background image

Assessing and Exploiting Web Applications with Samurai-WTF

Trainer: Justin Searle (Meeas Security)

Audience Background: Technical

Skill Level: Basic/Intermediate

Duration: 2 Days

Pdf version:here

Training Summary:

Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructors will lead you through the penetration and exploitation of various web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.

Attendee takeaways and key learning objectives:

1. Attendees will be able to explain the steps and methodology used in performing web application assessments and penetration tests.

2. Attendees will be able to use the open source tools on the Samurai-WTF CD to discover and identify vulnerabilities in web applications.

3. Attendees will be able to exploit several client-side and server-side vulnerabilities.

Trainer Bio:

Justin Searle is a Senior Security Analyst with InGuardians, specializing in the penetration testing of web applications, networks, and embedded devices, especially those pertaining to the Smart Grid. Justin is an active member of ASAP-SG (Advanced Security Acceleration Project for the Smart Grid) and led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628. Previously, Justin served as JetBlue Airway’s IT Security Architect, and has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities and corporations. Justin has presented at top security conferences including DEFCON, ToorCon, ShmooCon, and SANS. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudnum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Outline

Samurai-WTF Project and Distribution

  • Â About the Project
  • Using the Live-DVD
  • Joining the Project
  • Web Application Assessment Methodology
  • Pentest Types and Methods
  • Formal Four Step Methodology
  • Overview of Web Applications Security Vulnerabilities

Reconnaissance Tools

  • Overview of Web Application Recon
  • Domain and IP Registration Databases (Labs: whois)
  • Google Hacking (Labs: gooscan, gpscan)
  • Social Networks (Labs: Reconnoiter)
  • DNS Interrogation (Labs: host, dig, nslookup, fierce)

Mapping Tools

  • Overview of Mapping
  • Port Scanning and Fingerprinting (Labs: nmap, zenmap, Yokoso!)
  • Web Service Scanning (Labs: Nikto)
  • Spidering (Labs: wget, curl, Paros, WebScarab, BurpSuite)
  • Discovering “Non-Discoverable” URLs (Labs: DirBuster)

Discovery Tools

  • Â Using Built-in Tools (Labs: Page Info, Error Console, DOM Inspector, View Source)
  • Poking and Prodding (Labs: Default User Agent, Cookie Editor, Tamper Data)
  • Interception Proxies (Labs: Paros, WebScarab, BurpSuite)
  • Semi-Automated Discovery (Labs: RatProxy)
  • Automated Discovery (Labs: Grendel-Scan, w3af)
  • Information Discovery (Labs: CeWL)
  • Fuzzing (Labs: JBroFuzz, BurpIntruder)
  • Finding XSS (Labs: TamperData, XSS-Me, BurpIntruder)
  • Finding SQL Injection (Labs: SQL Inject-Me, SQL Injection, BurpIntruder)
  • Decompiling Flash Objects (Labs: Flare)

Exploitation Tools

  • Â Username Harvesting (Labs: python)
  • Brute Forcing Passwords (Labs: python)
  • Command Injection (Labs: w3af)
  • Exploiting SQL Injection (Labs: SQLMap, SQLNinja, Laudanum)
  • Exploiting XSS (Labs: Durzosploit)
  • Browser Exploitation (Labs: BeEF, BrowserRider, Yokoso!)
  • Advanced exploitation through tool integration (MSF + sqlninja/sqlmap/BeEF)