Web Application Vulnerability Testing with Nessus - owasp

More documents

Recommendations

Info

Reviewing the Report for OWASP Top Items A1 – Injection • SQL Injection (CGI abuses) > 11139, 42424, 42426, 42427, 42479, 43160, 51973 • XML Injection (CGI abuses) > 46196 • HTTP Header Injection (CGI abuses: XSS) > 39468, 49067 • Cookie Injection > 44135 (CGI abuses) A2 – Cross-Site Scripting (XSS) • Cross-Site Scripting (CGI abuses: XSS) > 10815, 39466, 42425, 47831, 46193, 49067, 51972 A3 –Broken Authentication and Session Management • Authentication not over SSL > 26194, 34850 • Is SSL Implement Properly > 15901, 20007, 26928, 35291, 42053, 42873 , 42880, 53491, 53360, 56043, 56284, 56984, 57041 120
Reviewing the Report for OWASP Top Items Cont. A4 –Insecure Direct Object References • Browsable Web Directories > 40984 • Path Transversal (CGI abuses)> 50494 • Parameters identified for manual testing > 40773, 44134, 47830 * A5 –Cross-Site Request Forgery (CSRF) • CGI Generic On Site Request Forgery (OSRF) > 47832 • Specific Product checks with known CSRF Vulnerabilities A6 –Security Misconfiguration • Covered by Nessus Audit Checks in the ProfessionFeed • Identifies Open ports and services for manual review • Many checks for default accounts and passwords 121
Page 1 and 2:
The OWASP Foundation http://www.owa
Page 3 and 4:
This is not a sales presentation I
Page 5 and 6:
Introduction to Nessus Nessus has 2
Page 7 and 8:
Introduction to Nessus Nessus Custo
Page 9 and 10:
Basic Navigation There are four nav
Page 11 and 12:
Scans Tab The Scans tab list curren
Page 13 and 14:
Users Tab The Users tab list users
Page 15 and 16:
Creating a Basic Web Application Sc
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Create Basic Scan Template Step 1:
Page 53 and 54:
Create Basic Scan Template This sho
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Running Basic Scan Template Step 1:
Page 61 and 62:
Running Basic Scan Template “Temp
Page 63 and 64:
Reviewing the Scan Report Click on
Page 65 and 66:
Reviewing the Scan Report The scan
Page 67 and 68:
Reviewing the Scan Report Single cl
Page 69 and 70: Reviewing the Scan Report To find a
Page 71 and 72: Reviewing the Scan Report Looking a
Page 73 and 74: Downloading Scan Report or when vie
Page 75 and 76: HTML Standard Report 75
Page 77 and 78: HTML Executive Report 77
Page 79 and 80: RTF Report 79
Page 81 and 82: .nessus v1 Export 81
Page 83 and 84: Creating an Advanced Web Applicatio
Page 111 and 112: Create Advanced Scan Template Step
Page 113 and 114: Create Advanced Scan Template This
Page 119: Advanced Scan Demo 119
Page 123 and 124: Reviewing the Report for 2007 OWASP
Page 125: Resources Nessus Website http://www
show all

Web Application Vulnerability Testing with Nessus - owasp

Create successful ePaper yourself

Delete template?

Save as template?