1 © Copyright 2014 Coveros, Inc. All rights reserved. Web Application Security Testing: Kali Linux Is the Way to Go Gene Gotimer, Senior Architect

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Offensive Security Part 1 Basics of Penetration Testing
OWASP Xenotix XSS Exploit Framework
System Security Scanning and Discovery Chapter 14.
Penetration Testing Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014.
The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing
Hacking Exposed 7 Network Security Secrets & Solutions
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
MIS Week 3 Site:
OpenVAS Vulnerability Assessment Group 5 Igibek Koishybayev; Yingchao Zhu ChenQian; XingyuWu; XuZhuo Zhang.
Browser Exploitation Framework (BeEF) Lab
The Business of Penetration Testing
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Security Scanning OWASP Education Nishi Kumar Computer based training
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Linux Deploy This application is open source software for quick and easy installation of the operating system (OS) GNU/Linux on your Android device. The.
Introduction to Application Penetration Testing
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
April 14, 2008 Secure Coding Faculty Workshop Web Application Security: Exercise Development Approaches James Walden
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
Linux Networking and Security
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
AppSec USA 2014 Denver, Colorado CMS Hacking 101 Hacking and Securing Popular Open Source Content Management Systems.
Web Applications Testing By Jamie Rougvie Supported by.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
1 Copyright © 2015 Pexus LLC Patriot PS Personal Server Installing Patriot PS ISO Image on.
17 Establishing Dial-up Connection to the Internet Using Windows 9x 1.Install and configure the modem 2.Configure Dial-Up Adapter 3.Configure Dial-Up Networking.
Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
MIS Week 5 Site:
Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
Final Project: Advanced Security Blade IPS and DLP blades.
Top 10 Hacking Tool Welcome TO hackaholic Kumar shubham.
Learn Hacking – Part 1 - Requirement youtube.com/studentvideotutorial - Slides are available in description box below (youtube) / my website - By : Bijay.
Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products.
Geeks Need Basements. Who am I? Started in computer industry in 1982 Specializing in security for the past 15 years ASS (Application Security Specialist)
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Defining your requirements for a successful security (and compliance
[blank page for bug work-around]
Intro to Ethical Hacking
Penetration Testing Social Engineering Attack and Web-based Exploitation CIS 6395, Incident Response Technologies Fall.
Penetration Testing Presented by: Elham Hojati
Penetration Test Debrief
Chris D Hicks Director of IT MCSE, MCP + Internet Security
Penetration Testing Karen Miller.
Network Exploitation Tool
Penetration Testing Presented by: Elham Hojati
CIT 480: Securing Computer Systems
Intro to Ethical Hacking
Everything You Need To Know About Penetration Testing.
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
Backtrack Metasploit and SET
Cyber Operation and Penetration Testing Social Engineering Attack and Web-based Exploitation Cliff Zou University of Central Florida.
Engineering Secure Software
Presentation transcript:

1 © Copyright 2014 Coveros, Inc. All rights reserved. Web Application Security Testing: Kali Linux Is the Way to Go Gene Gotimer, Senior Architect

2 © Copyright 2014 Coveros, Inc. All rights reserved.  Coveros helps organizations accelerate the delivery of business value through secure, reliable software About Coveros

3 © Copyright 2014 Coveros, Inc. All rights reserved. Kali Linux –  Penetration Testing and Security Auditing Linux distribution  New generation of BackTrack Linux  Debian-based  Many install options: –i386, x86_64, ARM –Android devices –ISO, VMWare, AMI –Installed, virtual, dual boot, live USB –Metapackages

4 © Copyright 2014 Coveros, Inc. All rights reserved. Not for general use!  Single user  Default user is root –Many of the tools need root anyway –Live images use toor as default root password  Not recommended for Linux beginners –It is a pen testing and security auditing tool –Easy to mess up the system as root –Easy to attack your organization from within  even unintentionally…

5 © Copyright 2014 Coveros, Inc. All rights reserved.

6 Tool Categories  Information Gathering  Vulnerability Analysis  Web Applications  Password Attacks  Wireless Attacks  Exploitation Tools  Sniffing/Spoofing  Maintaining Access  Reverse Engineering  Stress Testing  Hardware Hacking  Forensics  Reporting Tools

7 © Copyright 2014 Coveros, Inc. All rights reserved.

