WebGoat - PowerPoint PPT Presentation

1 / 34

About This Presentation

Title:

WebGoat

Description:

Unpacking the Package. INSA_at_CCU. Information Networking Security and Assurance Lab ... Unpacking the WebGoat src Distribution. INSA_at_CCU ... – PowerPoint PPT presentation

Number of Views:663

Avg rating:3.0/5.0

Slides: 35

Provided by: kuchu

Category:

more less

Transcript and Presenter's Notes

Title: WebGoat

1
WebGoat
2
Contents

Overview
Environment
Install Required Software
Install WebGoat
Getting Started
Usage of WebGoat
Example

3
Overview

Illustrate Typical Security Flaws within
Web-Applications
Teach a Structured Approach to Testing and
Exploiting
Give Practical Training and Examples

4
Environment

OS
Red Hat Linux 7.3 (2.4.18-3)
Required Software
Java Development Kit
Apache Ant 1.6.1
Tomcat 5.0.25

5
Install Required Software

Java 2 SDK, Standard Edition 1.4.2_04
http//java.sun.com/

6
Install Required Software (cont.)

Unpacking the Package

7
Install Required Software (cont.)

Installing JDK RPM Package

8
Install Required Software

Downloading Apache ANT 1.6.1
http//ant.apache.org/srcdownload.cgi

9
Install Required Software (cont.)

Unpacking the Package

10
Install Required Software (cont.)

Building and Installing Apache Ant

11
Install Required Software (cont.)

Downloading Tomcat 5
http//jakarta.apache.org/site/sourceindex.cgi

12
Install Required Software (cont.)

Uncompressing the Package

13
Install Required Software (cont.)

Building All Components of Tomcat 5

14
Install Required Software (cont.)

Running Tomcat 5

15
Install Required Software (cont.)

Testing Tomcat 5

16
Install WebGoat

Download WebGoat Source Distribution
http//www.owasp.org/development/webgoat

17
Install WebGoat (cont.)

Put catalina-ant.jar into /usr/local/ant/lib

18
Install WebGoat (cont.)

Unpacking the WebGoat src Distribution

19
Install WebGoat (cont.)

Modify catalina.home property in build.xml to
specify tomcat installation directory

20
Install WebGoat (cont.)

Add ltuser name"webgoat" password"webg0_at_t
roles"admin,manager,standard,tomcat"/gt to the
tomcat_home/conf/tomcat-users.xml file

21
Install WebGoat (cont.)

Uncomment the invoker mapping in web.xml

22
Install WebGoat (cont.)

Starting the Compile

23
Install WebGoat (cont.)

Create a New WebGoat .war File

24
Install WebGoat (cont.)

Installing WebGoat

25
Getting Started

Running Tomcat 5 and Trying http//server_ip808
0/WebGoat/attack

26
Usage of WebGoat
Lesson Plans
27
Lesson Plans

Http Basics
How to Perform Database Cross Site Scripting
(xss)
How to Spoof an Authentication Cookie
How to Exploit Hidden Fields
How to Discover Clues in the HTML
How to Perform Parameter Injection
How to Perform SQL Injection
How to Exploit Thread Safety Problems
How to Exploit Unchecked Email
How to Spoof an Authentication Cookie
Putting it all together

28
Lesson Plans (cont.)
29
Example SQL Injection
30
Example SQL Injection (cont.)
31
Example SQL Injection (cont.)
32
Example SQL Injection (cont.)
33
Example SQL Injection (cont.)
34
Example SQL Injection (cont.)

