Download presentation
Presentation is loading. Please wait.
1
Information Networking Security and Assurance Lab National Chung Cheng University WebGoat
2
Information Networking Security and Assurance Lab National Chung Cheng University 2 INSA@CCU Contents Overview Environment Install Required Software Install WebGoat Getting Started Usage of WebGoat Example
3
Information Networking Security and Assurance Lab National Chung Cheng University 3 INSA@CCU Overview Illustrate Typical Security Flaws within Web- Applications Teach a Structured Approach to Testing and Exploiting Give Practical Training and Examples
4
Information Networking Security and Assurance Lab National Chung Cheng University 4 INSA@CCU Environment OS Red Hat Linux 7.3 (2.4.18-3) Required Software Java Development Kit Apache Ant 1.6.1 Tomcat 5.0.25
5
Information Networking Security and Assurance Lab National Chung Cheng University 5 INSA@CCU Install Required Software Java 2 SDK, Standard Edition 1.4.2_04 http://java.sun.com/
6
Information Networking Security and Assurance Lab National Chung Cheng University 6 INSA@CCU Install Required Software (cont.) Unpacking the Package
7
Information Networking Security and Assurance Lab National Chung Cheng University 7 INSA@CCU Install Required Software (cont.) Installing JDK RPM Package
8
Information Networking Security and Assurance Lab National Chung Cheng University 8 INSA@CCU Install Required Software Downloading Apache ANT 1.6.1 http://ant.apache.org/srcdownload.cgi
9
Information Networking Security and Assurance Lab National Chung Cheng University 9 INSA@CCU Install Required Software (cont.) Unpacking the Package
10
Information Networking Security and Assurance Lab National Chung Cheng University 10 INSA@CCU Install Required Software (cont.) Building and Installing Apache Ant
11
Information Networking Security and Assurance Lab National Chung Cheng University 11 INSA@CCU Install Required Software (cont.) Downloading Tomcat 5 http://jakarta.apache.org/site/sourceindex.cgi
12
Information Networking Security and Assurance Lab National Chung Cheng University 12 INSA@CCU Install Required Software (cont.) Uncompressing the Package
13
Information Networking Security and Assurance Lab National Chung Cheng University 13 INSA@CCU Install Required Software (cont.) Building All Components of Tomcat 5
14
Information Networking Security and Assurance Lab National Chung Cheng University 14 INSA@CCU Install Required Software (cont.) Running Tomcat 5
15
Information Networking Security and Assurance Lab National Chung Cheng University 15 INSA@CCU Install Required Software (cont.) Testing Tomcat 5
16
Information Networking Security and Assurance Lab National Chung Cheng University 16 INSA@CCU Install WebGoat Download WebGoat Source Distribution http://www.owasp.org/development/webgoat
17
Information Networking Security and Assurance Lab National Chung Cheng University 17 INSA@CCU Install WebGoat (cont.) Put catalina-ant.jar into /usr/local/ant/lib
18
Information Networking Security and Assurance Lab National Chung Cheng University 18 INSA@CCU Install WebGoat (cont.) Unpacking the WebGoat src Distribution
19
Information Networking Security and Assurance Lab National Chung Cheng University 19 INSA@CCU Install WebGoat (cont.) Modify catalina.home property in build.xml to specify tomcat installation directory
20
Information Networking Security and Assurance Lab National Chung Cheng University 20 INSA@CCU Install WebGoat (cont.) Add to the tomcat_home/conf/tomcat-users.xml file
21
Information Networking Security and Assurance Lab National Chung Cheng University 21 INSA@CCU Install WebGoat (cont.) Uncomment the invoker mapping in web.xml
22
Information Networking Security and Assurance Lab National Chung Cheng University 22 INSA@CCU Install WebGoat (cont.) Starting the Compile
23
Information Networking Security and Assurance Lab National Chung Cheng University 23 INSA@CCU Install WebGoat (cont.) Create a New WebGoat.war File
24
Information Networking Security and Assurance Lab National Chung Cheng University 24 INSA@CCU Install WebGoat (cont.) Installing WebGoat
25
Information Networking Security and Assurance Lab National Chung Cheng University 25 INSA@CCU Getting Started Running Tomcat 5 and Trying http://[server_ip]:8080/WebGoat/attack
26
Information Networking Security and Assurance Lab National Chung Cheng University 26 INSA@CCU Usage of WebGoat Lesson Plans
27
Information Networking Security and Assurance Lab National Chung Cheng University 27 INSA@CCU Lesson Plans Http Basics How to Perform Database Cross Site Scripting (xss) How to Spoof an Authentication Cookie How to Exploit Hidden Fields How to Discover Clues in the HTML How to Perform Parameter Injection How to Perform SQL Injection How to Exploit Thread Safety Problems How to Exploit Unchecked Email How to Spoof an Authentication Cookie Putting it all together
28
Information Networking Security and Assurance Lab National Chung Cheng University 28 INSA@CCU Lesson Plans (cont.)
29
Information Networking Security and Assurance Lab National Chung Cheng University 29 INSA@CCU Example: SQL Injection
30
Information Networking Security and Assurance Lab National Chung Cheng University 30 INSA@CCU Example: SQL Injection (cont.)
31
Information Networking Security and Assurance Lab National Chung Cheng University 31 INSA@CCU Example: SQL Injection (cont.)
32
Information Networking Security and Assurance Lab National Chung Cheng University 32 INSA@CCU Example: SQL Injection (cont.)
33
Information Networking Security and Assurance Lab National Chung Cheng University 33 INSA@CCU Example: SQL Injection (cont.)
34
Information Networking Security and Assurance Lab National Chung Cheng University 34 INSA@CCU Example: SQL Injection (cont.)
Similar presentations
