Abstract image of a woman sitting on books and studying on a laptop

Narain exploring web vulnerabilities

Er. Narayan Koirala, profile picture
Er. Narayan Koirala

This presentation discusses software quality and security. It provides an overview of common vulnerabilities in websites, demonstrating vulnerability scanning tools. Key points include that nearly 11,000 attack sites and 150,000 infected sites are discovered monthly. After scanning a site, the presenter will analyze the lengthy report generated to identify true vulnerabilities and prioritize fixes. The presentation emphasizes that web security depends on the entire ecosystem and encourages continuing to learn more about the topic.

Education
1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Narain exploring web vulnerabilities
Purpose Of This Presentation For Awareness in Software Quality Strictly not for wrong use, not to damage or harm any one’s intellectual property
Vote of thanks • ITS Nepal • BRAINDIGIT IT Solution • OWASP • OWASP Nepal • SQA Professionals
Overview • Introduction • Stats on attack site • Top Tools • Demo vulnerability scanning • Analysis of report
Narain exploring web vulnerabilities
Nearly 11K Attack sites are discovered monthly
• Nearly 150 K Infected sites are • Discovered Monthly • I.e. nearly 5000 sites are infected daily • I.e. nearly 3 sites are infected per minute
Narain exploring web vulnerabilities
After all • No software is 100% bug free, so is the web. • Difference is in level of security maintained.
Lock Demonstration 1st lock is the simplest lock that can be broken easily and by huge mass of people(x). 2nd lock is bit more complex and can be broken by(x-10,000) no of people. 3rd lock is most complex and can be broken by few people on earth lets say 2 people
Familiar words
Tools
Demo • With joomscan Check “narain-joomscan.pptx” for slides related to joomscan. • With Acunetix Check “narain- acunetix.pptx” for slides related to acunetix
LET’S ANALYSIS THE REOPRT WE HAVE NOW
The Hard Part Analysing the report of Automation (15-500 pgs) Analysing False Positives and Negatives (everything seems true) N Fixing The Holes
Web security Doesn't only depend on Security of servers Or Security of Application But to Whole Echo System of WEB Let’s Try More with our little knowledge
Thanking You

More Related Content

PPTX
Exploring web vulnerabilities
Information Technology Society Nepal
 
PPTX
Te chnical presentation networkexploits and security
Kartik Rao
 
PDF
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
Sajjad "JJ" Arshad
 
PPTX
Proofing against malware
SensePost
 
PDF
Basics of Meterpreter Evasion
Nipun Jaswal
 
PPTX
IT Security Basics For Managers
Daniel Owens
 
PPTX
Nessus-Vulnerability Tester
Aditya Jain
 
PDF
Ransomware is Coming to a Desktop Near You
Cybereason
 
Exploring web vulnerabilities
Information Technology Society Nepal
 
Te chnical presentation networkexploits and security
Kartik Rao
 
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
Sajjad "JJ" Arshad
 
Proofing against malware
SensePost
 
Basics of Meterpreter Evasion
Nipun Jaswal
 
IT Security Basics For Managers
Daniel Owens
 
Nessus-Vulnerability Tester
Aditya Jain
 
Ransomware is Coming to a Desktop Near You
Cybereason
 

What's hot (20)

PPT
Bruteforce basic presentation_file - linx
idsecconf
 
PPT
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
chrissanders88
 
PDF
What you need to know about ExPetr ransomware
Kaspersky
 
PPT
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Nipun Jaswal
 
PDF
Threat detection with 0 cost
Security Bootcamp
 
PPTX
Why we are getting better at catching nation-state sponsored malware
Positive Hack Days
 
PDF
Get Smart about Ransomware: Protect Yourself and Organization
Security Innovation
 
PPTX
Metasploit
Parth Sahu
 
PPTX
Threat Hunting with Splunk
Splunk
 
ODP
What is keylogger
hilarypark97
 
PDF
What is keylogger
hilarypark97
 
PDF
Hijacking Softwares for fun and profit
Nipun Jaswal
 
PDF
Understanding CryptoLocker (Ransomware) with a Case Study
securityxploded
 
PDF
Nessus Software
Megha Sahu
 
PDF
Threat Hunting with Splunk
Splunk
 
PDF
Threat Hunting with Splunk
Splunk
 
PDF
Enterprise Vulnerability Management - ZeroNights16
Alexander Leonov
 
PDF
Some PowerShell Goodies
Cybereason
 
PPTX
BSA2016 - Honeypots for Network Security Monitoring
chrissanders88
 
PPTX
HackerOne, Security Meetup 4 декабря 2014, Mail.Ru Group
Mail.ru Group
 
Bruteforce basic presentation_file - linx
idsecconf
 
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
chrissanders88
 
What you need to know about ExPetr ransomware
Kaspersky
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Nipun Jaswal
 
