This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Web Application Scanner Specification Project"
(New page: Click here to see (& edit, if wanted) the project's template. {{:Key Project Information: XXXX Project}} Category:OWASP Project [[Category:O...) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | [[:Key Project Information: | + | [[:Key Project Information:OWASP Web Application Scanner Specification Project|Click here to see (& edit, if wanted) the project's template.]] |
− | {{:Key Project Information: | + | {{:Key Project Information:OWASP Web Application Scanner Specification Project}} |
− | [[Category:OWASP Project]] | + | [[Category:OWASP Project|Web Application Scanner Specification Project]] |
[[Category:OWASP Document]] | [[Category:OWASP Document]] | ||
− | |||
[[Category:OWASP Alpha Quality Document]] | [[Category:OWASP Alpha Quality Document]] | ||
+ | |||
+ | == About == | ||
+ | This project will attempt to outline some of the shortcomings of currently available web application vulnerability scanners and offer a plan for comparing and/or building web application vulnerability scanners. | ||
+ | |||
+ | == Goals & Roadmap == | ||
+ | In the near future, we will be focused on the following goals... | ||
+ | |||
+ | 1. Clean up feature redundancy | ||
+ | |||
+ | 2. Further categorize and document modules | ||
+ | |||
+ | 3. Add to platform specific checks (ex. file extensions, ) | ||
+ | |||
+ | 4. Adding additional "check" modules | ||
+ | |||
+ | == Content == | ||
+ | <P STYLE="margin-bottom: 0in"><BR> | ||
+ | </P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><B>Dynamic | ||
+ | Analysis of Web Application Security in Respect to Current Web | ||
+ | Application Vulnerability Scanners: Specification of Needs in | ||
+ | Comparison to Current Offerings</B></FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>Introduction/Scope:</B></U></FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>There | ||
+ | will always be a "gap" between the types of attacks that | ||
+ | can be performed and those which can be found by an automated | ||
+ | scanner. This paper will attempt to outline some of those | ||
+ | shortcomings and offer a plan for comparing/building a web | ||
+ | application vulnerability scanner.</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Need | ||
+ | for analysis by attack type</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Coverage | ||
+ | and integration with other tools and/or scripting support</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Need | ||
+ | to assist "technical" attacker to perform "custom" | ||
+ | checks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Support | ||
+ | for "custom" reporting</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>_____________________________________________________________________________________</FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>General | ||
+ | Topics:</B></U></FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Automated | ||
+ | vs. Manual Discovery – The Need for Integration Between Tools</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Web | ||
+ | Application Security – The Need for Automated Testing Tools </FONT></FONT> | ||
+ | </P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Integrated | ||
+ | Threat Modeling Feature – Identifying API Exposures and | ||
+ | Assigning Risk</FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>_____________________________________________________________________________________</FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>[[OWASP_Web_Application_Scanner_Specification_Project_Baseline]]</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>Ideal | ||
+ | Baseline - Needs For Scanner: | ||
+ | </B></U></FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Integration | ||
+ | with Std. VA scanner</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Integration | ||
+ | with HTTP Proxies</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Exportable | ||
+ | Storage of Results</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • XML | ||
+ | Format</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Database | ||
+ | Formats</FONT></FONT></P> | ||
+ | |||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Search Engine | ||
+ | Harvester Modules</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Ability | ||
+ | to Document/Flag Good and Bad Results</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Limit | ||
+ | scan to specified IPs/Hosts, Domains, and Ports Discovered on Host | ||
+ | running HTTP(s) </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • | ||
+ | checksum content b/t ports, hosts, etc. for same content</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Be | ||
+ | able to accurately reproduce results (ex. -- reply request | ||
+ | and show in browser)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Spidering | ||
+ | and Resource Identification </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • User | ||
+ | defined optimization of scan threads, timeouts, etc</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Virtual | ||
+ | host identification - edit cost, diff btw pages –</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • | ||
+ | HDM idea - Intranet hostname exposure, etc.....over 512 bytes, insane | ||
+ | overhead</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • DNS | ||
+ | grinding, etc </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • http://www.owasp.org/index.php/Testing_for_Application_Discovery_(OWASP-IG-005)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Auth | ||
+ | vs UnAuth forced Browsing </FONT></FONT> | ||
+ | |||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • checkout | ||
+ | step bypass, etc</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Accurately | ||
+ | identify directories and files present (and supported extensions)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Ability | ||
+ | to add checks for permeation based dir checks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • User | ||
+ | is able to specify and retest extra files, dirs, and attacks as well | ||
+ | as add to test "template"</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • (retest/add | ||
+ | this dir for all vulns/files, retest this dir for XSS, rerun all SQL | ||
+ | injection, etc)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Ability | ||
+ | to specify custom HTTP requests and form templates based on HTTP | ||
+ | requests and errors</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Fuzzer | ||
+ | </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ability | ||
+ | to model after "stored" requests,</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • pop | ||
+ | out?</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • HTTP</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • WSDL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Iteration | ||
+ | based fuzzing and discovery - ie, Pornzilla</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Cookies/Session | ||
+ | testing and analysis </FONT></FONT> | ||
+ | |||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • automated | ||
+ | analysis and manual analysis replay idea (my idea kinda......need to | ||
+ | elaborate)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Platform | ||
+ | Specific tests and customization/AI (MS, .Net, Java, Apache)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Path, | ||
+ | Error Path and Verbose errors Identification </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Tomcat</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ASP.NET</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • CFM</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • JSP</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Apache</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Request | ||
+ | Comparison</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Cookies</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Collection</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Encoder/Decoder</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Comparison</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Authentication | ||