8 Top 10 Security Tools  Aircrack-ng –wireless password cracking  Burp Suite –web application proxy and security testing  THC-Hydra –network password cracker  John the Ripper –Unix and Windows password cracker  Maltego –intelligence and forensics

9 © Copyright 2014 Coveros, Inc. All rights reserved. Top 10 Security Tools  Metasploit Framework –pentesting and exploitation tool  Nmap –network discovery  OWASP Zed Attack Proxy –web application scanner and proxy  sqlmap –SQL injection detection and exploitation  Wireshark –network protocol analyzer

10 © Copyright 2014 Coveros, Inc. All rights reserved. Many more tools  Hundreds of tools  Supporting software –GUI front ends  Greenbone for OpenVAS  Armitage for Metaploit  Zenmap for Nmap –updaters  Metasploit  OpenVAS  Tools are integrated –OpenVAS runs Nikto2, Wapiti, Nmap, Arachni –Metasploit can run OpenVAS

11 © Copyright 2014 Coveros, Inc. All rights reserved. Ways to Use Kali Linux  Professional Penetration Testing  Pen test Tool Suite –Install on a USB drive –Carry to the client site –All tools you need are available  Forensic Information Gathering –Live boot into forensic mode –Doesn’t touch internal hard drive –No auto mount of removable media  Password Recovery

12 © Copyright 2014 Coveros, Inc. All rights reserved. Ways for non-Pentesters to Use Kali Linux  Tool catalog –Browse menus to find tools in any category  Pre-installed tools –Try a tool to see if it meets your needs –Compare tools  Occasional security tests –Don’t have time/resources to maintain security testing environment  Exploitation software –Demonstrate vulnerabilities

13 © Copyright 2014 Coveros, Inc. All rights reserved.  VM with very vulnerable apps  Do not run on production network!  Training apps –WebGoat, Damn Vulnerable Web Application  Realistic, intentionally vulnerable apps  Old, vulnerable versions of real apps  Demo apps  OWASP Broken Web Applications

14 © Copyright 2014 Coveros, Inc. All rights reserved.  Discover hosts on a network  Find open ports/services on a host  Fingerprint OS  Identify service versions Network Scanners

15 © Copyright 2014 Coveros, Inc. All rights reserved.  Network scanner –Inventory –Discovery –Monitor  Not a vulnerability scanner  Variety of scan depths  Runs in seconds to minutes Nmap / zenmap

16 © Copyright 2014 Coveros, Inc. All rights reserved.

17 © Copyright 2014 Coveros, Inc. All rights reserved.

18 © Copyright 2014 Coveros, Inc. All rights reserved.

19 © Copyright 2014 Coveros, Inc. All rights reserved.

20 © Copyright 2014 Coveros, Inc. All rights reserved.

21 © Copyright 2014 Coveros, Inc. All rights reserved.  Web server scanner –Looks at the server software, e.g., Apache, for misconfigurations  Web application scanner –Looks at the application for vulnerabilities  XSS  SQLi  Command execution –Fuzzing  Typically black-box scans Web Vulnerability Scanner

22 © Copyright 2014 Coveros, Inc. All rights reserved. Nikto2  Web server scanner –Not a web application scanner –Looks at Apache  command-line tool – nikto –h  Runs in seconds to minutes, as much as a few hours  Report is text-only to the screen

23 © Copyright 2014 Coveros, Inc. All rights reserved.

24 © Copyright 2014 Coveros, Inc. All rights reserved. - Nikto v Target IP: Target Hostname: Target Port: 80 + Start Time: :40:40 (GMT-5) Server: Apache/ (Ubuntu) mod_mono/2.4.3 PHP/ ubuntu4.5 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/ OpenSSL/0.9.8k Phusion_Passenger/ mod_perl/2.0.4 Perl/v Server leaks inodes via ETags, header found with file /, inode: , size: 26711, mtime: 0x4e2b33fc8f300 + The anti-clickjacking X-Frame-Options header is not present. + OSVDB-3268: /cgi-bin/: Directory indexing found. + IP address found in the 'location' header. The IP is " ". + OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is " + Apache/ appears to be outdated (current is at least Apache/2.2.22). Apache (final release) and are also current. + mod_ssl/ appears to be outdated (current is at least ) (may depend on server version) + mod_perl/2.0.4 appears to be outdated (current is at least 2.0.7) + mod_mono/2.4.3 appears to be outdated (current is at least 2.8) Nikto2

25 © Copyright 2014 Coveros, Inc. All rights reserved. + OpenSSL/0.9.8k appears to be outdated (current is at least 1.0.1c). OpenSSL 0.9.8r is also current. + Python/2.6.5 appears to be outdated (current is at least 2.7.3) + PHP/ ubuntu4.5 appears to be outdated (current is at least 5.4.4) + Perl/v appears to be outdated (current is at least v5.14.2) + proxy_html/3.0.1 appears to be outdated (current is at least 3.1.2) + mod_ssl/ OpenSSL/0.9.8k Phusion_Passenger/ mod_perl/2.0.4 Perl/v mod_ssl and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit). CVE , OSVDB Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + Retrieved x-powered-by header: PHP/ ubuntu4.5 + Cookie phpbb2owaspbwa_data created without the httponly flag + Cookie phpbb2owaspbwa_sid created without the httponly flag + OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts. + OSVDB-3268: /test/: Directory indexing found. + OSVDB-3092: /test/: This might be interesting... + OSVDB-3092: /cgi-bin/: This might be interesting... possibly a system shell found. + OSVDB-3268: /icons/: Directory indexing found. Nikto2

