Soumettre la recherche
Mettre en ligne
What is bWAPP? | Web app security training tool
•
5 j'aime
•
2,031 vues
Titre amélioré par l'IA
Malik Mesellem
Suivre
Event: SANS 2015 Topic: Superbees Wanted Location: Orlando, Florida (US) Organizer: SANS
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 93
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
B wapp – bee bug – installation
B wapp – bee bug – installation
Ronan Dunne, CEH, SSCP
WordPress security for everyone
WordPress security for everyone
Vladimír Smitka
How to secure your web applications with NGINX
How to secure your web applications with NGINX
Wallarm
WordPress Server Security
WordPress Server Security
Peter Baylies
Realtime with-websockets-2015
Realtime with-websockets-2015
ColdFusionConference
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large Network
William Earnhardt
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) Hackable
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) Hackable
Darren Duke
WordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security Fundamentals
findingsimple
Recommandé
B wapp – bee bug – installation
B wapp – bee bug – installation
Ronan Dunne, CEH, SSCP
WordPress security for everyone
WordPress security for everyone
Vladimír Smitka
How to secure your web applications with NGINX
How to secure your web applications with NGINX
Wallarm
WordPress Server Security
WordPress Server Security
Peter Baylies
Realtime with-websockets-2015
Realtime with-websockets-2015
ColdFusionConference
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large Network
William Earnhardt
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) Hackable
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) Hackable
Darren Duke
WordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security Fundamentals
findingsimple
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
Amazon Web Services
ColdFusion builder plugins
ColdFusion builder plugins
ColdFusionConference
The moment my site got hacked
The moment my site got hacked
Marko Heijnen
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
Michele Orru
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
Instant ColdFusion with Vagrant
Instant ColdFusion with Vagrant
ColdFusionConference
WebGL and Real-Time Web Communication
WebGL and Real-Time Web Communication
Peter Moskovits
(WEB203) Building a Website That Costs Pennies to Operate | AWS re:Invent 2014
(WEB203) Building a Website That Costs Pennies to Operate | AWS re:Invent 2014
Amazon Web Services
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
ColdFusionConference
HTML5 WebSocket for the Real-Time Weband the Internet of Things
HTML5 WebSocket for the Real-Time Weband the Internet of Things
Peter Moskovits
Securing your web infrastructure
Securing your web infrastructure
WP Engine
Enterprise Hosting
Enterprise Hosting
Avarteq
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
OVHcloud
Local development with vvv jon trujillo
Local development with vvv jon trujillo
Jonathan Trujillo
(WEB305) Migrating Your Website to AWS | AWS re:Invent 2014
(WEB305) Migrating Your Website to AWS | AWS re:Invent 2014
Amazon Web Services
Rails security: above and beyond the defaults
Rails security: above and beyond the defaults
Matias Korhonen
NDC 2011 - Let me introduce my Moncai
NDC 2011 - Let me introduce my Moncai
moncai
Into the Box 2018 Building a PWA
Into the Box 2018 Building a PWA
Ortus Solutions, Corp
Keep Applications Online
Keep Applications Online
ColdFusionConference
Using WebSockets with ColdFusion
Using WebSockets with ColdFusion
cfjedimaster
SANS 2014 - Superbees Wanted
SANS 2014 - Superbees Wanted
Malik Mesellem
TDIS 2014 - Dealing with the risks: web applications
TDIS 2014 - Dealing with the risks: web applications
Malik Mesellem
Contenu connexe
Tendances
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
Amazon Web Services
ColdFusion builder plugins
ColdFusion builder plugins
ColdFusionConference
The moment my site got hacked
The moment my site got hacked
Marko Heijnen
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
Michele Orru
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
Instant ColdFusion with Vagrant
Instant ColdFusion with Vagrant
ColdFusionConference
WebGL and Real-Time Web Communication
WebGL and Real-Time Web Communication
Peter Moskovits
(WEB203) Building a Website That Costs Pennies to Operate | AWS re:Invent 2014
(WEB203) Building a Website That Costs Pennies to Operate | AWS re:Invent 2014
Amazon Web Services
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
ColdFusionConference
HTML5 WebSocket for the Real-Time Weband the Internet of Things
HTML5 WebSocket for the Real-Time Weband the Internet of Things
Peter Moskovits
Securing your web infrastructure
Securing your web infrastructure
WP Engine
Enterprise Hosting
Enterprise Hosting
Avarteq
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
OVHcloud
Local development with vvv jon trujillo
Local development with vvv jon trujillo
Jonathan Trujillo
(WEB305) Migrating Your Website to AWS | AWS re:Invent 2014
(WEB305) Migrating Your Website to AWS | AWS re:Invent 2014
Amazon Web Services
Rails security: above and beyond the defaults
Rails security: above and beyond the defaults
Matias Korhonen
NDC 2011 - Let me introduce my Moncai
NDC 2011 - Let me introduce my Moncai
moncai
Into the Box 2018 Building a PWA
Into the Box 2018 Building a PWA
Ortus Solutions, Corp
Keep Applications Online
Keep Applications Online
ColdFusionConference
Using WebSockets with ColdFusion
Using WebSockets with ColdFusion
cfjedimaster
Tendances
(20)
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
ColdFusion builder plugins
ColdFusion builder plugins
The moment my site got hacked
The moment my site got hacked
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
Instant ColdFusion with Vagrant
Instant ColdFusion with Vagrant
WebGL and Real-Time Web Communication
WebGL and Real-Time Web Communication
(WEB203) Building a Website That Costs Pennies to Operate | AWS re:Invent 2014
(WEB203) Building a Website That Costs Pennies to Operate | AWS re:Invent 2014
Developing High Performance and Scalable ColdFusion Application Using Terraco...
