Narain exploring web vulnerabilities
These are the slides that i had presented during "Braindigit 9th National Conference2013 "
Published on: Mar 3, 2016
Transcripts - Narain exploring web vulnerabilities
Purpose Of This Presentation For Awareness in Software QualityStrictly not for wrong use, not to damage or harm any one’s intellectual property
Vote of thanks• ITS Nepal• BRAINDIGIT IT Solution• OWASP• OWASP Nepal• SQA Professionals
Overview• Introduction• Stats on attack site• Top Tools• Demo vulnerability scanning• Analysis of report
Nearly 11K Attack sites arediscovered monthly
• Nearly 150 K Infected sites are• Discovered Monthly• I.e. nearly 5000 sites are infected daily• I.e. nearly 3 sites are infected per minute
After all• No software is 100% bug free, so is the web.• Difference is in level of security maintained.
Lock Demonstration1st lock is the simplest lock that can be broken easily and by huge mass of people(x).2nd lock is bit more complex and can be broken by(x-10,000) no of people.3rd lock is most complex and can be broken by few people on earth lets say 2 people
Demo• With joomscan Check “narain-joomscan.pptx” for slidesrelated to joomscan.• With Acunetix Check “narain- acunetix.pptx” for slidesrelated to acunetix
LET’S ANALYSISTHE REOPRT WE HAVE NOW
The Hard Part Analysing the report of Automation (15-500 pgs)Analysing False Positives and Negatives (everything seems true) N Fixing The Holes
Web securityDoesnt only depend on Security of servers Or Security of Application But to Whole Echo System of WEBLet’s Try More with our little knowledge