SlideShare a Scribd company logo

Intro to IronWASP

n|u - The Open Security Community
n|u - The Open Security Community

null Hyderabad Chapter - April 2014 Meet

EducationTechnology
1 of 13
Download to read offline
Intro to IronWASP -- ABHIJETH DUGGINAPEDDI
Hello Time to brag: Security Consultant at TCS for bread and butter Love speaking and training Got lucky with Google, Y!, Microsoft, Twitter .. Etc Love anime and politics !! Trying to contribute to the security community and start-ups in Hyd. Abhijeth Dugginapeddi www.abhijeth.com @abhijeth Fb.com/abhijethd
For the next 40 minutes Why What is How to use Pentesting with Few comparisons between IronWASP and Burpsuite Resources and Credits
What does it do??  Vulnerability Scanner  Intelligent crawler  Checks for OWASP top 10 and Sans top 25  Extensible via plug-ins or modules in Python, Ruby, C# or VB.NET  False positive detection  Generate reports in HTML and RTF formats
Why the developers think that the tool is great??  Powerful and effective  WiHawk - WiFi Router Vulnerability Scanner by  XmlChor - Automatic XPATH Injection Exploitation Tool IronSAP - SAP Security Scanner SSL Security Checker - Scanner to discover vulnerabilities in SSL installations  OWASP Skanda - Automatic SSRF Exploitation Tool  CSRF PoC Generator - Tool for automatically generating exploits for CSRF vulnerabilities  HAWAS - Tool for automatically detecting and decoding encoded strings and hashes in websites
Why do I like it??  HP WebInspect 10.0 starts at $1,500 and is licensed per application  IBM Appscan Singe User 4500$  IBM Appscan enterprise 155,000$  Acunetix 1 year 3195$  Acunetix with maintenance 5995$  BurpSuite Professional per year 299$
And ..  Nice framework  Simple to use  No rocket science required  Good for beginners  Good for companies to use during low budget projects  Little better than other free tools  Finally, developed by an Indian researcher. Support him !!
Questions ???
Special thanks Resources : http://blog.ironwasp.org/ And his team: WiHawk Anamika Singh XmlChor Harshal Jamdade IronSAP Prasanna K SSL Security Checker Manish Saindane OWASP Skanda Jayesh Singh Chauhan CSRF PoC Generator Jayesh Singh Chauhan Lavakumar Kuppan @lavakumark Founder of the IronWASP Project. Author of many Security Tools.
Lets catch up: Fb.com/abhijethd @abhijeth www.abhijeth.com Also thank you www.null.co.in fb.com/nullhyd @nullhyd

Recommended

ESAPI
ESAPIESAPI
ESAPIn|u - The Open Security Community
 
Esapi
EsapiEsapi
EsapiSatish Govindappa
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shAPIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shapidays
 
Automating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumAutomating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumSauce Labs
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaEdureka!
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”Moshiul Islam, CISSP, CISA, CFE
 

Recommended

ESAPI
ESAPIESAPI
ESAPIn|u - The Open Security Community
 
Esapi
EsapiEsapi
EsapiSatish Govindappa
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shAPIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.sh
APIdays Paris 2019 - The Rise of Shadow APIs by Guillaume Montard, Bearer.shapidays
 
Automating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumAutomating Hybrid Applications with Appium
Automating Hybrid Applications with AppiumSauce Labs
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaEdureka!
 
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”Moshiul Islam, CISSP, CISA, CFE
 
Mobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumMobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumSelenium Cucumber
 
What is Sauce Labs?
What is Sauce Labs? What is Sauce Labs?
What is Sauce Labs? Sauce Labs
 
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Edureka!
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumSauce Labs
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application SecurityShahee Mirza
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
Introduction To Appium With Robotframework
Introduction To Appium With RobotframeworkIntroduction To Appium With Robotframework
Introduction To Appium With RobotframeworkSyam Sasi
 
Testing on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesTesting on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesSauce Labs
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
Selenium, Appium, and Robots!
Selenium, Appium, and Robots!Selenium, Appium, and Robots!
Selenium, Appium, and Robots!hugs
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Lorenzo Barbieri
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsIsaac Murchie
 
Testing Native iOS Apps with Appium
Testing Native iOS Apps with AppiumTesting Native iOS Apps with Appium
Testing Native iOS Apps with AppiumSauce Labs
 
Wheat - Mobile functional test automation
Wheat - Mobile functional test automationWheat - Mobile functional test automation
Wheat - Mobile functional test automationSunny Tambi
 
Modern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioModern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioMarios Fakiolas
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation42Crunch
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016Dan Cuellar
 
Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Sauce Labs
 
Everything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumEverything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumLizzy Guido (she/her)
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-In|u - The Open Security Community
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinuxRene Cunningham
 

More Related Content

What's hot

Mobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumMobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumSelenium Cucumber
 
What is Sauce Labs?
What is Sauce Labs? What is Sauce Labs?
What is Sauce Labs? Sauce Labs
 