Threat detection with 0 cost
Security Bootcamp
 
Why we are getting better at catching nation-state sponsored malware
Positive Hack Days
 
Get Smart about Ransomware: Protect Yourself and Organization
Security Innovation
 
Metasploit
Parth Sahu
 
Threat Hunting with Splunk
Splunk
 
What is keylogger
hilarypark97
 
What is keylogger
hilarypark97
 
Hijacking Softwares for fun and profit
Nipun Jaswal
 
Understanding CryptoLocker (Ransomware) with a Case Study
securityxploded
 
Nessus Software
Megha Sahu
 
Threat Hunting with Splunk
Splunk
 
Threat Hunting with Splunk
Splunk
 
Enterprise Vulnerability Management - ZeroNights16
Alexander Leonov
 
Some PowerShell Goodies
Cybereason
 
BSA2016 - Honeypots for Network Security Monitoring
chrissanders88
 
HackerOne, Security Meetup 4 декабря 2014, Mail.Ru Group
Mail.ru Group
 
Ad

Viewers also liked (18)

PPTX
Svejk en las películas
queleescomenius
 
PPSX
Mis primeros pasos
Mate Ynamas
 
PDF
Anthony Spero Generic Resume
Anthony Spero
 
PPTX
Busqueda avanzanda
Edwin Solórzano
 
PPT
Furniture houseware store
vatan tan
 
PDF
Reglement jeu
Deezerjeuconcours
 
DOCX
Rubrica entre pares (1)
jeidu
 
PDF
Certificado prepa
José Martínez
 
PPS
Política y Redes Sociales
Antoni
 
PPTX
Comercio electrónico liceth
Cinthiavane
 
PDF
καταλογος μοτιβο
clemensL
 
PPTX
Lenguajes De Programación
Bacaanda' Gómez Esteva
 
PPT
Ultimate
dave_gar
 
PPTX
Всеукраїнський тиждень дитячого читання 2016 Вишнівська ЗОШ I-III ступенів №3
Інна Мельник
 
PPTX
BIOS SETUP
Jorge Pulido
 
PPTX
Vigilancia epidemiológica en Guatemala
abemen
 
PPTX
Juan ramon jiménez
Karla Quiroz
 
PDF
Problems faced by both the interviewer and the interviewee during an intervie...
Azas Shahrier
 
Svejk en las películas
queleescomenius
 
Mis primeros pasos
Mate Ynamas
 
Anthony Spero Generic Resume
Anthony Spero
 
Busqueda avanzanda
Edwin Solórzano
 
Furniture houseware store
vatan tan
 
Reglement jeu
Deezerjeuconcours
 
Rubrica entre pares (1)
jeidu
 
Certificado prepa
José Martínez
 
Política y Redes Sociales
Antoni
 
Comercio electrónico liceth
Cinthiavane
 
καταλογος μοτιβο
clemensL
 
Lenguajes De Programación
Bacaanda' Gómez Esteva
 
Ultimate
dave_gar
 
Всеукраїнський тиждень дитячого читання 2016 Вишнівська ЗОШ I-III ступенів №3
Інна Мельник
 
BIOS SETUP
Jorge Pulido
 
Vigilancia epidemiológica en Guatemala
abemen
 
Juan ramon jiménez
Karla Quiroz
 
Problems faced by both the interviewer and the interviewee during an intervie...
Azas Shahrier
 
Ad

Similar to Narain exploring web vulnerabilities (20)

PDF
DEF CON 23 - Wesley McGrew - i hunt penetration testers
Felipe Prado
 
PPTX
Creating Havoc using Human Interface Device
Positive Hack Days
 
PPTX
Malware Most Wanted: Security Ecosystem
Cyphort
 
PDF
Ceh v8 labs module 08 sniffers
Mehrdad Jingoism
 
PPTX
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk
 
PPTX
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
Orbid
 
PDF
Ceh v8 labs module 03 scanning networks
Asep Sopyan
 
PDF
Ceh v8 labs module 03 scanning networks
Mehrdad Jingoism
 
PPTX
Webinar on identifying, preventing and securing against the unidentifiable at...
Intergence Ltd.
 