Developing High Performance and Scalable ColdFusion Application Using Terraco...
HTML5 WebSocket for the Real-Time Weband the Internet of Things
HTML5 WebSocket for the Real-Time Weband the Internet of Things
Securing your web infrastructure
Securing your web infrastructure
Enterprise Hosting
Enterprise Hosting
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Local development with vvv jon trujillo
Local development with vvv jon trujillo
(WEB305) Migrating Your Website to AWS | AWS re:Invent 2014
(WEB305) Migrating Your Website to AWS | AWS re:Invent 2014
Rails security: above and beyond the defaults
Rails security: above and beyond the defaults
NDC 2011 - Let me introduce my Moncai
NDC 2011 - Let me introduce my Moncai
Into the Box 2018 Building a PWA
Into the Box 2018 Building a PWA
Keep Applications Online
Keep Applications Online
Using WebSockets with ColdFusion
Using WebSockets with ColdFusion
Similaire à What is bWAPP? | Web app security training tool
SANS 2014 - Superbees Wanted
SANS 2014 - Superbees Wanted
Malik Mesellem
TDIS 2014 - Dealing with the risks: web applications
TDIS 2014 - Dealing with the risks: web applications
Malik Mesellem
Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?
Tom Kranz
Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?
Tom Kranz
Oracle WebLogic Server 12.2.1 Do More with Less
Oracle WebLogic Server 12.2.1 Do More with Less
Ed Burns
Java Web Application Security - Jazoon 2011
Java Web Application Security - Jazoon 2011
Matt Raible
Java Web Application Security - UberConf 2011
Java Web Application Security - UberConf 2011
Matt Raible
Advanced Techniques for Securing Web Applications
Advanced Techniques for Securing Web Applications
Amazon Web Services
AWS - Advanced Techniques for securing web applications
AWS - Advanced Techniques for securing web applications
Amazon Web Services
Java Web Application Security - Utah JUG 2011
Java Web Application Security - Utah JUG 2011
Matt Raible
Can containers be secured in paas?
Can containers be secured in paas?
Sufyaan Kazi
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
OpenStack Korea Community
2014 09-04-pj
2014 09-04-pj
Sébastien GIORIA
Using containerization to enable your microservice architecture
Using containerization to enable your microservice architecture
Apigee | Google Cloud
Back-ups: Hoe ze je kunnen redden van een cyberaanval
Back-ups: Hoe ze je kunnen redden van een cyberaanval
Combell NV
Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10
CA Technologies
Securing your Rails application
Securing your Rails application
clucasKrof
10 Razões para Usar MySQL em Startups
10 Razões para Usar MySQL em Startups
MySQL Brasil
AppSecEU2016-Amol-Sarwate-2016-State-of-Vulnerability-Exploits.pptx
AppSecEU2016-Amol-Sarwate-2016-State-of-Vulnerability-Exploits.pptx
EthioTelecom_Getahun Biratu
Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!
Regis Allen
Similaire à What is bWAPP? | Web app security training tool
(20)
SANS 2014 - Superbees Wanted
SANS 2014 - Superbees Wanted
TDIS 2014 - Dealing with the risks: web applications
TDIS 2014 - Dealing with the risks: web applications
Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?
Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?
Oracle WebLogic Server 12.2.1 Do More with Less
Oracle WebLogic Server 12.2.1 Do More with Less
Java Web Application Security - Jazoon 2011
Java Web Application Security - Jazoon 2011
Java Web Application Security - UberConf 2011
Java Web Application Security - UberConf 2011
Advanced Techniques for Securing Web Applications
Advanced Techniques for Securing Web Applications
AWS - Advanced Techniques for securing web applications
AWS - Advanced Techniques for securing web applications
Java Web Application Security - Utah JUG 2011
Java Web Application Security - Utah JUG 2011
Can containers be secured in paas?
Can containers be secured in paas?
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
2014 09-04-pj
2014 09-04-pj
Using containerization to enable your microservice architecture
Using containerization to enable your microservice architecture
Back-ups: Hoe ze je kunnen redden van een cyberaanval
Back-ups: Hoe ze je kunnen redden van een cyberaanval
Real World Problem Solving Using Application Performance Management 10
Real World Problem Solving Using Application Performance Management 10
Securing your Rails application
Securing your Rails application
10 Razões para Usar MySQL em Startups
10 Razões para Usar MySQL em Startups
AppSecEU2016-Amol-Sarwate-2016-State-of-Vulnerability-Exploits.pptx
AppSecEU2016-Amol-Sarwate-2016-State-of-Vulnerability-Exploits.pptx
Centurylink - Acceleration and securing modern applications!
Centurylink - Acceleration and securing modern applications!
Dernier
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
comworks
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Dernier
(20)
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
What is bWAPP? | Web app security training tool
1.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. What is bWAPP? Malik Mesellem Defense Needed, Superbees Wanted
2.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved.
3.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. MS15-034 Web related!
4.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Contact Me Malik Mesellem Email | malik@itsecgames.com Twitter | twitter.com/MME_IT LinkedIn | be.linkedin.com/in/malikmesellem Blog | itsecgames.blogspot.com
5.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. What is bWAPP? Contents Defense Needed bWAPP & bee-box WebApp Pentesting Hungry Evil Bees Superbees Wanted
6.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. What is bWAPP? Contents Defense Needed bWAPP & bee-box WebApp Pentesting Hungry Evil Bees Superbees Wanted
7.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Defense Needed Web application security is today's most overlooked aspect of securing the enterprise Hackers are concentrating their efforts on websites and web applications Web apps are an attractive target for cyber criminality, cyber warfare and hacktivism
8.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Defense Needed Why are web applications an attractive target? Easily available via the Internet (24/7) Mission-critical business applications with sensitive data Often direct access to backend data Traditional firewalls and SSL provide no protection Many applications are custom-made == vulnerable
9.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Defense Needed Why are web applications an attractive target? Easily available via the Internet (24/7) Mission-critical business applications with sensitive data Often direct access to backend data Traditional firewalls and SSL provide no protection Many applications are custom-made == vulnerable
10.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. DEFENSE is needed !
11.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. What is bWAPP? Contents Defense Needed bWAPP & bee-box WebApp Pentesting Hungry Evil Bees Superbees Wanted
12.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP == defense bWAPP, or a buggy Web APPlication Deliberately insecure web application, includes all major known web vulnerabilities Helps security enthusiasts, developers and students to discover and to prevent issues Prepares one for successful penetration testing and ethical hacking projects
13.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP == defense Web application security is not just installing a firewall, or scanning a site for ‘potential’ issues Black-box penetration testing, simulating real attack scenarios, is still needed! Confirms potential vulnerabilities, and excludes false positives Guarantees that your defense measures are working effectively bWAPP helps to improve your security-testing skills…
14.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved.
15.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. OMG! Are we prepared for REAL attack scenarios???
16.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP Testimonials Awesome! It's good to see fantastic tools staying up to date ... Ed Skoudis Founder of Counter Hack I just installed bWAPP 1.6 into the next release of SamuraiWTF ... Its a great app ... Justin Searle Managing Partner at UtiliSec Great progress on bWAPP BTW! :) Vivek Ramachandran Owner of SecurityTube
17.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP Architecture Open source PHP application Backend MySQL database Linux/Windows Apache/IIS WAMP or XAMPP
18.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP Features (1) Very easy to use and to understand Well structured and documented PHP code Different security levels (low/medium/high) ‘New user’ creation (password/secret) ‘Reset application/database’ feature Manual intervention page Email functionalities
19.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP Features (2) Local PHP settings file No-authentication mode (A.I.M.) ‘Evil Bee’ mode, bypassing security checks ‘Evil’ directory, including attack scripts WSDL file (Web Services/SOAP) Fuzzing possibilities
20.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP What makes bWAPP so unique? Well, it has over 100 web vulnerabilities Covering all major known web bugs Including all risks from the Top 10 project Focus is not on one specific issue!