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Edureka!
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumSauce Labs
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application SecurityShahee Mirza
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
Introduction To Appium With Robotframework
Introduction To Appium With RobotframeworkIntroduction To Appium With Robotframework
Introduction To Appium With RobotframeworkSyam Sasi
 
Testing on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesTesting on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesSauce Labs
 
Selenium, Appium, and Robots!
Selenium, Appium, and Robots!Selenium, Appium, and Robots!
Selenium, Appium, and Robots!hugs
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Lorenzo Barbieri
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsIsaac Murchie
 
Testing Native iOS Apps with Appium
Testing Native iOS Apps with AppiumTesting Native iOS Apps with Appium
Testing Native iOS Apps with AppiumSauce Labs
 
Wheat - Mobile functional test automation
Wheat - Mobile functional test automationWheat - Mobile functional test automation
Wheat - Mobile functional test automationSunny Tambi
 
Modern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioModern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioMarios Fakiolas
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation42Crunch
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016Dan Cuellar
 
Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Sauce Labs
 
Everything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumEverything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumLizzy Guido (she/her)
 

What's hot (20)

Mobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appiumMobile automation using selenium cucumber & appium
Mobile automation using selenium cucumber & appium
 
What is Sauce Labs?
What is Sauce Labs? What is Sauce Labs?
What is Sauce Labs?
 
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & Appium
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application Security
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
 
Introduction To Appium With Robotframework
Introduction To Appium With RobotframeworkIntroduction To Appium With Robotframework
Introduction To Appium With Robotframework
 
Testing on Mobile Devices with Location Services
Testing on Mobile Devices with Location ServicesTesting on Mobile Devices with Location Services
Testing on Mobile Devices with Location Services
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
Selenium, Appium, and Robots!
Selenium, Appium, and Robots!Selenium, Appium, and Robots!
Selenium, Appium, and Robots!
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
 
Improving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce LabsImproving Android app testing with Appium and Sauce Labs
Improving Android app testing with Appium and Sauce Labs
 
Testing Native iOS Apps with Appium
Testing Native iOS Apps with AppiumTesting Native iOS Apps with Appium
Testing Native iOS Apps with Appium
 
Wheat - Mobile functional test automation
Wheat - Mobile functional test automationWheat - Mobile functional test automation
Wheat - Mobile functional test automation
 
Modern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressioModern e2e-testing-for-complex-web-applications-with-cypressio
Modern e2e-testing-for-complex-web-applications-with-cypressio
 
Why you need API Security Automation
Why you need API Security AutomationWhy you need API Security Automation
Why you need API Security Automation
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016
 
Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)Using Selenium to Test Native Apps (Wait, you can do that?)
Using Selenium to Test Native Apps (Wait, you can do that?)
 
Everything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and SeleniumEverything You Need To Know about Appium and Selenium
Everything You Need To Know about Appium and Selenium
 

Viewers also liked

Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)cnokia
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMfaraz hussain
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Wlad1m1r
 
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourCyren, Inc
 
Pyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringPyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringIshan Girdhar
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsAugust Detlefsen
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
Windows Azure Versioning Strategies
Windows Azure Versioning StrategiesWindows Azure Versioning Strategies
Windows Azure Versioning StrategiesPavel Revenkov
 
Wcf security session 1
Wcf security session 1Wcf security session 1
Wcf security session 1Anil Kumar M
 
Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)Marc Wickenden
 

Viewers also liked (20)

Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-I
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinux
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEM
 
Operating system security
Operating system securityOperating system security
Operating system security
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011Acunetix technical presentation v7 setembro2011
Acunetix technical presentation v7 setembro2011
 
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
 
Paypal-IPN
Paypal-IPNPaypal-IPN
Paypal-IPN
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an Hour
 
IronSAP
IronSAP IronSAP
IronSAP
 
Pyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringPyscho-Strategies for Social Engineering
Pyscho-Strategies for Social Engineering
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Windows Azure Versioning Strategies
Windows Azure Versioning StrategiesWindows Azure Versioning Strategies
Windows Azure Versioning Strategies
 
Wcf security session 1
Wcf security session 1Wcf security session 1
Wcf security session 1
 
Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)
 

Similar to Intro to IronWASP

Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1Gabriel Ortiz
 
Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2Brian Pichman
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Apigee | Google Cloud
 
03_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB201903_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB2019Kumton Suttiraksiri
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
We-Donut.io presentation of Platform
We-Donut.io presentation of PlatformWe-Donut.io presentation of Platform
We-Donut.io presentation of PlatformDennis Reurings
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfsivaganeshsivakumar1
 
AsyncAPI specification
AsyncAPI specificationAsyncAPI specification
AsyncAPI specificationfmvilas
 
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...WordCamp Kathmandu
 
Speaking APIsh makes your business more agile
Speaking APIsh makes your business more agileSpeaking APIsh makes your business more agile
Speaking APIsh makes your business more agileMarjukka Niinioja
 
Creating Datadipity
Creating DatadipityCreating Datadipity
Creating DatadipityClickslide
 
