1. HTML Level II (CyberAdvantage)
Session III
Introduction to Web Application Vulnerability Testing

2. Class Outline Web Application Security Web Application Vulnerabilities
Review of Commercial & Open Source Web App Vulnerability Scanning Tools
Web Browser App Development Tools
Web App Vulnerability Scanning Tools Exercise
9/22/2018
Copyright © Carl M. Burnett

3. Why do we need information security?

4. How can we protect an
_______?

5. Network Security vs Web Application Security
Perimeter defenses
Unwanted Traffic
Firewalls
Web Application Security
Allow Port 80 & 443 traffic.
Hope clients play by the rules.

6. Web Application Firewalls
Analyze incoming traffic
Delay an attack
Won’t fix Security holes in web Apps
Not immune to attacks
Extra Admin Overhead to ever changing web traffic

7. Automated Web Vulnerability Scanners
Check Web Server Vulnerabilities
Check Web Server Configuration
Crawls a Web Application for Signatures
Checks for:
Application Errors
Source Code Disclosure
Scans Input & Parameters for Vulnerabilities
SQL Injection
XSS
More………….

8. Advanced Penetration Test Tools
HTTP Sniffers
HTTP Fuzzer
HTTP Editors - Analyze HTTP requests from an automated crawl or scan, modify or craft HTTP requests and analyze the web server’s response.
Eases Manual Security Processing

9. Web Vulnerabilities OWASP - 2013 Top 10 Web Vulnerabilities
Acunetix - Web Application Vulnerabilities
Wikipedia - Web Application Vulnerabilities

10. Vulnerability Scanning Tools
SECTOOL Market: Price and Feature Comparison of Web Application Scanners
OWASP: Web Application Vulnerability Scanning Tools
SecTools.Org: Top 20 Web Vulnerability Scanners

11. Internet Explorer Developer Tools
F12

12. Firefox Firebug

13. Safari Developer Tools

14. Chrome Developer

15. Class Review Web Application Security Web Application Vulnerabilities
Review of Commercial & Open Source Web App Vulnerability Scanning Tools
Web Browser App Development Tools
9/22/2018
Copyright © Carl M. Burnett