PDF
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Alex Pinto
 
PPTX
Green Custard Friday Talk 19: Chaos Engineering
Green Custard
 
PPTX
Mitigating worm attacks
dkaya
 
PPTX
Alexandros Papanikolaou PROmis
Ignite_Athens
 
PDF
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
PDF
Metasploit Computer security testing tool
medoelkang600
 
PPTX
Finalppt metasploit
devilback
 
PPT
Sp Security 101 Primer 2 1
Barry Greene
 
PDF
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
CyberPro Magazine
 
PDF
Vulnerability scanning report by Tareq Hanaysha
Hanaysha
 
PPTX
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Splunk
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
Felipe Prado
 
Creating Havoc using Human Interface Device
Positive Hack Days
 
Malware Most Wanted: Security Ecosystem
Cyphort
 
Ceh v8 labs module 08 sniffers
Mehrdad Jingoism
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
Orbid
 
Ceh v8 labs module 03 scanning networks
Asep Sopyan
 
Ceh v8 labs module 03 scanning networks
Mehrdad Jingoism
 
Webinar on identifying, preventing and securing against the unidentifiable at...
Intergence Ltd.
 
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...
Alex Pinto
 
Green Custard Friday Talk 19: Chaos Engineering
Green Custard
 
Mitigating worm attacks
dkaya
 
Alexandros Papanikolaou PROmis
Ignite_Athens
 
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
Metasploit Computer security testing tool
medoelkang600
 
Finalppt metasploit
devilback
 
Sp Security 101 Primer 2 1
Barry Greene
 
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
CyberPro Magazine
 
Vulnerability scanning report by Tareq Hanaysha
Hanaysha
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Splunk
 

Recently uploaded (20)

PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
PPTX
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
PDF
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
PDF
BP 505 T. PHARMACEUTICAL JURISPRUDENCE (UNIT 2).pdf
CMEmpire
 
PDF
semiconductor packaging in vlsi design fab
KarpoorasundariK
 
PDF
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
PDF
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 
PDF
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
PDF
HVAC Specification 2024 according to central public works department
amitrobanipl
 
PDF
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
PPTX
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
PDF
Complications of Minimal Access-Surgery.pdf
Laparoscopy Hospital
 
PDF
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 2).pdf
CMEmpire
 
PDF
IP : I ; Unit I : Preformulation Studies
RAGHUNATH SAKHARE
 
PDF
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 
PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
PPTX
DRUGS USED FOR HORMONAL DISORDER, SUPPLIMENTATION, CONTRACEPTION, & MEDICAL T...
SaravananKumar545925
 
PDF
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
PDF
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
PDF
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
BP 505 T. PHARMACEUTICAL JURISPRUDENCE (UNIT 2).pdf
CMEmpire
 
semiconductor packaging in vlsi design fab
KarpoorasundariK
 
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
HVAC Specification 2024 according to central public works department
amitrobanipl
 
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
Complications of Minimal Access-Surgery.pdf
Laparoscopy Hospital
 
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 2).pdf
CMEmpire
 
IP : I ; Unit I : Preformulation Studies
RAGHUNATH SAKHARE
 
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
DRUGS USED FOR HORMONAL DISORDER, SUPPLIMENTATION, CONTRACEPTION, & MEDICAL T...
SaravananKumar545925
 
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 

Narain exploring web vulnerabilities

  • 2. Purpose Of This Presentation For Awareness in Software Quality Strictly not for wrong use, not to damage or harm any one’s intellectual property
  • 3. Vote of thanks • ITS Nepal • BRAINDIGIT IT Solution • OWASP • OWASP Nepal • SQA Professionals
  • 4. Overview • Introduction • Stats on attack site • Top Tools • Demo vulnerability scanning • Analysis of report
  • 6. Nearly 11K Attack sites are discovered monthly
  • 7. Nearly 150 K Infected sites are • Discovered Monthly • I.e. nearly 5000 sites are infected daily • I.e. nearly 3 sites are infected per minute
  • 9. After all • No software is 100% bug free, so is the web. • Difference is in level of security maintained.
  • 10. Lock Demonstration 1st lock is the simplest lock that can be broken easily and by huge mass of people(x). 2nd lock is bit more complex and can be broken by(x-10,000) no of people. 3rd lock is most complex and can be broken by few people on earth lets say 2 people
  • 12. Tools
  • 13. Demo • With joomscan Check “narain-joomscan.pptx” for slides related to joomscan. • With Acunetix Check “narain- acunetix.pptx” for slides related to acunetix
  • 15. The Hard Part Analysing the report of Automation (15-500 pgs) Analysing False Positives and Negatives (everything seems true) N Fixing The Holes
  • 16. Web security Doesn't only depend on Security of servers Or Security of Application But to Whole Echo System of WEB Let’s Try More with our little knowledge