SlideShare a Scribd company logo

Scanning web vulnerabilities

Download as PPT, PDF
M
Mohit Dholakiya

The document discusses the evaluation of web application security tools, emphasizing the need for clear specifications and measurement methodologies to assess tool functionalities. It outlines various types of scanning tools, their common vulnerabilities, and the importance of understanding the significance of tool results for users and developers. Additionally, it highlights the limitations of current tools and the criteria for selecting web application vulnerabilities.

Engineering
Related topics:
Web Design InsightsWeb Analytics Overview Google Analytics
1 of 29
Download to read offline
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Most read
22
23
24
25
26
27
28
Most read
29
1 Scanning for Web Vulnerabilities By Hacking Spot
2 • Precisely document what a tool class does and does not do • Inform users – Match the tool to a particular situation – Understand significance of tool results • Provide feedback to tool developers Purpose of Tool Evaluations
3 • Select class of tool • Develop clear (testable) requirements – Tool functional specification aided by focus groups – Spec posted for public comment • Develop a measurement methodology – Develop reference datasets (test cases) – Document interpretation criteria Details of Tool Evaluations
4 • Static Analysis Security Tools • Web Application Vulnerability Tools • Binary Analysis Tools • Web Services Tools • Network Scanner Tools Some Tools for specific application*
5 • Firewall • Intrusion Detection/Prevention System • Virus Detection • Fuzzers • Web Proxy Honeypots • Blackbox Pen Tester Other Types of Software Assurance Security Tools *
6 • Life Cycle Process (requirements, design, …) • Automation (manual, semi, automatic) • Approach (preclude, detect, mitigate, react, appraise) • Viewpoint (blackbox, whitebox (static, dynamic)) • Other (price, platform, languages, …) How to Classify Tools and Techniques
7 The Rise of Web App Vulnerability 0 5 10 15 20 25 2000 2001 2002 2003 2004 2005 2006 Remote file inclusion SQL injection Cross-site scripting Top web app vulnerabilities as % of total vulnerabilities in NVD
8 is software which communicates with a web application through the web front-end and identifies potential security weaknesses in the web application.* Web Application Security Scanner
9 Web Application Architecture Database Server Client (Browser, Tool, etc.) HTTP Requests HTML, etc. Webapp Web Server
10 - Client and Server Interaction - Distributed n-tiered architecture - Remote access - Heterogeneity - Content delivery via HTTP - Concurrency - Session management - Authentication and authorization Characteristics of Web Application
11 - Limited to tools that examine software applications on the web. - Does not apply to tools that scan other artifacts, like requirements, byte-code, or binary code - Does not apply to database scanners - Does not apply to other system security tools, e.g., firewalls, anti-virus, gateways, routers, switches, intrusion detection system Scope – What types of tools does this spec NOT address?
12 - Cross-Site Scripting (XSS) - Injection flaws - Authentication and access control weaknesses - Path manipulation - Improper Error Handling Some Vulnerabilities that Web Application Scanners Check
13 - AppScan DE by Watchfire, Inc. (IBM) - WebInpect by SPI-Dynamics (HP) - Acunetix WVS by Acunetix - Hailstorm by Cenzic, Inc. - W3AF, Grabber, Paros, etc. - others… Some Web Application Security Scanning Tools
14 • What is a common set of functions? • Can they be tested? • How can one measure the effectiveness? HackingSpot is “neutral”, not consumer reports, and does not endorse products. Establishing a Framework to Compare
15 • Precisely document what a tool class does and does not do • Provide feedback to tool developers • Inform users • Match the tool to a particular situation • Understand significance of tool results Purpose of a Specification
16 • Specifies basic (minimum) functionality • Defines features unambiguously • Represents a consensus on tool functions and requirements • Serves as a guide to measure the capability of tools How should this spec be viewed?
17 • Not to prescribe the features and functions that all web application scanner tools must have. • Use of a tool that complies with this specification does not guarantee the application is free of vulnerabilities. • Production tools should have capabilities far beyond those indicated. • Used as the basis for developing test suites to measure how a tool meets these requirements. How should this spec be used?
18 • Found in existing applications today • Recognized by tools today • Likelihood of exploit or attack is medium to high Criteria for selection of Web Application Vulnerabilities
19 • OWASP Top Ten 2007 • WASC Threat Classification • CWE – 600+ weaknesses definition dictionary • CAPEC- 100+ attack patterns for known exploits Web Application Vulnerabilities
20 • Test applications that model real security features and vulnerabilities • Configurable to be vulnerable to one or many types of attack • Ability to provide increasing level of defense for a vulnerability Test Suites
21 Defense Mechanisms • Different programmers use different defenses • Defenses/Filters are not all equivalent • We have different instances of vulnerabilities: levels of defense
22 • Example: Cross-Site Request Forgeries Levels of Defense Untrusted.c0m MyShopping.Com CSRF ScriptUntrusted.c0m redirects to MyShopping.Com GET /shop.aspx?ItemID=42&Accept=Yes Thanks For Buying This Item! “This nice new website: Untrusted.c0m”
23 • Example: Cross-Site Request Forgeries - Level 0: No Protection (bad) - Level 1: Using only POST (well...) - Level 2: Checking the referrer (better but referrer may be spoofed) - Level 3: Using a nonce (good) • Higher level means harder to break Levels of Defense
24 Web Server Database Server Web Application Scanner Tool Attacks HTML, etc. Webapp Tool Report Seeded Vulns. Cheat sheet ?
25 Attacks Analysis • An action that exploits a vulnerability • What exactly is the tool testing? • What do I need to test in my application? • Do the results match?
26 Web Server Database Server Web Application Scanner Tool Attacks HTML, etc. Webapp Tool Report Attacks Analysis Seeded Vulns.?
27 • Test Suite with 21 vulnerabilities (XSS, SQL Injection, File Inclusion) – PHP, MySQL, Ajax – LAMP • 4 Scanners (Commercial and Open Source) • One type of vulnerability at the time • Results (Detection rate, False-Positive rate) Test Suite Evaluation
28 • Tools are limited in scope (companies sell service as opposed to selling tool) • Speed versus Depth (in-depth testing takes time) • Difficult to read output reports (typically log files) • False-Positives • Tuning versus default mode Issues with Web Application Scanner Tools
Thank You 29

