Académique Documents
Professionnel Documents
Culture Documents
Security
Dilan Warnakulasooriya
Asanka Fernandopulle
10/17/15
99X Technology(c)
10/17/15
Symmetric key
Asymmetric key
Session key
Analyzing a certificate
Sniffing HTTP and HTTPS
Calomel plugin
99X Technology(c)
10/17/15
99X Technology(c)
10/17/15
99X Technology(c)
10/17/15
99X Technology(c)
10/17/15
99X Technology(c)
10/17/15
Samurai WTF
Websecurify
Wapiti
Skiffish
Acunetix
Webscarab
W3af
99X Technology(c)
Secure Authentication
Authentication/Access control methods
10/17/15
99X Technology(c)
Secure Authentication
Authentication bypass techniques
10/17/15
99X Technology(c)
Secure Authentication
Bypass authentication matrix
10/17/15
Basic authentication
Multi-Level login 1
Multi-Level login 2
99X Technology(c)
10
Secure Authentication
Password remember
Password strength
Forgot password
10/17/15
99X Technology(c)
11
Secure Authentication
Parameter tampering
Bypass HTML Field restrictions
Exploit hidden fields
Bypass client side JavaScript validation
10/17/15
99X Technology(c)
12
Secure Authentication
Access control flaws
Using an Access control matrix
Bypass a path based access control scheme
Bypass data layer access control
10/17/15
99X Technology(c)
13
Injections
SQL injection classes
In band
Out of band
Inferential
10/17/15
99X Technology(c)
14
Injections
Techniques to exploit sql injections
10/17/15
Union operator
Boolean
Error based
Out of band
Time delay
99X Technology(c)
15
Injections
Standard SQL injection testing
SELECT * FROM Users WHERE
Username='$username' AND
Password='$password'
Numeric sql injection
10/17/15
99X Technology(c)
16
Injections
Union Exploitation technique
Xpath injection
String sql injection
10/17/15
99X Technology(c)
17
Injections
Boolean Exploitation technique
Sql injection : stage 1 : String sql injection
Stage 3 : Numeric sql injection
10/17/15
99X Technology(c)
18
Injections
Error based Exploitation technique
Modify data with sql injection
Add data with sql injection
10/17/15
99X Technology(c)
19
Injections
Out of band Exploitation technique
10/17/15
99X Technology(c)
20
Injections
Time delay Exploitation technique
Stored procedure Exploitation technique
Automated Exploitation technique
10/17/15
99X Technology(c)
21
Injections
How developers work on SQL injection
Automate your injection
sqlmap
10/17/15
99X Technology(c)
22
Session Management
Session management techniques
Session management vulnerability
insufficient session id length
Session fixation
Session variable overloading
10/17/15
99X Technology(c)
23
Session Management
Check your cookies
Cookie collection
Cookie reverse engineering
Cookie manipulation
Hijack a session
Hijack a session
Spoof an authentication cookie
Session fixation
10/17/15
99X Technology(c)
24
Session Management
10/17/15
99X Technology(c)
25
Code Quality
Code quality breach
Discover clues in the HTML
10/17/15
99X Technology(c)
26
10/17/15
99X Technology(c)
27
10/17/15
Reflected xss
99X Technology(c)
28
10/17/15
99X Technology(c)
29
10/17/15
Stored XSS
99X Technology(c)
30
10/17/15
Input forms
Analyze HTML code
Exploitation framework
File upload
99X Technology(c)
31
10/17/15
99X Technology(c)
32
Testing Tools
Proxy
How to write secure programs
10/17/15
99X Technology(c)
33
Thank you
10/17/15
99X Technology(c)
34