The Essentials of Offensive Security in Web Applications

Slide Note
Embed
Share

Comprehensive overview of key aspects of offensive security in web applications including testing areas, OWASP guidelines, top 10 vulnerabilities, essential tools, web scoping, handling dangerous portions, understanding request types, and following a specialized methodology for exploitation. The content emphasizes the importance of securing web applications amidst increasing complexity and risks.

tan_ney
tan_ney Follow

Uploaded on Oct 11, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Web Offensive Security

  2. Web Overview Web called out specifically Because web is different than just testing services More services are moving to the web, often more exposed As web apps have become more important, they have also become more complex Offensive Security 2

  3. OWASP Open Web Application Security Project Offensive Security 3 https://www.owasp.org/index.php/Main_Page

  4. OWASP Testing Areas Information Gathering Configuration and Deploy Management Testing Identity Management Testing Authentication Testing Authorization Testing Session Management Testing Data Validation Testing Error Handling Offensive Security Cryptography Business Logic Testing Client Side Testing 4 https://www.owasp.org/index.php/Testing_Checklist

  5. OWASP Top 10 1. Injection 7. Cross Site Script (XSS) 2. Broken Authentication 8. Insecure Deserialization 3. Sensitive Data Exposure 9. Using Components with Know Vulnerabilities 4. XML External Entities (XXE) 10. Insufficient Logging & Monitoring 5. Broken Access Control 6. Security Misconfiguration Offensive Security 5

  6. Tools Burp Zap Dirbuster/Gobuster Nikto Sslscan Nmap scripts Offensive Security Google dorks/wayback machine 6

  7. Web Scoping What does the application do? Identify functionality and important functionality Offensive Security 7

  8. Dangerous Portions of Web Apps Automated crawlers click links Think about delete portions of websites Update pages What if your crawlers gets into the site as admin? With delete and update functionality Offensive Security 8

  9. Request Types Offensive Security 9

  10. Web Methodology Big surface area, requires its own methodology Recon Mapping Recon Discovery Exploitation Offensive Security Exploitation Mapping Just like our regular methodology Discovery 10

  11. Enumeration Manually browse every Spidering with Burp/Zap Offensive Security 11

  12. Nikto Offensive Security 12

  13. Resources https://www.redsiege.com/wp- content/uploads/2018/10/WA101-LayoftheLand.pdf https://www.owasp.org/images/1/19/OTGv4.pdf https://github.com/qazbnm456/awesome-web-security Offensive Security 13

Related


Basic Web Security Model for Secure Electronic Commerce

Basic Web Security Model for Secure Electronic Commerce

ezikiel
Defensive Recognition and Play Scripting for Offensive Success

Defensive Recognition and Play Scripting for Offensive Success

avaa_508
Understanding Web Security: Threats and Protections

Understanding Web Security: Threats and Protections

wetherby_m
Influence of Family Values and Christian Beliefs on Perceptions of Offensive Ads

Influence of Family Values and Christian Beliefs on Perceptions of Offensive Ads

odin
Farmington Tiger Football Youth Offensive Formations and Concepts

Farmington Tiger Football Youth Offensive Formations and Concepts

aryan
Lacrosse Offensive and Defensive Strategies for Youth Playbook 2021

Lacrosse Offensive and Defensive Strategies for Youth Playbook 2021" (70 characters)

monta
Youth Football Offensive Fundamentals and Drills Overview

Youth Football Offensive Fundamentals and Drills Overview

sophiagr
Understanding HTTP Security Headers for Web Apps

Understanding HTTP Security Headers for Web Apps

pembroke_l
Understanding Web Security: Same-Origin Policy in Web Applications

Understanding Web Security: Same-Origin Policy in Web Applications

lavellewo
Understanding Threat Modeling and Offensive Security

Understanding Threat Modeling and Offensive Security

loza_2
Leveraging Persistence for Offensive Security

Leveraging Persistence for Offensive Security

claassen_m
Importance of Security in Web Development

Importance of Security in Web Development

kharmync
Exploring the Fundamentals of Web Engineering

Exploring the Fundamentals of Web Engineering

smcli
Cybersecurity Challenges: Attacks on Web Applications and Cost of Security Breaches

Cybersecurity Challenges: Attacks on Web Applications and Cost of Security Breaches

hari
Understanding Web Hosting and Server Types

Understanding Web Hosting and Server Types

trac_189
Understanding Web Browsers and Internet Explorer

Understanding Web Browsers and Internet Explorer

tyre_nks
Understanding Silverlight for Web Hosting Companies

Understanding Silverlight for Web Hosting Companies

decla
OWASP Bricks - Web Application Security Learning Platform

OWASP Bricks - Web Application Security Learning Platform

aleia
An Empirical Evaluation of Security Indicators in Mobile Web Browsers

An Empirical Evaluation of Security Indicators in Mobile Web Browsers

czad
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808
Grade 7 Computer Science Discoveries Curriculum Overview

Grade 7 Computer Science Discoveries Curriculum Overview

aariv
Exploring Web Hosting Security: Principles, Layers, and Monitoring

Exploring Web Hosting Security: Principles, Layers, and Monitoring

jac_662
Promoting Respect and Understanding: A Lesson on Avoiding Slurs and Offensive Language

Promoting Respect and Understanding: A Lesson on Avoiding Slurs and Offensive Language

emmitt
Volleyball Offensive Strategies Overview

Volleyball Offensive Strategies Overview

duke

More Related Content