More Related Content

PPT
Application Security
Reggie Niccolo Santos
 
PDF
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
PPTX
Application security
Hagar Alaa el-din
 
PPT
Penetration Testing Basics
Rick Wanner
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
PPTX
Vulnerabilities in modern web applications
Niyas Nazar
 
PPTX
Cyber kill chain
Ankita Ganguly
 
PPTX
Secure Software Development Lifecycle
1&1
 
Application Security
Reggie Niccolo Santos
 
Secure Design: Threat Modeling
Narudom Roongsiriwong, CISSP
 
Application security
Hagar Alaa el-din
 
Penetration Testing Basics
Rick Wanner
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Vulnerabilities in modern web applications
Niyas Nazar
 
Cyber kill chain
Ankita Ganguly
 
Secure Software Development Lifecycle
1&1
 

What's hot (20)

PPTX
Web application security
Kapil Sharma
 
PDF
Threat Intelligence
Deepak Kumar (D3)
 
PDF
Threat Modelling
n|u - The Open Security Community
 
PPTX
Secure Software Development Life Cycle
Maurice Dawson
 
PPTX
Cyber Security roadmap.pptx
SandeepK707540
 
PDF
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
PPTX
Intro to Security in SDLC
Tjylen Veselyj
 
PDF
Security testing presentation
Confiz
 
PDF
Threat Hunting
Splunk
 
PPTX
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
PPTX
Penetration Testing
RomSoft SRL
 
PDF
Elastic SIEM (Endpoint Security)
Kangaroot
 
PPTX
Design of security architecture in Information Technology
trainersenthil14
 
PPTX
WTF is Penetration Testing v.2
Scott Sutherland
 
PPTX
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
PDF
Web Application Security and Awareness
Abdul Rahman Sherzad
 
PPTX
Cyber Threat Modeling
EC-Council
 
PPTX
Network traffic analysis with cyber security
KAMALI PRIYA P
 
PDF
Introduction to Cybersecurity
Krutarth Vasavada
 
PDF
Malware classification and detection
Chong-Kuan Chen
 
Web application security
Kapil Sharma
 
Threat Intelligence
Deepak Kumar (D3)
 
Threat Modelling
n|u - The Open Security Community
 
Secure Software Development Life Cycle
Maurice Dawson
 
Cyber Security roadmap.pptx
SandeepK707540
 
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Intro to Security in SDLC
Tjylen Veselyj
 
Security testing presentation
Confiz
 
Threat Hunting
Splunk
 
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Penetration Testing
RomSoft SRL
 
Elastic SIEM (Endpoint Security)
Kangaroot
 
Design of security architecture in Information Technology
trainersenthil14
 
WTF is Penetration Testing v.2
Scott Sutherland
 
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Cyber Threat Modeling
EC-Council
 
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Introduction to Cybersecurity
Krutarth Vasavada
 
Malware classification and detection
Chong-Kuan Chen
 
Ad

Similar to Scanning web vulnerabilities (20)