+ | Tester/Brute Forcer</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Form</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Basic</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • NTLM</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Cookies/Sessions</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • SSL/Encryption | ||
+ | strength analysis</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Easy | ||
+ | "dictionary" customization</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Application | ||
+ | Servers/Frameworks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Apache | ||
+ | Tomcat</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Ruby | ||
+ | on Rails</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Django</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • JavaScript | ||
+ | Framework Identification</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Dojo</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • script.aculo.us</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Prototype</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • DWR</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • GWT</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Sajax </FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Endpoint | ||
+ | Identification</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • 3rd | ||
+ | Party Resources</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • RSS</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Atom</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Misc. | ||
+ | Web Service oriented</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Web | ||
+ | Admin Console Identification</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • JBoss</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • JRun</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Web | ||
+ | Services</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • SOAP</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • WSDL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • UDDI/Endpoint | ||
+ | Discovery Protocols</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • WS-Security</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ReST</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Flash/Flex</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Java</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ActiveX</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • User | ||
+ | identification (error messages, user dirs, etc) and customization | ||
+ | (ex. add to BF dictionary)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • DB | ||
+ | Platform Identification</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • MSSQL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • MySQL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Sybase</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • MS | ||
+ | Access</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Oracle</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • DB2</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • DB/XML | ||
+ | store of files/dirs - grepable</FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>_____________________________________________________________________________________</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>Platform | ||
+ | and Resource Requirements:</B></U></FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • DB | ||
+ | Platform Identification</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • MSSQL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • MySQL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Sybase</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • MS | ||
+ | Access</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Oracle</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • DB2</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Web | ||
+ | Platform Identification</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • IIS</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Tomcat</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ASP.NET</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • CFM</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • JSP</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Apache</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ActiveX</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Java | ||
+ | Applets</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Javascript | ||
+ | and JS Frameworks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Flex</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Flash</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ReST</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • SOAP/WSDL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • WEBrick</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Django | ||
+ | (python)</FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>_____________________________________________________________________________________</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>Modules:</B></U></FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • XSS | ||
+ | </FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • DOM | ||
+ | Injection Attacks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Stored</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Reflected</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Injection | ||
+ | Attacks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • SQL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • XML/XPATH/XMLRCP/SOAP | ||
+ | - DOM-based XSS - Difficult - can't grep sourcd</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • JSON | ||
+ | (Javascript Object Notation) </FONT></FONT> | ||
+ | </P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Link | ||
+ | Injection/Insertion (eg. OWA)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Dir | ||
+ | Traversal</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • File | ||
+ | Include</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • XSRF</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • HTTP | ||
+ | Response Splitting</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Cookie | ||
+ | Collector and Checks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Cookies | ||
+ | Enabled (Y/N)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Flags | ||
+ | Set in Cookies</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • HTTPOnly</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Secure</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Domain</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Path</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Expires</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Cookie | ||
+ | Randomization</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • GUI | ||
+ | plotting</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Web | ||
+ | Platform Specific Checks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • IIS</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • IPP</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • IDA/IDQ</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • FrontPage</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Anon</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Files/Extensions</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • MSSQL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Microsoft | ||
+ | .NET</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • .NET | ||
+ | Version Enumeration</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ViewState</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Decoder</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Value | ||
+ | collection</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Value | ||
+ | comparison</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 3in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Identification | ||
+ | of Repeating VS Unique Values</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 3in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Identification | ||
+ | of Possibly Sensitive Values</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 3in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Changes | ||
+ | in Relation to Application Logic</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Apache</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • userdir</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • MySQL</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Docs</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Modules | ||