21.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP Which bug do you want to hack today? (1) SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP, PHP Code, Host Header and SMTP injections Authentication, authorization and session management issues Malicious, unrestricted file uploads and backdoor files Arbitrary file access and directory traversals Heartbleed and Shellshock vulnerability Local and remote file inclusions (LFI/RFI) Server Side Request Forgery (SSRF)
22.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP Which bug do you want to hack today? (2) Configuration issues: Man-in-the-Middle, Cross-Domain policy file, FTP, SNMP, WebDAV, information disclosures,... HTTP parameter pollution and HTTP response splitting XML External Entity attacks (XXE) HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues Drupal, phpMyAdmin and SQLite issues Unvalidated redirects and forwards Denial-of-Service (DoS) attacks
23.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP Which bug do you want to hack today? (3) Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and Cross-Site Request Forgery (CSRF) AJAX and Web Services issues (JSON/XML/SOAP) Parameter tampering and cookie poisoning Buffer overflows and local privilege escalations PHP-CGI remote code execution HTTP verb tampering And much more
24.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP Which bug do you want to hack today?
25.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP
26.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP Coming soon! Cryptographic attacks Insecure session variables Session fixation More authentication issues WordPress vulnerabilities More D-XSS
27.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP External links Home page - www.itsecgames.com Download location - sourceforge.net/projects/bwapp Blog - itsecgames.blogspot.com
28.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bee-box Every bee needs a home… the bee-box VM pre-installed with bWAPP LAMP environment: Linux, Apache, MySQL and PHP Compatible with VMware and VirtualBox Requires zero installation
29.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bee-box bee-box is also made deliberately insecure… Opportunity to explore all bWAPP vulnerabilities Gives you several ways to hack and deface bWAPP Even possible to hack the bee-box to get full root access! Hacking, defacing and exploiting without going to jail You can download bee-box from here
30.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bee-box
31.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bee-box Features (1) Apache, Lighttpd, Nginx, MySQL and PHP installed Several PHP extensions installed (LDAP, SQLite,…) Vulnerable Bash, Drupal, OpenSSL and PHP-CGI Insecure DistCC, FTP, NTP, SNMP, VNC, WebDAV phpMyAdmin and SQLiteManager installed Postfix installed and configured AppArmor disabled
32.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bee-box Features (2) Weak self-signed SSL certificate ‘Fine-tuned’ file access permissions .htaccess files support enabled Some basic security tools installed Shortcuts to start, install and update bWAPP An amazing wallpaper An outdated Linux kernel…
33.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP & bee-box Ready, set, and hack! Only one thing to remember Logon credentials are…
34.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bee/bug
35.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP & bee-box Ready, set, and hack! Only one thing to remember Logon credentials are bee/bug Please don’t bug me anymore…
36.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP & bee-box Installation and configuration Install VMware Player or Oracle VirtualBox Extract, install, and start the bee-box VM Configure or check the IP settings Browse to the bWAPP web app http://[IP]/bWAPP/ Login with bee/bug
37.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP & bee-box General application settings settings.php, located under the bWAPP admin folder Connection settings SMTP settings A.I.M. mode Evil bee mode Static credentials
38.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP & bee-box General application settings Opening the settings file (as root) sudo gedit /var/www/bWAPP/admin/settings.php
39.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP & bee-box Settings
40.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP & bee-box A.I.M. mode Authentication Is Missing, a no-authentication mode May be used for testing web scanners and crawlers Procedure Change the IP address in the settings file Point your web scanner or crawler to http://[IP]/bWAPP/aim.php All hell breaks loose…
41.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. bWAPP & bee-box Worst-case-scenario-options Reset the application http://[IP]/bWAPP/reset.php Reset the application + database http://[IP]/bWAPP/reset.php?secret=bWAPP Reinstall the database Drop the database from phpMyAdmin http://[IP]/bWAPP/install.php
42.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Finally… time for a DEMO
43.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Demo
44.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. What is bWAPP? Contents Defense Needed bWAPP & bee-box WebApp Pentesting Hungry Evil Bees Superbees Wanted
45.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Penetration Testing Penetration testing, or pentesting Method of evaluating computer, network or application security by simulating an attack Active analysis of potential vulnerabilities by using ethical hacking techniques Penetration tests are sometimes a component of a full security audit
46.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Web App Penetration Testing Web application pentesting is focusing on evaluating the security of a web application Application is tested for known web vulnerabilities Manual, automatic and semi-automatic tests Source code analysis and web server configuration review as an option
47.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Web App Penetration Testing It’s all about identifying, exploiting, and reporting vulnerabilities Some considerations… Commercial tools vs. open source tools Not a best practice to use only one tool Most commercial scanners don’t exploit False positives are not allowed! People don’t like auto-generated reports
48.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Testing Methodologies A simple testing methodology
49.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Testing Methodologies A more advanced testing methodology
50.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. OWASP OWASP, or Open Web Application Security Project Worldwide non-profit organization focused on improving the security of software Freely-available articles, methodologies, documentation, tools, and technologies Vendor neutral, no recommendations for commercial products or services!