PDF
Web Applications Assessment Tools: Comparison and Discussion
EECJOURNAL
 
PPTX
Project Presentation
Inaam Ishaque Shaikh
 
PPTX
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-...
Rana Khalil
 
PDF
Strategies for Web Application Security
OpSource
 
PDF
Strategies for Web Application Security
OpSource
 
DOC
Semi-Automated Security Testing of Web applications
Ram G Athreya
 
PPTX
Application security in a hurry webinar
kdinerman
 
PDF
Web Application Security: Introduction to common classes of security flaws an...
Thoughtworks
 
PDF
Tw noche geek quito webappsec
Thoughtworks
 
PDF
Essentials of Web Application Security: what it is, why it matters and how to...
Cenzic
 
PPTX
Web applications security conference slides
Bassam Al-Khatib
 
PPTX
Web Application Scanning Flow and features.pptx
alphaa2test
 
PPT
Web 2.0 Hacking
blake101
 
PPTX
Web application vulnerability assessment
Ravikumar Paghdal
 
PPTX
Web application Security tools
Nico Penaredondo
 
PDF
Practical White Hat Hacker Training - Vulnerability Detection
PRISMA CSI
 
PDF
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
PDF
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
PDF
Tech w23
SelectedPresentations
 
PDF
ProActive Security
Ibnisina Sina
 
Web Applications Assessment Tools: Comparison and Discussion
EECJOURNAL
 
Project Presentation
Inaam Ishaque Shaikh
 
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-...
Rana Khalil
 
Strategies for Web Application Security
OpSource
 
Strategies for Web Application Security
OpSource
 
Semi-Automated Security Testing of Web applications
Ram G Athreya
 
Application security in a hurry webinar
kdinerman
 
Web Application Security: Introduction to common classes of security flaws an...
Thoughtworks
 
Tw noche geek quito webappsec
Thoughtworks
 
Essentials of Web Application Security: what it is, why it matters and how to...
Cenzic
 
Web applications security conference slides
Bassam Al-Khatib
 
Web Application Scanning Flow and features.pptx
alphaa2test
 
Web 2.0 Hacking
blake101
 
Web application vulnerability assessment
Ravikumar Paghdal
 
Web application Security tools
Nico Penaredondo
 
Practical White Hat Hacker Training - Vulnerability Detection
PRISMA CSI
 
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
Tech w23
SelectedPresentations
 
ProActive Security
Ibnisina Sina
 
Ad

More from Mohit Dholakiya (6)

PDF
Data science
Mohit Dholakiya
 
PDF
Vulnerability
Mohit Dholakiya
 
PDF
Cyber laws
Mohit Dholakiya
 
PDF
How to grow on you tube
Mohit Dholakiya
 
PPTX
Instagram strategies
Mohit Dholakiya
 
PDF
Cyber ethics
Mohit Dholakiya
 
Data science
Mohit Dholakiya
 
Vulnerability
Mohit Dholakiya
 
Cyber laws
Mohit Dholakiya
 
How to grow on you tube
Mohit Dholakiya
 
Instagram strategies
Mohit Dholakiya
 
Cyber ethics
Mohit Dholakiya
 

Recently uploaded (20)

PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PDF
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
composite construction of structures.pdf
AinieButt1
 
Project quality management in manufacturing
BarMusaTetik
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 