+ | installed</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • OpenSSL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ModSSL</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Expect</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ModSecurity</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Mod_jk</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Apache | ||
+ | Tomcat</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • mgmt/admin | ||
+ | interface</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Docs</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • General | ||
+ | platform and hardware/device specific checks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Parameter | ||
+ | identification (Identify inputs)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Identify | ||
+ | ALL Resources that appear to accept "user-defined" input</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • HTTP | ||
+ | OPTIONS</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • HTTP | ||
+ | Track/XST</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Comments</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Internal | ||
+ | IP Disclosure</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Mgmt | ||
+ | Interface Scanner </FONT></FONT> | ||
+ | </P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • /jmx-console</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • /web-console</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Conf | ||
+ | File Scanner </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • /WEB-INF/web.xml</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • /robots.txt</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • /.htaccess</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • /jmx-console | ||
+ | site enumeration (not just identify presence of web console)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • /web-console | ||
+ | site enumeration (not just identify presence of web console)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • File | ||
+ | Include/Insertion Scanner (esp PHP)</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Authentication | ||
+ | Scanner</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Basic/NTLM | ||
+ | Identification</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Form-based | ||
+ | Authentication Identification</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Username | ||
+ | Enumeration</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • User-dir</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Page | ||
+ | Scraping </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Site | ||
+ | Mirroring</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Google | ||
+ | – Email Scraper </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Brute-Forcer</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Dictionary | ||
+ | attacker</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Easy | ||
+ | "dictionary" customization</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Default | ||
+ | Password Tester</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • By | ||
+ | Platform</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Source | ||
+ | Code Disclosure (eg. %00, %20)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Page | ||
+ | pattern matcher (Page Structure VS <Diff> Page Content)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Incorrect | ||
+ | usage of eval()</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • OS | ||
+ | command shell</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3></FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Software | ||
+ | Version Identification </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • regex | ||
+ | values</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • window | ||
+ | <Title> names</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • comments | ||
+ | </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • base | ||
+ | platform</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Hidden | ||
+ | Fields/Links Enumerator</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • File | ||
+ | Upload Enumerator</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Log | ||
+ | File Scanner</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Temp | ||
+ | Files</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Search | ||
+ | Function for associated Vulns and software versions</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Ability | ||
+ | to Reference Common Security Sites for Vulnerability Information</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Path | ||
+ | Case-sensitivity enumerator</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Encodings | ||
+ | Supported</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Servlet | ||
+ | Mapper</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Local | ||
+ | Search Engine Enumeration</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Google | ||
+ | File/DIR mapper</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • BackEnd | ||
+ | DB Type Enumerator</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Application | ||
+ | logic enumerator</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • ActiveX, | ||
+ | Java object enumerator</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • LDAP | ||
+ | Checks</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • File | ||
+ | Ext and Dir Mapper </FONT></FONT> | ||
+ | </P> | ||
+ | |||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • System | ||
+ | Platform Type/Version Enumerator</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Supported | ||
+ | File Types Enumerator</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Unmapped | ||
+ | File Extensions</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Identifying | ||
+ | "sensitive" data</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Web | ||
+ | Framework and Application Fingerprinting </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Flash/Flex | ||
+ | </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • J2EE</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • JBoss | ||
+ | |||
+ | </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • JRun</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Apache | ||
+ | Foundation</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Web | ||
+ | Server</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Tomcat</FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Axis | ||
+ | </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Ruby | ||
+ | on Rails</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Zend</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Django | ||
+ | </FONT></FONT> | ||
+ | |||
+ | </P> | ||
+ | <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Jakarta | ||
+ | Struts (and other MVC architectures)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Exposed | ||
+ | Source-Code analysis (VM-like environment to run in)</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • FireBug | ||
+ | (pop-out?)</FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>_____________________________________________________________________________________</FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>Reporting/Results:</B></U></FONT></FONT></P> | ||
+ | |||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • Database/XML | ||
+ | compatible storage </FONT></FONT> | ||
+ | </P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • data | ||
+ | correlation with other (HTTP) tools</FONT></FONT></P> | ||
+ | <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> • AUTO | ||
+ | TXT, DB, SQL, source file ARCHIVER/STORED DIRECTORY</FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><BR> | ||
+ | </P> | ||
+ | <P STYLE="margin-bottom: 0in"><BR> | ||
+ | </P> | ||
+ | |||
+ | <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3> </FONT></FONT></P> | ||
+ | <P STYLE="margin-bottom: 0in"><BR> | ||
+ | </P> | ||
+ | <P STYLE="margin-bottom: 0in"><BR> | ||
+ | </P> | ||
+ | <P STYLE="margin-bottom: 0in"><BR> | ||
+ | </P> |
Latest revision as of 17:58, 9 March 2010
Click here to see (& edit, if wanted) the project's template.
