SlideShare une entreprise Scribd logo

Web Application Hacking

Télécharger en tant que ODP, PDF
Muchammad Sholeh
Muchammad Sholeh
Technologie
1  sur  20
Web Application Hacking By Muchammad Sholeh Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
Hacking Methodology
Computer Search Engine By ShodanHq
Shodan Exploits
A n I n t r o d u c t io n t o Z A P T h e O W A S P Z e d A tta c k P ro x y
Main Feature A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g • I n t e r c e p t in g P r o x y • A c t iv e a n d P a s s iv e S c a n n e r s • S p id e r • R e p o r t G e n e r a t io n • B r u t e F o r c e ( u s in g O W A S P D ir B u s t e r c o d e ) • F u z z in g ( u s in g O W A S P J B r o F u z z c o d e )
The Additional Features • A u t o t a g g in g • Po rt sca n n e r • Sm a rt ca rd su p p o rt • S e s s io n c o m p a r is o n • In v o k e e xte rn a l a p p s • B e a n S h e ll in t e g r a t io n • A P I + H e a d le s s m o d e • D y n a m ic S S L C e r t if ic a t e s • A n t i C S R F t o k e n h a n d lin g
http://www.nuovoline.com/order.php?do=etc%2Fpasswd
List Tools Scanning and Enumeration ● Zap Proxy ● Arachni ● W3AF ● Wapiti ● OpenVas ● Nessus ● Nikto.PL ● NMAP ● ShodanHQ
Penetration Testing OS Base on OSS ● Backtrack Linux ● Kali Linux ● OWASP ● OSWTF ● Samurai Linux ● 4n6 ● etc
Common Vulnerability Reference ● CVE (Common Vulnerability Exposure) ● OSVDB (Open Source Vulenerability Database) ● ExploitDB (http://www.exploit-db.com/) ● National Vulnerability Database ● Common Vulnerability Scoring System (CVSSSIG) -FIRST ● CVE Details (http://www.cvedetails.com/) ● Injector Exploitation Tools ● Exploit-ID (http://www.exploit-id.com/)
EOF

Recommandé

Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Mike Lee
 
Edu614 session 3 presentation tools
Edu614 session 3 presentation toolsEdu614 session 3 presentation tools
Edu614 session 3 presentation toolsKathy Favazza
 
Comprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsComprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsLINE Corporation
 
Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...LINE Corporation
 
Robotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageRobotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageAlec Coughlin
 
OPVL Common Mistakes
OPVL Common MistakesOPVL Common Mistakes
OPVL Common Mistakesmczamora
 
Doctor Appointment App Development Company
Doctor Appointment App Development CompanyDoctor Appointment App Development Company
Doctor Appointment App Development Companydeorwine infotech
 
GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1Nicole Leslie
 

Recommandé

Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...
Supplementary slides for ASAE Tech2014 Panel on: The Future of Content Distri...Mike Lee
 
Edu614 session 3 presentation tools
Edu614 session 3 presentation toolsEdu614 session 3 presentation tools
Edu614 session 3 presentation toolsKathy Favazza
 
Comprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsComprehensive approach to delivering great developer products
Comprehensive approach to delivering great developer productsLINE Corporation
 
Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...Collaboration between LINE, Microsoft and AI by the developers, for the devel...
Collaboration between LINE, Microsoft and AI by the developers, for the devel...LINE Corporation
 
Robotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageRobotic Process Automation (RPA)_Harvesting a Competitive Advantage
Robotic Process Automation (RPA)_Harvesting a Competitive AdvantageAlec Coughlin
 
OPVL Common Mistakes
OPVL Common MistakesOPVL Common Mistakes
OPVL Common Mistakesmczamora
 
Doctor Appointment App Development Company
Doctor Appointment App Development CompanyDoctor Appointment App Development Company
Doctor Appointment App Development Companydeorwine infotech
 
GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1GIS in Natural and Built Environments - Lecture 1
GIS in Natural and Built Environments - Lecture 1Nicole Leslie
 
Python (part 0)
Python (part 0)Python (part 0)
Python (part 0)Ramin Najjarbashi
 
Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Ankita Nagvekar
 
Mock proposal for digitisation project
Mock proposal for digitisation projectMock proposal for digitisation project
Mock proposal for digitisation projectGiada Gelli
 
AWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAlvaro García Loaisa
 
Investigacion oprativa silva
Investigacion oprativa silvaInvestigacion oprativa silva
Investigacion oprativa silvaybettsilva2014
 
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?collaborator.pro
 
Transforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesTransforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesKishore Yekkanti
 
Ninja Correlation of APT Binaries
Ninja Correlation of APT BinariesNinja Correlation of APT Binaries
Ninja Correlation of APT BinariesCODE BLUE
 