51.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. OWASP Current OWASP Projects Top 10 Project and Testing Guide Development and Code Review Guide Application Security Verification Standard Broken Web Applications (BWA) Zed Attack Proxy (ZAP)
52.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. OWASP OWASP Top 10 Project, lists the 10 most severe web application security risks Constantly updated, latest version released in 2013 Referenced by many standards, books, tools, and organizations, including MITRE and PCI DSS Good starting point for a web application pentest What to test? How to test? How to prevent?
53.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. OWASP OWASP Top 10 Application Security Risks
54.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. OWASP OWASP Top 10 placement
55.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. OWASP OWASP Top 10 placement
56.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Intercepting Proxies Intercepting proxies are testing tools acting as a legitimate Man-in-the-Middle (MitM) Located between the browser and the web application Ability to intercept and to modify requests/responses Provide a historical record of all requests Include integrated tools to discover vulnerabilities, and to crawl and brute force files and directories
57.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Intercepting Proxies ZAP, Zed Attack Proxy OWASP project, by Simon Bennetts Java application, released in September 2010 Fork of the Paros intercepting proxy Pentesting tool for finding vulnerabilities Provides automated scanning, as well as a set of tools to find security vulnerabilities manually
58.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Intercepting Proxies ZAP, Zed Attack Proxy Functionalities Intercepting proxy, listening on TCP/8080 Traditional and AJAX spider Automated and passive scanner Fuzzing and brute force capabilities Smartcard and client certificate support Authentication and session support
59.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Intercepting Proxies ZAP, Zed Attack Proxy
60.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Demo ZAP, Zed Attack Proxy Parameter/cookie tampering Online password attack Vulnerability detection
61.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Commercial Web Scanners Netsparker Automated ‘false positive free’ web security scanner Identifies security issues and vulnerabilities such as SQL injection and Cross-Site Scripting (XSS) Automatically exploits detected vulnerabilities to ensure no false positives are reported Free ‘Community Edition’ available!
62.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Commercial Web Scanners
63.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Commercial Web Scanners Netsparker
64.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Ready to Exploit some bugs?
65.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. What is bWAPP? Contents Defense Needed bWAPP & bee-box WebApp Pentesting Hungry Evil Bees Superbees Wanted
66.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Hungry Evil Bees Hacking, Defacing and Exploiting SQL Injection Cross-Site Scripting (XSS) Client-side Attacks Denial-of-Service (DoS) Unrestricted File Uploads Local Privilege Escalation
67.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. SQL Injection SQL injection is very common in web applications Occurs when user input is sent to a SQL interpreter as part of a query The attacker tricks the interpreter into executing unintended SQL queries
68.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. SQL Injection Injection in the OWASP Top 10
69.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. SQL Injection Normal operation DATABASE SQL interpreter WEB APP HTML | SQL BROWSER HTML (GET/POST) login password SELECT * FROM table WHERE login = ‘login’ AND password = ‘password’ result HTML SQL
70.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. DATABASE SQL interpreter WEB APP HTML | SQL BROWSER HTML (GET/POST) login ’ or 1=1-- SELECT * FROM table WHERE login = ‘login’ AND password = ‘’ or 1=1-- ’ result HTML SQL SQL Injection Abnormal operation
71.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. SQL Injection Simple injections '-- ' or 'a'='a ' or 'a'='a'-- ' or '1'='1 ' or 1=1--
72.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. SQL Injection Union injections ' UNION SELECT field1, field2 FROM table-- ' UNION SELECT table_name FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=database()-- Stacked queries '; DROP TABLE table;--
73.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. SQL Injection
74.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Blind SQL Injection Blind SQL injection occurs when the database does not output data to the web page Nearly identical to normal SQL injection, the way data is retrieved is different… The result of the SQL injection is determined based on the application’s responses Boolean-based or time-based Using automated tools is a must
