Errors to reveal informa on about database that serve as clues for building an acack. The comparer tool highlights the differences between two responses Error Based SQLi Possible if applica on echos database errors to browser. distribu ng reports is very me consuming)ĥ Methodology Reconnaissance Spider target Hidden Files Google site search End result is a comprehensive map of site Discovery Automated Scanning Manual Detec on and Analysis Exploit Automated Exploit tools - sqlmap, havij, metasploit Burp Suite - hands- on tes=ng 5Ħ Road Map Spider and vulnerability scan already performed Leverage Burp tools to expand upon proof of concepts from scan results Carry out actual acack scenarios 6ħ Tools for this Demo BurpSuite Firefox FoxyProxy addon Firebug addon Target: *. (inten onally vulnerable websites from Acune x)Ĩ Scan Results Vulnerabilty reports - proof of concept (POC) include request payload and applica on response POCs are not intui ve, o\en met with doubt Need to be able to drive home the real riskġ1 SQL Injec on Boolean Based SQLi (Blind SQL Injec on) Blind SQLi is possible if applica on will respond to true and false condi ons in a detectable manner* hcp:///listproducts.php?ar st=1 and 1=1 //true condi on hcp:///listproducts.php?ar st=1 and 1=2 //false condi on ` *Differences between true and false responses could be subtle.
1 Adding Value to Automated Web Scans Burp Suite and BeyondĢ Automated Scanning vs Manual Tes ng Manual Tes ng Tools/Suites At MSU - QualysGuard WAS & Burp Suite Automated Scanning - iden fy acack surface accross organiza on Manual Tes ng - proxy tools used to verify scan results and find what automated scans miss Both necessary in a large enviromentģ Automated Scanning vs Manual Tes ng Strengths of Automated Scanners: Scheduling Repor ng Scalability Strengths of Manual Scanners: Proxy based - allows intercep on of requests Customize payloads for vulnerability detec on Verify findings from automated scan results.Ĥ Automated Scanning vs Manual Tes ng Weaknesses of automated scanners: increased poten al for false posi ves duplicate findings code coverage not as thourough Weaknesses of manual scanning: tester needs knowledge of applica on for best results learning curve (developers already stretched thin) not scalable (e.g.
0 kommentar(er)
