Subir Archivo

owasp owtf the offensive (web) testing framework + ptes penetration testing execution standard =...

  • Home
  • Software
  • Owasp owtf the offensive (web) testing framework + ptes penetration testing execution standard = kali power auto web pentests
Download Owasp owtf the offensive (web) testing framework + ptes penetration testing execution standard = kali power auto web pentests

If you can't read please download the document

Upload: mauro-risonho-de-paula-assumpcao

Post on 08-Jun-2015

345 views

Category:

Software


0 download

Report

DESCRIPTION

Owasp owtf the offensive (web) testing framework + ptes penetration testing execution standard = kali power auto web pentests

TRANSCRIPT

  • 1. OWASP OWTF the Offensive(Web) Testing Framework+PTES Penetration TestingExecution Standard=Kali Power Auto Web Pentests!Mauro Risonho de Paula Assumpaoaka firebitsbrSao Paulo, Brasil - 2014

2. $WHOISMauro Risonho de Paula AssumpoEspecialista em SGTI pela ICTS [email protected] Autodidata/Entusiasta/Pentester/Analista em Vulnerabilidades/Security Researcher/Instrutor/Palestrante eEterno Aprendiz de Conhecimentoshttps://github.com/firebitsbrhttps://www.linkedin.comhttp://www.backtrack-linux.orgwww.slideshare.net/firebits/ (migrando Google)@[email protected] [email protected]+ mauro.risonho / mrpa.security 3. Agenda OWTF Intro Instalando OWTF com o Kali (apenas tools web) Executando OWTF Parte 1: OWTF Passive + Semi-passive Web analysis Parte 2: OWTF Active Web analysis Parte 3: OWTF aux plugins SE, IDs testing Conclusao Q&A 4. Email do Autor 5. Offensive (Web) Testing Framework= Multi-level cheating tactics 6. OWTF Chess-like approachKasparov against Deep Blue - http://www.robotikka.com 7. Steps- http://cdimage.kali.org/kali-1.0.8/kali-linux-1.0.8-amd64.iso- http://docs.kali.org/network-install/kali-linux-network-mini-iso-install- https://www.owasp.org/index.php/OWASP_OWTF- githubgit clone git://github.com/owtf/owtf.git- OWTF 0.45.0 Winter Blizzardwget https://github.com/owtf/owtf/archive/v0.45.0_Winter_Blizzard.tar.gztar -xvvf v0.45.0_Winter_Blizzard.tar.gzkali-linux-web = Kali Linux web app assessment tools (group install)apt-get install kali-linux-web -y 8. Install via git#git clone https://github.com/owtf/owtf.git#cd /root/owtf/install#python install.py#YES, YES, YES...FOREVER! 9. Escolher opcao 1 10. Escolher Y YES 11. Acabou de instalarcom sucesso! :) 12. Definir quais tools usar#vim /root/owtf/profiles/general/default.cfgFramework path: @@@FRAMEWORK_DIR@@@/tools/...#TOOL_WHATWEB:@@@FRAMEWORK_DIR@@@/tools/whatweb/whatweb-0.4.7/whatwebTOOL_WHATWEB:@@@FRAMEWORK_DIR@@@/tools/restricted/whatweb/whatweb-0.4.7/whatweb 13. OWTF CLIpython owtf.py -h|more 14. Listar plugins OWTF - Web Attacks# python owtf.py -l web 15. Simulation modeSimulation mode -s :1) SIMULATES what OWTF will do (so it doesnot do it!):2) Is useful to check the effect of a commandbefore running it#python owtf.py -s https://accounts.google.com| more 16. DEMOpython owtf.py www.google.com 17. Reports? file:///root/owtf/owtf_review/index.html 18. DEMOS Parte 1: OWTF Passive + Semi-passive Webanalysis Parte 2: OWTF Active Web analysis Parte 3: OWTF aux plugins SE, IDs testing 19. Conclusao OWASP OWTF um framework que automatizae faz ganhar muito tempo em pentest(s) comfoco em targets em web applications einfraweb, nas tarefas rotineiras, mas pentestscustomizados, apenas agrega um pouco maisvalor, mas nao substitui o processo manual,inteligente e humano. 20. Duvidas? 21. $WHOISMauro Risonho de Paula AssumpoEspecialista em SGTI pela ICTS [email protected] Autodidata/Entusiasta/Pentester/Analista em Vulnerabilidades/Security Researcher/Instrutor/Palestrante eEterno Aprendiz de Conhecimentoshttps://github.com/firebitsbrhttps://www.linkedin.comhttp://www.backtrack-linux.orgwww.slideshare.net/firebits/ (migrando Google)@[email protected] [email protected]+ mauro.risonho / mrpa.security


Software testing and_quality_assurance_powerpoint_presentation

Handbook Usability Testing - Capitulo 13

WebCamps Software Testing

Conhecendo Property Based Testing

ATC BSB - Agile Testing

Software Testing Schools (Escolas de Teste)

Handbook Usability Testing - Capitulo 8

Goals Based Testing

Testing sucks

0168 testing el_camino_para_que_confien_en_nuestro_software

Ideais Cowabunga - Headless Testing com GhostDriver

Mutation Testing

Eventos Históricos en Testing

Fatigue Testing of Coke Drum Plates Reinforced With Weld ...refiningcommunity.com/wp-content/uploads/2017/07/Fatigue-Testing... · Fatigue Testing of Coke Drum Plates Reinforced With

Ante Part Um Testing

Beneficios del testing automatizado v2.0

MTC - Automatizando Visual Regression Testing

Handbook Usability Testing - Capitulo 6

Mutant Testing: um mundo para um X-Testing

#Kali #linux Portugues #web #penetration #testing

Palestra agile testing coaching

O que é "Mobile testing?"

International Software Testing Qualifications Boardbstqb.org.br/uploads/syllabus/syllabus_ctfl_2011br.pdf · International Software Testing Qualifications Board Certified Tester Foundation

Agile mobile testing

Handbook Usability Testing - Capitulo 12

Android agile-testing

Testing Alternative Models in Sustainability Economics

Minas Testing Conference 2015 - Visual Regression Testing em ambientes na nuvem

Agile Testing com Drupal

WTM - Workshop Agile Testing

Agile Testing no Drupal

Workshop Agile Testing Mindset

[GUTS-RS] Mobile Testing

Agile Testing e outros amendoins

International Software Testing Qualifications Boardbstqb.org.br/uploads/syllabus/syllabus_ctfl_at_2014br.pdf · International Software Testing Qualifications Board Certified Tester