75.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Blind SQL Injection Example: Time-based SQL injection blah' UNION SELECT 1,1,1,1,1,1 FROM heroes WHERE login='neo' AND ASCII(SUBSTRING(password,1,1))=116 AND SLEEP(5)-- blah' UNION SELECT 1,1,1,1,1,1 FROM heroes WHERE login='neo' AND ASCII(SUBSTRING(password,2,1))=114 AND SLEEP(5)-- blah' UNION SELECT 1,1,1,1,1,1 FROM heroes WHERE login='neo' AND ASCII(SUBSTRING(password,3,1))=105 AND SLEEP(5)-- blah' UNION SELECT 1,1,1,1,1,1 FROM heroes WHERE login='neo' AND ASCII(SUBSTRING(password,4,1))=110 AND SLEEP(5)--
76.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Automated SQL Injection sqlmap Open source penetration testing tool Automates the process of detecting and exploiting SQL injection Developed in Python, since July 2006 Full support for MS SQL, MySQL, Oracle, PostgreSQL,… Full support for various SQL injection techniques Site: http://sqlmap.org/
77.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Demo SQL Injection Bypassing login forms Manually extracting data Automated SQL injection Website defacement
78.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Cross-Site Scripting Cross-Site Scripting, or XSS, occurs when an attacker injects a browser script into a web application Insufficient validation of user-supplied data Dangerous when it is stored permanently! XSS can lead to Website defacements Phishing / session hijacking Client-side exploitation
79.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Cross-Site Scripting Types of XSS flaws Reflected XSS Stored XSS
80.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Cross-Site Scripting XSS in the OWASP Top 10
81.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Demo Cross-Site Scripting Detecting XSS Phishing & session hijacking Client-side exploitation
82.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Denial-of-Service Denial-of-Service attack, or DoS attack An attacker attempts to prevent legitimate users from accessing the application, server or network Consumes network bandwidth, server sockets, threads, or CPU resources Distributed Denial-of-Service attack, or DDoS Popular techniques used by hacktivists
83.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Denial-of-Service Newer layer 7 DoS attacks are more powerful! “Low-bandwidth application layer DoS” Advantages of layer 7 DoS Legitimate TCP/UDP connections, difficult to differentiate from normal traffic Requires lesser number of connections, possibility to stop a web server from a single attack Reach resource limits of services, regardless of the hardware capabilities of the server
84.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Denial-of-Service Layer 7 DoS methods HTTP Slow Headers HTTP Slow POST HTTP Slow Reading Apache Range Header SSL/TLS Renegotiation XML Bombs
85.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Demo Denial-of-Service HTTP Slow POST MS15-034 (>SSRF)
86.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Web Shells Web shells are malicious web pages that provide an attacker functionality on a web server Making use of server-side scripting languages like PHP, ASP, ASPX, JSP, CFM, Perl,... Web shell functionalities File transfers Command execution Network reconnaissance Database connectivity
87.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Web Shells External attack vectors (Blind) SQL Injection OS Command Injection Remote File Inclusion Unrestricted File Upload Insecure FTP, WebDAV,…
88.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Demo Web Shell Web shell creation Remote shell access Escalating privileges... Getting root access!
89.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. What is bWAPP? Contents Defense Needed bWAPP & bee-box Web App Pentesting Hungry Evil Bees Superbees Wanted
90.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Superbees Wanted Hi little bees, during this talk we Defaced our website Compromised the server Compromised a client Made the server unreachable Hijacked a session Stole credentials…
91.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. And we have so much more bugs… Time to improve your web security Defense is really needed Downloading bWAPP is a first start Remember, every bee needs a superbee Are you that superbee? Superbees Wanted @MME_IT #bWAPP
92.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. Contact Me Malik Mesellem Email | malik@itsecgames.com Twitter | twitter.com/MME_IT LinkedIn | be.linkedin.com/in/malikmesellem Blog | itsecgames.blogspot.com
93.
What is bWAPP?
| © 2015 Malik Mesellem, all rights reserved. What is bWAPP? Malik Mesellem Defense Needed, Superbees Wanted
Télécharger maintenant