Switching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileSwitching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileDoc Norton
 
The Road to QA
The Road to QAThe Road to QA
The Road to QABenjamin Bischoff
 
Information Security Project Management
Information Security Project ManagementInformation Security Project Management
Information Security Project ManagementIgor Pertsovsky
 
PRESENTATION
PRESENTATIONPRESENTATION
PRESENTATIONMTalhaQureshi1
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX
 
SharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindSharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindChris Johnson
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress DevelopersDavid Brumbaugh
 
From Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsFrom Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsRonald Ashri
 
From Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsFrom Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsRonald Ashri
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Kancil San
 
Selection
SelectionSelection
SelectionAli Kamran
 
Offline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresOffline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresPedro Teixeira
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitAmazon Web Services
 
Uncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningUncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningKan Ouivirach, Ph.D.
 

Contenu connexe

Tendances

Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Ankita Nagvekar
 
Mock proposal for digitisation project
Mock proposal for digitisation projectMock proposal for digitisation project
Mock proposal for digitisation projectGiada Gelli
 
AWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAlvaro García Loaisa
 
Investigacion oprativa silva
Investigacion oprativa silvaInvestigacion oprativa silva
Investigacion oprativa silvaybettsilva2014
 
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?collaborator.pro
 

Tendances (6)

Python (part 0)
Python (part 0)Python (part 0)
Python (part 0)
 
Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree? Digital Marketing is the era in Marketing. Do you agree?
Digital Marketing is the era in Marketing. Do you agree?
 
Mock proposal for digitisation project
Mock proposal for digitisation projectMock proposal for digitisation project
Mock proposal for digitisation project
 
AWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWSAWS para Torpes - Introducción a AWS
AWS para Torpes - Introducción a AWS
 
Investigacion oprativa silva
Investigacion oprativa silvaInvestigacion oprativa silva
Investigacion oprativa silva
 
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
Возможности сабмитов в SEO. А нужно ли ими вообще заниматься?
 

Similaire à Web Application Hacking

Transforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesTransforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesKishore Yekkanti
 
Ninja Correlation of APT Binaries
Ninja Correlation of APT BinariesNinja Correlation of APT Binaries
Ninja Correlation of APT BinariesCODE BLUE
 
Switching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileSwitching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileDoc Norton
 
Information Security Project Management
Information Security Project ManagementInformation Security Project Management
Information Security Project ManagementIgor Pertsovsky
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX
 
SharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindSharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindChris Johnson
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress DevelopersDavid Brumbaugh
 
From Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsFrom Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsRonald Ashri
 
From Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsFrom Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsRonald Ashri
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Kancil San
 
Offline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresOffline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresPedro Teixeira
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitAmazon Web Services
 
Uncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningUncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningKan Ouivirach, Ph.D.
 
Gain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS SummitGain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS SummitAmazon Web Services
 
MVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & ProfitMVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & ProfitJohn Mark Troyer
 

Similaire à Web Application Hacking (20)

Transforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservicesTransforming developer from Commodity to Premium - A tale of micorservices
Transforming developer from Commodity to Premium - A tale of micorservices
 
Ninja Correlation of APT Binaries
Ninja Correlation of APT BinariesNinja Correlation of APT Binaries
Ninja Correlation of APT Binaries
 
Switching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to AgileSwitching horses midstream - From Waterfall to Agile
Switching horses midstream - From Waterfall to Agile
 
The Road to QA
The Road to QAThe Road to QA
The Road to QA
 
Information Security Project Management
Information Security Project ManagementInformation Security Project Management
Information Security Project Management
 
PRESENTATION
PRESENTATIONPRESENTATION
PRESENTATION
 
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
DNX GLOBAL Workshop ★ Katja Andes - Transforming your passion into a valid bu...
 
SharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mindSharePoint Saturday Redmond - Building solutions with the future in mind
SharePoint Saturday Redmond - Building solutions with the future in mind
 
CIA For WordPress Developers
CIA For WordPress DevelopersCIA For WordPress Developers
CIA For WordPress Developers
 
From Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dotsFrom Content Strategy to Drupal Site Building - Connecting the dots
From Content Strategy to Drupal Site Building - Connecting the dots
 
From Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the DotsFrom Content Strategy to Drupal Site Building - Connecting the Dots
From Content Strategy to Drupal Site Building - Connecting the Dots
 
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
Tailoring Malaysian Blockchain Regulations For Digital Economy 2018 MIGHT
 
Selection
SelectionSelection
Selection
 
Offline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failuresOffline-first: Making your app resilient to network failures
Offline-first: Making your app resilient to network failures
 
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS SummitCanary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
Canary Deployments on Amazon EKS with Istio - SRV305 - Chicago AWS Summit
 
Uncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine LearningUncover Python's Potential in Machine Learning
Uncover Python's Potential in Machine Learning
 
Gain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS SummitGain Maximum Visibility - DEM06 - Anaheim AWS Summit
Gain Maximum Visibility - DEM06 - Anaheim AWS Summit
 
Yammer time
Yammer timeYammer time
Yammer time
 
War robot.pptx
War robot.pptxWar robot.pptx
War robot.pptx
 
MVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & ProfitMVP-Style Influencer Programs for Fun & Profit
MVP-Style Influencer Programs for Fun & Profit
 

Plus de Muchammad Sholeh

Roadmap govcsirt versi sholeh
Roadmap govcsirt versi sholehRoadmap govcsirt versi sholeh
Roadmap govcsirt versi sholehMuchammad Sholeh
 
Ssl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholehSsl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholehMuchammad Sholeh
 
Softwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholehSoftwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholehMuchammad Sholeh
 
Openoffice 3.2.1 presentation
Openoffice 3.2.1 presentationOpenoffice 3.2.1 presentation
Openoffice 3.2.1 presentationMuchammad Sholeh
 
Open source Traning at Brebes
Open source Traning at BrebesOpen source Traning at Brebes
Open source Traning at BrebesMuchammad Sholeh
 

Plus de Muchammad Sholeh (13)

Roadmap govcsirt versi sholeh
Roadmap govcsirt versi sholehRoadmap govcsirt versi sholeh
Roadmap govcsirt versi sholeh
 
Ssl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholehSsl presentation verindo_rev_sholeh
Ssl presentation verindo_rev_sholeh
 
Spreadsheet
SpreadsheetSpreadsheet
Spreadsheet
 
Softwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholehSoftwarelegal dirjenaptika-sholeh
Softwarelegal dirjenaptika-sholeh
 
Se legal foss makassar
Se legal foss makassarSe legal foss makassar
Se legal foss makassar
 
Openoffice 3.2.1 presentation
Openoffice 3.2.1 presentationOpenoffice 3.2.1 presentation
Openoffice 3.2.1 presentation
 
Ooo writer pendahuluan
Ooo writer pendahuluanOoo writer pendahuluan
Ooo writer pendahuluan
 
Ooo writer
Ooo writerOoo writer
Ooo writer
 
IT Government
IT GovernmentIT Government
IT Government
 
Open source Traning at Brebes
Open source Traning at BrebesOpen source Traning at Brebes
Open source Traning at Brebes
 
Dss pert1
Dss pert1Dss pert1
Dss pert1
 
Pert1 netprog
Pert1 netprogPert1 netprog
Pert1 netprog
 
Gov csirt sholeh
Gov csirt sholehGov csirt sholeh
Gov csirt sholeh
 

Dernier

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Dernier (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

Web Application Hacking

  • 1. Web Application Hacking By Muchammad Sholeh Sharing Knowledge Session, Bank Danamon Lt. 5 KSI
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 9.
  • 12. A n I n t r o d u c t io n t o Z A P T h e O W A S P Z e d A tta c k P ro x y
  • 13. Main Feature A ll t h e e s s e n t ia ls f o r w e b a p p lic a t io n t e s t in g • I n t e r c e p t in g P r o x y • A c t iv e a n d P a s s iv e S c a n n e r s • S p id e r • R e p o r t G e n e r a t io n • B r u t e F o r c e ( u s in g O W A S P D ir B u s t e r c o d e ) • F u z z in g ( u s in g O W A S P J B r o F u z z c o d e )
  • 14. The Additional Features • A u t o t a g g in g • Po rt sca n n e r • Sm a rt ca rd su p p o rt • S e s s io n c o m p a r is o n • In v o k e e xte rn a l a p p s • B e a n S h e ll in t e g r a t io n • A P I + H e a d le s s m o d e • D y n a m ic S S L C e r t if ic a t e s • A n t i C S R F t o k e n h a n d lin g
  • 16.
  • 17. List Tools Scanning and Enumeration ● Zap Proxy ● Arachni ● W3AF ● Wapiti ● OpenVas ● Nessus ● Nikto.PL ● NMAP ● ShodanHQ
  • 18. Penetration Testing OS Base on OSS ● Backtrack Linux ● Kali Linux ● OWASP ● OSWTF ● Samurai Linux ● 4n6 ● etc
  • 19. Common Vulnerability Reference ● CVE (Common Vulnerability Exposure) ● OSVDB (Open Source Vulenerability Database) ● ExploitDB (http://www.exploit-db.com/) ● National Vulnerability Database ● Common Vulnerability Scoring System (CVSSSIG) -FIRST ● CVE Details (http://www.cvedetails.com/) ● Injector Exploitation Tools ● Exploit-ID (http://www.exploit-id.com/)
  • 20. EOF