NZCS Cloud Computing Presentation
NZCS Cloud Computing PresentationNZCS Cloud Computing Presentation
NZCS Cloud Computing PresentationAbhinav Keswani
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open StandardsAPIsecure_ Official
 
Tastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierTastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierHarvard Web Working Group
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014openi_ict
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014Michael Petychakis
 
The Open Source... Behind the Tweets
The Open Source... Behind the TweetsThe Open Source... Behind the Tweets
The Open Source... Behind the TweetsChris Aniszczyk
 

Similar to Intro to IronWASP (20)

Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1Clickslide Datadipity Beta V1
Clickslide Datadipity Beta V1
 
Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2Using AI at the Library - SWFLN Makerpalooza - Session 2
Using AI at the Library - SWFLN Makerpalooza - Session 2
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.
 
03_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB201903_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB2019
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
 
We-Donut.io presentation of Platform
We-Donut.io presentation of PlatformWe-Donut.io presentation of Platform
We-Donut.io presentation of Platform
 
AI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdfAI assisted testing using postman and openAI.pdf
AI assisted testing using postman and openAI.pdf
 
AsyncAPI specification
AsyncAPI specificationAsyncAPI specification
AsyncAPI specification
 
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
AI-Volution: WordPress Developer’s Guide to Evolve in the Age of AI by Abhish...
 
Speaking APIsh makes your business more agile
Speaking APIsh makes your business more agileSpeaking APIsh makes your business more agile
Speaking APIsh makes your business more agile
 
Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days Intelligent IoT Projects In 7 Days
Intelligent IoT Projects In 7 Days
 
Creating Datadipity
Creating DatadipityCreating Datadipity
Creating Datadipity
 
The impact of IoT on APIs
The impact of IoT on APIsThe impact of IoT on APIs
The impact of IoT on APIs
 
NZCS Cloud Computing Presentation
NZCS Cloud Computing PresentationNZCS Cloud Computing Presentation
NZCS Cloud Computing Presentation
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
 
Tastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierTastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work Easier
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014
 
API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014API Athens Meetup - API standards 25-6-2014
API Athens Meetup - API standards 25-6-2014
 
The Open Source... Behind the Tweets
The Open Source... Behind the TweetsThe Open Source... Behind the Tweets
The Open Source... Behind the Tweets
 
Your API is not a Website!
Your API is not a Website!Your API is not a Website!
Your API is not a Website!
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 

Recently uploaded (20)

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 

Intro to IronWASP

  • 1. Intro to IronWASP -- ABHIJETH DUGGINAPEDDI
  • 2. Hello Time to brag: Security Consultant at TCS for bread and butter Love speaking and training Got lucky with Google, Y!, Microsoft, Twitter .. Etc Love anime and politics !! Trying to contribute to the security community and start-ups in Hyd. Abhijeth Dugginapeddi www.abhijeth.com @abhijeth Fb.com/abhijethd
  • 3. For the next 40 minutes Why What is How to use Pentesting with Few comparisons between IronWASP and Burpsuite Resources and Credits
  • 4.
  • 5. What does it do??  Vulnerability Scanner  Intelligent crawler  Checks for OWASP top 10 and Sans top 25  Extensible via plug-ins or modules in Python, Ruby, C# or VB.NET  False positive detection  Generate reports in HTML and RTF formats
  • 6.
  • 7. Why the developers think that the tool is great??  Powerful and effective  WiHawk - WiFi Router Vulnerability Scanner by  XmlChor - Automatic XPATH Injection Exploitation Tool IronSAP - SAP Security Scanner SSL Security Checker - Scanner to discover vulnerabilities in SSL installations  OWASP Skanda - Automatic SSRF Exploitation Tool  CSRF PoC Generator - Tool for automatically generating exploits for CSRF vulnerabilities  HAWAS - Tool for automatically detecting and decoding encoded strings and hashes in websites
  • 8. Why do I like it??  HP WebInspect 10.0 starts at $1,500 and is licensed per application  IBM Appscan Singe User 4500$  IBM Appscan enterprise 155,000$  Acunetix 1 year 3195$  Acunetix with maintenance 5995$  BurpSuite Professional per year 299$
  • 9. And ..  Nice framework  Simple to use  No rocket science required  Good for beginners  Good for companies to use during low budget projects  Little better than other free tools  Finally, developed by an Indian researcher. Support him !!
  • 10.
  • 12. Special thanks Resources : http://blog.ironwasp.org/ And his team: WiHawk Anamika Singh XmlChor Harshal Jamdade IronSAP Prasanna K SSL Security Checker Manish Saindane OWASP Skanda Jayesh Singh Chauhan CSRF PoC Generator Jayesh Singh Chauhan Lavakumar Kuppan @lavakumark Founder of the IronWASP Project. Author of many Security Tools.
  • 13. Lets catch up: Fb.com/abhijethd @abhijeth www.abhijeth.com Also thank you www.null.co.in fb.com/nullhyd @nullhyd