsky
 
PPTX
PRESENTATION
MTalhaQureshi1
 
PDF
Rajtantra Election Management Services (1).pdf
rajtantra11
 
PDF
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX
 
PPTX
SharePoint Saturday Redmond - Building solutions with the future in mind
Chris Johnson
 
PDF
CIA For WordPress Developers
David Brumbaugh
 
PDF
From Content Strategy to Drupal Site Building - Connecting the Dots
Ronald Ashri
 
PDF
From Content Strategy to Drupal Site Building - Connecting the dots
Ronald Ashri
 
PDF
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Kancil San
 
PPT
Selection
Ali Kamran
 
PPTX
Leveraging AI for Content Creation and Optimization
Joseph Skibbie
 
PDF
Offline-first: Making your app resilient to network failures
Pedro Teixeira
 
PDF
Uncover Python's Potential in Machine Learning
Kan Ouivirach, Ph.D.
 
PPTX
Yammer time
Chris Johnson
 
PPTX
War robot.pptx
Tejas561833
 
PDF
MVP-Style Influencer Programs for Fun & Profit
John Mark Troyer
 
Transforming developer from Commodity to Premium - A tale of micorservices
Kishore Yekkanti
 
Ninja Correlation of APT Binaries
CODE BLUE
 
Switching horses midstream - From Waterfall to Agile
Doc Norton
 
The Road to QA
Benjamin Bischoff
 
Information Security Project Management
Igor Pertsovsky
 
PRESENTATION
MTalhaQureshi1
 
Rajtantra Election Management Services (1).pdf
rajtantra11
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX
 
SharePoint Saturday Redmond - Building solutions with the future in mind
Chris Johnson
 
CIA For WordPress Developers
David Brumbaugh
 
From Content Strategy to Drupal Site Building - Connecting the Dots
Ronald Ashri
 
From Content Strategy to Drupal Site Building - Connecting the dots
Ronald Ashri
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Kancil San
 
Selection
Ali Kamran
 
Leveraging AI for Content Creation and Optimization
Joseph Skibbie
 
Offline-first: Making your app resilient to network failures
Pedro Teixeira
 
Uncover Python's Potential in Machine Learning
Kan Ouivirach, Ph.D.
 
Yammer time
Chris Johnson
 
War robot.pptx
Tejas561833
 
MVP-Style Influencer Programs for Fun & Profit
John Mark Troyer
 

More from Muchammad Sholeh (13)

PDF
Roadmap govcsirt versi sholeh
Muchammad Sholeh
 
PDF
Ssl presentation verindo_rev_sholeh
Muchammad Sholeh
 
PDF
Spreadsheet
Muchammad Sholeh
 
PDF
Softwarelegal dirjenaptika-sholeh
Muchammad Sholeh
 
PDF
Se legal foss makassar
Muchammad Sholeh
 
PDF
Openoffice 3.2.1 presentation
Muchammad Sholeh
 
PDF
Ooo writer pendahuluan
Muchammad Sholeh
 
PDF
Ooo writer
Muchammad Sholeh
 
PDF
IT Government
Muchammad Sholeh
 
PDF
Open source Traning at Brebes
Muchammad Sholeh
 
ODP
Dss pert1
Muchammad Sholeh
 
ODP
Pert1 netprog
Muchammad Sholeh
 
PDF
Gov csirt sholeh
Muchammad Sholeh
 
Roadmap govcsirt versi sholeh
Muchammad Sholeh
 
Ssl presentation verindo_rev_sholeh
Muchammad Sholeh
 
Spreadsheet
Muchammad Sholeh
 
Softwarelegal dirjenaptika-sholeh
Muchammad Sholeh
 
Se legal foss makassar
Muchammad Sholeh
 
Openoffice 3.2.1 presentation
Muchammad Sholeh
 
Ooo writer pendahuluan
Muchammad Sholeh
 
Ooo writer
Muchammad Sholeh
 
IT Government
Muchammad Sholeh
 
Open source Traning at Brebes
Muchammad Sholeh
 
Dss pert1
Muchammad Sholeh
 
Pert1 netprog
Muchammad Sholeh
 
Gov csirt sholeh
Muchammad Sholeh
 

Recently uploaded (20)

PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Approach and Philosophy of On baking technology
30anthuong17
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
KodekX | Application Modernization Development
KodekX
 
Encapsulation theory and applications.pdf
gurumoop
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Teaching material agriculture food technology
LiaRayya
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 

Web Application Hacking

  • 1. Web Application Hacking By Muchammad Sholeh Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
  • 12. A n I n t r o d u c t io n t o Z A P T h e O W A S P Z e d A tta c k P ro x y
  • 13. Main Feature A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g • I n t e r c e p t in g P r o x y • A c t iv e a n d P a s s iv e S c a n n e r s • S p id e r • R e p o r t G e n e r a t io n • B r u t e F o r c e ( u s in g O W A S P D ir B u s t e r c o d e ) • F u z z in g ( u s in g O W A S P J B r o F u z z c o d e )
  • 14. The Additional Features • A u t o t a g g in g • Po rt sca n n e r • Sm a rt ca rd su p p o rt • S e s s io n c o m p a r is o n • In v o k e e xte rn a l a p p s • B e a n S h e ll in t e g r a t io n • A P I + H e a d le s s m o d e • D y n a m ic S S L C e r t if ic a t e s • A n t i C S R F t o k e n h a n d lin g
  • 17. List Tools Scanning and Enumeration ● Zap Proxy ● Arachni ● W3AF ● Wapiti ● OpenVas ● Nessus ● Nikto.PL ● NMAP ● ShodanHQ
  • 18. Penetration Testing OS Base on OSS ● Backtrack Linux ● Kali Linux ● OWASP ● OSWTF ● Samurai Linux ● 4n6 ● etc
  • 19. Common Vulnerability Reference ● CVE (Common Vulnerability Exposure) ● OSVDB (Open Source Vulenerability Database) ● ExploitDB (http://www.exploit-db.com/) ● National Vulnerability Database ● Common Vulnerability Scoring System (CVSSSIG) -FIRST ● CVE Details (http://www.cvedetails.com/) ● Injector Exploitation Tools ● Exploit-ID (http://www.exploit-id.com/)
  • 20. EOF