Scanning web vulnerabilities

  • 1. 1 Scanning for Web Vulnerabilities By Hacking Spot
  • 2. 2 • Precisely document what a tool class does and does not do • Inform users – Match the tool to a particular situation – Understand significance of tool results • Provide feedback to tool developers Purpose of Tool Evaluations
  • 3. 3 • Select class of tool • Develop clear (testable) requirements – Tool functional specification aided by focus groups – Spec posted for public comment • Develop a measurement methodology – Develop reference datasets (test cases) – Document interpretation criteria Details of Tool Evaluations
  • 4. 4 • Static Analysis Security Tools • Web Application Vulnerability Tools • Binary Analysis Tools • Web Services Tools • Network Scanner Tools Some Tools for specific application*
  • 5. 5 • Firewall • Intrusion Detection/Prevention System • Virus Detection • Fuzzers • Web Proxy Honeypots • Blackbox Pen Tester Other Types of Software Assurance Security Tools *
  • 6. 6 • Life Cycle Process (requirements, design, …) • Automation (manual, semi, automatic) • Approach (preclude, detect, mitigate, react, appraise) • Viewpoint (blackbox, whitebox (static, dynamic)) • Other (price, platform, languages, …) How to Classify Tools and Techniques
  • 7. 7 The Rise of Web App Vulnerability 0 5 10 15 20 25 2000 2001 2002 2003 2004 2005 2006 Remote file inclusion SQL injection Cross-site scripting Top web app vulnerabilities as % of total vulnerabilities in NVD
  • 8. 8 is software which communicates with a web application through the web front-end and identifies potential security weaknesses in the web application.* Web Application Security Scanner
  • 9. 9 Web Application Architecture Database Server Client (Browser, Tool, etc.) HTTP Requests HTML, etc. Webapp Web Server
  • 10. 10 - Client and Server Interaction - Distributed n-tiered architecture - Remote access - Heterogeneity - Content delivery via HTTP - Concurrency - Session management - Authentication and authorization Characteristics of Web Application
  • 11. 11 - Limited to tools that examine software applications on the web. - Does not apply to tools that scan other artifacts, like requirements, byte-code, or binary code - Does not apply to database scanners - Does not apply to other system security tools, e.g., firewalls, anti-virus, gateways, routers, switches, intrusion detection system Scope – What types of tools does this spec NOT address?
  • 12. 12 - Cross-Site Scripting (XSS) - Injection flaws - Authentication and access control weaknesses - Path manipulation - Improper Error Handling Some Vulnerabilities that Web Application Scanners Check
  • 13. 13 - AppScan DE by Watchfire, Inc. (IBM) - WebInpect by SPI-Dynamics (HP) - Acunetix WVS by Acunetix - Hailstorm by Cenzic, Inc. - W3AF, Grabber, Paros, etc. - others… Some Web Application Security Scanning Tools
  • 14. 14 • What is a common set of functions? • Can they be tested? • How can one measure the effectiveness? HackingSpot is “neutral”, not consumer reports, and does not endorse products. Establishing a Framework to Compare
  • 15. 15 • Precisely document what a tool class does and does not do • Provide feedback to tool developers • Inform users • Match the tool to a particular situation • Understand significance of tool results Purpose of a Specification
  • 16. 16 • Specifies basic (minimum) functionality • Defines features unambiguously • Represents a consensus on tool functions and requirements • Serves as a guide to measure the capability of tools How should this spec be viewed?
  • 17. 17 • Not to prescribe the features and functions that all web application scanner tools must have. • Use of a tool that complies with this specification does not guarantee the application is free of vulnerabilities. • Production tools should have capabilities far beyond those indicated. • Used as the basis for developing test suites to measure how a tool meets these requirements. How should this spec be used?
  • 18. 18 • Found in existing applications today • Recognized by tools today • Likelihood of exploit or attack is medium to high Criteria for selection of Web Application Vulnerabilities
  • 19. 19 • OWASP Top Ten 2007 • WASC Threat Classification • CWE – 600+ weaknesses definition dictionary • CAPEC- 100+ attack patterns for known exploits Web Application Vulnerabilities
  • 20. 20 • Test applications that model real security features and vulnerabilities • Configurable to be vulnerable to one or many types of attack • Ability to provide increasing level of defense for a vulnerability Test Suites
  • 21. 21 Defense Mechanisms • Different programmers use different defenses • Defenses/Filters are not all equivalent • We have different instances of vulnerabilities: levels of defense
  • 22. 22 • Example: Cross-Site Request Forgeries Levels of Defense Untrusted.c0m MyShopping.Com CSRF ScriptUntrusted.c0m redirects to MyShopping.Com GET /shop.aspx?ItemID=42&Accept=Yes Thanks For Buying This Item! “This nice new website: Untrusted.c0m”
  • 23. 23 • Example: Cross-Site Request Forgeries - Level 0: No Protection (bad) - Level 1: Using only POST (well...) - Level 2: Checking the referrer (better but referrer may be spoofed) - Level 3: Using a nonce (good) • Higher level means harder to break Levels of Defense
  • 24. 24 Web Server Database Server Web Application Scanner Tool Attacks HTML, etc. Webapp Tool Report Seeded Vulns. Cheat sheet ?
  • 25. 25 Attacks Analysis • An action that exploits a vulnerability • What exactly is the tool testing? • What do I need to test in my application? • Do the results match?
  • 26. 26 Web Server Database Server Web Application Scanner Tool Attacks HTML, etc. Webapp Tool Report Attacks Analysis Seeded Vulns.?
  • 27. 27 • Test Suite with 21 vulnerabilities (XSS, SQL Injection, File Inclusion) – PHP, MySQL, Ajax – LAMP • 4 Scanners (Commercial and Open Source) • One type of vulnerability at the time • Results (Detection rate, False-Positive rate) Test Suite Evaluation
  • 28. 28 • Tools are limited in scope (companies sell service as opposed to selling tool) • Speed versus Depth (in-depth testing takes time) • Difficult to read output reports (typically log files) • False-Positives • Tuning versus default mode Issues with Web Application Scanner Tools

Editor's Notes