Learn More About the Assessing and Exploiting Web Applications with Samurai - WTF

From OWASP
Jump to: navigation, search

Abstract: This course will focus on using open source tools to perform web application assessments. The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-WTF). Day one will take students through the steps and open source tools used to assess applications for vulnerabilities. Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks. The latest tools and techniques will be use throughout the course, including several tools developed by the trainers themselves. From the course outline:

Samurai-WTF Project and Distribution (about, using …)

Web Application Assessment Methodology (pentest types, four step methodology …)

Step 1: Reconnaissance

•Overview of Web Application Recon

•Domain and IP Registration Databases (Labs: whois)

•Google Hacking (Labs: gooscan, gpscan)

•Social Networks (Labs: Reconnoiter)

•DNS Interrogation (Labs: host, dig, nslookup, fierce)

Step 2: Mapping

•Overview of Mapping

•Port Scanning and Fingerprinting (Labs: nmap, zenmap, Yokoso!)

•Web Service Scanning (Labs: Nikto)

•Spidering (Labs: wget, curl, Paros, WebScarab, BurpSuite)

•Discovering “Non-Discoverable” URLs (Labs: DirBuster)

Step 3: Discovery

•Using Built-in Tools (Labs: Page Info, Error Console, DOM Inspector, View Source)

•Poking and Prodding (Labs: Default User Agent, Cookie Editor, Tamper Data)

•Interception Proxies (Labs: Paros, WebScarab, BurpSuite)

•Semi-Automated Discovery (Labs: RatProxy)

•Automated Discovery (Labs: Grendel-Scan, w3af)

•Information Discovery (Labs: CeWL)

•Fuzzing (Labs: JBroFuzz, BurpIntruder)

•Finding XSS (Labs: TamperData, XSS-Me, BurpIntruder)

•Finding SQL Injection (Labs: SQL Inject-Me, SQL Injection, BurpIntruder)

•Decompiling Flash Objects (Labs: Flare)

Step 4: Exploitation

•Username Harvesting (Labs: python)

•Brute Forcing Passwords (Labs: python)

•Command Injection (Labs: w3af)

•Exploiting SQL Injection (Labs: SQLMap, SQLNinja, Laudanum)

•Exploiting XSS (Labs: Durzosploit)

•Browser Exploitation (Labs: BeEF, BrowserRider, Yokoso!)

•Advanced exploitation through tool integration (MSF + sqlninga/sqlmap/BeEF

Trainer Bio: Justin Searle, a Senior Security Analyst with InGuardians, specializes in web application, network, and embedded penetration testing. Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS. Justin has an MBA in International Technology and is CISSP and SANS GIAC-certified in incident handling and hacker techniques (GCIH) and intrusion analysis (GCIA). Justin is one of the founders and lead developers of Samurai-WTF.