26 © Copyright 2014 Coveros, Inc. All rights reserved. + OSVDB-3268: /images/: Directory indexing found. + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found. + Cookie phpMyAdmin created without the httponly flag + OSVDB-3233: /icons/README: Apache default file found. + Uncommon header 'x-pingback' found, with contents: + /wordpress/: A Wordpress installation was found. + /phpmyadmin/: phpMyAdmin directory found items checked: 1 error(s) and 32 item(s) reported on remote host + End Time: :41:23 (GMT-5) (43 seconds) host(s) tested Nikto2

27 © Copyright 2014 Coveros, Inc. All rights reserved. Wapiti  Web application scanner  Fuzzer  command-line tool – wapiti  Runs in minutes to a few hours –can get “stuck” on a URL  Report is text-only to the screen

28 © Copyright 2014 Coveros, Inc. All rights reserved.

29 © Copyright 2014 Coveros, Inc. All rights reserved.

30 © Copyright 2014 Coveros, Inc. All rights reserved.

31 © Copyright 2014 Coveros, Inc. All rights reserved. skipfish  Web application scanner  Fuzzer, very fast with dictionaries  command-line tool – touch wordlist.wl – skipfish –o /root/bsc \ –S /usr/share/skipfish/dictionaries/minimal.wl \ –W wordlist.wl  Runs in minutes to hours –Can be time boxed ( -k duration in h:m:s )  Report is HTML

32 © Copyright 2014 Coveros, Inc. All rights reserved.

33 © Copyright 2014 Coveros, Inc. All rights reserved.

34 © Copyright 2014 Coveros, Inc. All rights reserved.

35 © Copyright 2014 Coveros, Inc. All rights reserved.  Acts as a “man-in-the-middle” –inspect requests and responses –modify in-flight Intercepting Proxy Web Proxy Web Browser Web Server

36 © Copyright 2014 Coveros, Inc. All rights reserved. OWASP Zed Attack Proxy  Web application scanner and proxy  Intercepting proxy  Fuzzer  Scanner  Spider  GUI interface  Can generate XML and HTML reports

37 © Copyright 2014 Coveros, Inc. All rights reserved.

38 © Copyright 2014 Coveros, Inc. All rights reserved.

39 © Copyright 2014 Coveros, Inc. All rights reserved.

40 © Copyright 2014 Coveros, Inc. All rights reserved.  Not just find vulnerabilities, exploit them  Could be a true hacker tool  Can be used to prove vulnerability is real and can be exploited Exploitation Tools

41 © Copyright 2014 Coveros, Inc. All rights reserved.  Metasploit Framework– prove vulnerabilities –choose and configure exploit –scan target –choose and configure payload –choose encoding technique –execute exploit  Armitage– Graphical front end –launch scan –suggest exploits Metasploit / Armitage

42 © Copyright 2014 Coveros, Inc. All rights reserved.

43 © Copyright 2014 Coveros, Inc. All rights reserved.

44 © Copyright 2014 Coveros, Inc. All rights reserved.

45 © Copyright 2014 Coveros, Inc. All rights reserved.

46 © Copyright 2014 Coveros, Inc. All rights reserved.  Audit systems  Track vulnerabilities  Mark false positives  Not good one-time scan tools Vulnerability Management

47 © Copyright 2014 Coveros, Inc. All rights reserved. OpenVAS / Greenbone  Open-source fork of Nessus  System vulnerability scanner and manager  Daily feeds of Network Vulnerability Tests (NVTs)  Scans scheduled or on-demand  View results –by host or by scan –deltas  Overrides –false positives –backported fixes

48 © Copyright 2014 Coveros, Inc. All rights reserved.

49 © Copyright 2014 Coveros, Inc. All rights reserved.

50 © Copyright 2014 Coveros, Inc. All rights reserved.

51 © Copyright 2014 Coveros, Inc. All rights reserved.

52 © Copyright 2014 Coveros, Inc. All rights reserved.  Kali Linux is useful for: –finding security tools –trying security tools –using security tools Summary

53 © Copyright 2014 Coveros, Inc. All rights reserved.  Coveros is an ICAgile Member Training Organization (MTO) with courses accredited by ICAgile.  By participating in this session, you have started upon the path to earning internationally recognized Agile Professional Certifications. This course covers 4 of the more than 400 learning objectives from the ICAgile Learning Roadmap.  To claim your learning credits, navigate to and select link to claim ICAgile learning credits.  You will need to register and provide the code for this specific event: BSW14-WSTL Congratulations!

54 © Copyright 2014 Coveros, Inc. All rights reserved. Gene Gotimer Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.