PROJECT INFORMATION | |||||||
---|---|---|---|---|---|---|---|
Project Name | OWASP Web Application Scanner Specification Project | ||||||
Short Project Description |
There will always be a "gap" between the types of attacks that can be performed and those which can be found by an automated scanner. This project will attempt to outline some of those shortcomings and offer a plan for comparing and/or building web application vulnerability scanners. The project will also include feature suggestions beneficial to advanced users. | ||||||
Key Project Information |
Project Leader |
Project Contibutors |
Mailing List |
Project Type |
Sponsors |
Release Status | Main Links | Related Projects |
---|---|---|
|
|
About
This project will attempt to outline some of the shortcomings of currently available web application vulnerability scanners and offer a plan for comparing and/or building web application vulnerability scanners.
Goals & Roadmap
In the near future, we will be focused on the following goals...
1. Clean up feature redundancy
2. Further categorize and document modules
3. Add to platform specific checks (ex. file extensions, )
4. Adding additional "check" modules
Content
Dynamic Analysis of Web Application Security in Respect to Current Web Application Vulnerability Scanners: Specification of Needs in Comparison to Current Offerings
Introduction/Scope:
There will always be a "gap" between the types of attacks that can be performed and those which can be found by an automated scanner. This paper will attempt to outline some of those shortcomings and offer a plan for comparing/building a web application vulnerability scanner.
• Need for analysis by attack type
• Coverage and integration with other tools and/or scripting support
• Need to assist "technical" attacker to perform "custom" checks
• Support for "custom" reporting
_____________________________________________________________________________________
General Topics:
• Automated vs. Manual Discovery – The Need for Integration Between Tools
• Web Application Security – The Need for Automated Testing Tools
• Integrated Threat Modeling Feature – Identifying API Exposures and Assigning Risk
_____________________________________________________________________________________
OWASP_Web_Application_Scanner_Specification_Project_Baseline
Ideal Baseline - Needs For Scanner:
• Integration with Std. VA scanner
• Integration with HTTP Proxies
• Exportable Storage of Results
• XML Format
• Database Formats
• Search Engine Harvester Modules
• Ability to Document/Flag Good and Bad Results
• Limit scan to specified IPs/Hosts, Domains, and Ports Discovered on Host running HTTP(s)
• checksum content b/t ports, hosts, etc. for same content
• Be able to accurately reproduce results (ex. -- reply request and show in browser)
• Spidering and Resource Identification
• User defined optimization of scan threads, timeouts, etc
• Virtual host identification - edit cost, diff btw pages –
• HDM idea - Intranet hostname exposure, etc.....over 512 bytes, insane overhead
• DNS grinding, etc
• http://www.owasp.org/index.php/Testing_for_Application_Discovery_(OWASP-IG-005)
• Auth vs UnAuth forced Browsing
• checkout step bypass, etc
• Accurately identify directories and files present (and supported extensions)
• Ability to add checks for permeation based dir checks
• User is able to specify and retest extra files, dirs, and attacks as well as add to test "template"
• (retest/add this dir for all vulns/files, retest this dir for XSS, rerun all SQL injection, etc)
• Ability to specify custom HTTP requests and form templates based on HTTP requests and errors
• Fuzzer
• ability to model after "stored" requests,
• pop out?
• HTTP
• WSDL
• Iteration based fuzzing and discovery - ie, Pornzilla
• Cookies/Session testing and analysis
• automated analysis and manual analysis replay idea (my idea kinda......need to elaborate)
• Platform Specific tests and customization/AI (MS, .Net, Java, Apache)
• Path, Error Path and Verbose errors Identification
• Tomcat
• ASP.NET
• CFM
• JSP
• Apache
• Request Comparison
• Cookies
• Collection
• Encoder/Decoder
• Comparison
• Authentication Tester/Brute Forcer
• Form
• Basic
• NTLM
• Cookies/Sessions
• SSL/Encryption strength analysis
• Easy "dictionary" customization
• Application Servers/Frameworks
• Apache Tomcat
• Ruby on Rails
• Django
• JavaScript Framework Identification
• Dojo
• script.aculo.us
• Prototype
• DWR
• GWT
• Sajax
• Endpoint Identification
• 3rd Party Resources
• RSS
• Atom
• Misc. Web Service oriented
• Web Admin Console Identification
• JBoss
• JRun
• Web Services
• SOAP
• WSDL
• UDDI/Endpoint Discovery Protocols
• WS-Security
• ReST
• Flash/Flex
• Java
• ActiveX
• User identification (error messages, user dirs, etc) and customization (ex. add to BF dictionary)
• DB Platform Identification
• MSSQL
• MySQL
• Sybase
• MS Access
• Oracle
• DB2
• DB/XML store of files/dirs - grepable
_____________________________________________________________________________________
Platform and Resource Requirements:
• DB Platform Identification
• MSSQL
• MySQL
• Sybase
• MS Access
• Oracle
• DB2
• Web Platform Identification
• IIS
• Tomcat
• ASP.NET
• CFM
• JSP
• Apache
• ActiveX
• Java Applets
• Javascript and JS Frameworks
• Flex
• Flash
• ReST
• SOAP/WSDL
• WEBrick
• Django (python)
_____________________________________________________________________________________
Modules:
• XSS
• DOM Injection Attacks
• Stored
• Reflected
• Injection Attacks
• SQL
• XML/XPATH/XMLRCP/SOAP - DOM-based XSS - Difficult - can't grep sourcd
• JSON (Javascript Object Notation)
• Link Injection/Insertion (eg. OWA)
• Dir Traversal
• File Include
• XSRF
• HTTP Response Splitting
• Cookie Collector and Checks
• Cookies Enabled (Y/N)
• Flags Set in Cookies
• HTTPOnly
• Secure
• Domain
• Path
• Expires
• Cookie Randomization
• GUI plotting
• Web Platform Specific Checks
• IIS
• IPP
• IDA/IDQ
• FrontPage
• Anon
• Files/Extensions
• MSSQL
• Microsoft .NET
• .NET Version Enumeration
• ViewState
• Decoder
• Value collection
• Value comparison
• Identification of Repeating VS Unique Values
• Identification of Possibly Sensitive Values
• Changes in Relation to Application Logic
• Apache
• userdir
• MySQL
• Docs
• Modules installed
• OpenSSL
• ModSSL
• Expect
• ModSecurity
• Mod_jk
• Apache Tomcat
• mgmt/admin interface
• Docs
• General platform and hardware/device specific checks
• Parameter identification (Identify inputs)
• Identify ALL Resources that appear to accept "user-defined" input
• HTTP OPTIONS
• HTTP Track/XST
• Comments
• Internal IP Disclosure
• Mgmt Interface Scanner
• /jmx-console
• /web-console
• Conf File Scanner
• /WEB-INF/web.xml
• /robots.txt
• /.htaccess
• /jmx-console site enumeration (not just identify presence of web console)
• /web-console site enumeration (not just identify presence of web console)
• File Include/Insertion Scanner (esp PHP)
• Authentication Scanner
• Basic/NTLM Identification
• Form-based Authentication Identification
• Username Enumeration
• User-dir
• Page Scraping
• Site Mirroring
• Google – Email Scraper
• Brute-Forcer
• Dictionary attacker
• Easy "dictionary" customization
• Default Password Tester
• By Platform
• Source Code Disclosure (eg. %00, %20)
• Page pattern matcher (Page Structure VS <Diff> Page Content)
• Incorrect usage of eval()
• OS command shell
• Software Version Identification
• regex values
• window <Title> names
• comments
• base platform
• Hidden Fields/Links Enumerator
• File Upload Enumerator
• Log File Scanner
• Temp Files
• Search Function for associated Vulns and software versions
• Ability to Reference Common Security Sites for Vulnerability Information
• Path Case-sensitivity enumerator
• Encodings Supported
• Servlet Mapper
• Local Search Engine Enumeration
• Google File/DIR mapper
• BackEnd DB Type Enumerator
• Application logic enumerator
• ActiveX, Java object enumerator
• LDAP Checks
• File Ext and Dir Mapper
• System Platform Type/Version Enumerator
• Supported File Types Enumerator
• Unmapped File Extensions
• Identifying "sensitive" data
• Web Framework and Application Fingerprinting
• Flash/Flex
• J2EE
• JBoss
• JRun
• Apache Foundation
• Web Server
• Tomcat
• Axis
• Ruby on Rails
• Zend
• Django
• Jakarta Struts (and other MVC architectures)
• Exposed Source-Code analysis (VM-like environment to run in)
• FireBug (pop-out?)
_____________________________________________________________________________________
Reporting/Results:
• Database/XML compatible storage
• data correlation with other (HTTP) tools
• AUTO TXT, DB, SQL, source file ARCHIVER/STORED DIRECTORY
This category currently contains no pages or media.