Write a Comment

User Comments (0)

About PowerShow.com

Recommended Relevance Latest Highest Rated Most Viewed

Sort by:

Related More from user

CrystalGraphics Presentations

Introducing-PowerShowcom PowerPoint PPT Presentation

Introducing-PowerShowcom - Introducing-PowerShowcom (Without Music)

CrystalGraphics 3D Character Slides for PowerPoint PowerPoint PPT Presentation

CrystalGraphics 3D Character Slides for PowerPoint - CrystalGraphics 3D Character Slides for PowerPoint

Chart and Diagram Slides for PowerPoint PowerPoint PPT Presentation

Chart and Diagram Slides for PowerPoint - Beautifully designed chart and diagram s for PowerPoint with visually stunning graphics and animation effects. Our new CrystalGraphics Chart and Diagram Slides for PowerPoint is a collection of over 1000 impressively designed data-driven chart and editable diagram s guaranteed to impress any audience. They are all artistically enhanced with visually stunning color, shadow and lighting effects. Many of them are also animated. And they’re ready for you to use in your PowerPoint presentations the moment you need them. – PowerPoint PPT presentation

Related Presentations

Web Application Security PowerPoint PPT Presentation

Web Application Security - The information contained in this presentation is intended to be ... Victoria's Secret reveals far too much. http://cooltech.iafrica.com/technews/280300.htm ... | PowerPoint PPT presentation | free to view

9 Ways to Hack a Web App PowerPoint PPT Presentation

9 Ways to Hack a Web App - Cross-site scripting (80 per cent) SQL injection (62 per cent) Parameter tampering (60 per cent) ... (37 per cent) Database server (33 per cent) Web server (23 ... | PowerPoint PPT presentation | free to view

OWASP Presentation | PowerPoint PPT presentation | free to view

OWASP Presentation - OWASP Presentation | PowerPoint PPT presentation | free to view

Cross Site Scripting XSS PowerPoint PPT Presentation

Cross Site Scripting XSS - Legitimate site returns injected code in web page. ... MySpace worm (October 2005) When someone viewed Samy's ... First Login as Tom with tom as password. ... | PowerPoint PPT presentation | free to view

Chapter 10 Review PowerPoint PPT Presentation

Chapter 10 Review - description Outputs the current date /description name simpleDate /name ... OWASP Web Scarab. http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project ... | PowerPoint PPT presentation | free to view

NEbraskaCERT Cyber Security Forum PowerPoint PPT Presentation

NEbraskaCERT Cyber Security Forum - Will probably become a more common means of exploitation as ... Designers decide to use Application-based authentication ... used to capture a few passwords... | PowerPoint PPT presentation | free to view

Web Application Security - Pick pages for indexing early on, designate them as public, give them their own subdirectory ... 'But I'm an artist, and code is my canvas! ... | PowerPoint PPT presentation | free to view

Web Hacking - Some of the most devastating Internet worms have historically exploited these ... Burp Suite. Proxy, Repeater, Sequencer, Spider, Intruder ... | PowerPoint PPT presentation | free to view

RAMSES Regeneration And iMmunity SErviceS: A Cognitive Immune System PowerPoint PPT Presentation

RAMSES Regeneration And iMmunity SErviceS: A Cognitive Immune System - Data structures and functions within program. Used by program components to talk to each other ... Attack: Removes all removable files in web server document ... | PowerPoint PPT presentation | free to view

Web Application Security: Practicing Defense InDepth PowerPoint PPT Presentation

Web Application Security: Practicing Defense InDepth - Write a UDF to escape special characters in content that may be used for XSS ... the user by logging server-side and providing a unique ID to reference the error ... | PowerPoint PPT presentation | free to view

Recon, Pen Tests and Forensics PowerPoint PPT Presentation

Recon, Pen Tests and Forensics - Recon, Pen Tests and Forensics. Resources and their use. Introductions. Kristi Yauch ... Community Projects and Resources. Presentations, Meetings, Podcasts ... | PowerPoint PPT presentation | free to view

Application and OS Attacks PowerPoint PPT Presentation

Application and OS Attacks - Race conditions can arise when security-critical process occurs in stages ... Often, between stage that gives authorization, but before stage that transfers ownership ... | PowerPoint PPT presentation | free to view

Integrating Web Application Security into the IT Curriculum PowerPoint PPT Presentation

Integrating Web Application Security into the IT Curriculum - ... XKCD Vulnerability Growth Web Vulnerabilities Dominate Reasons for Attacking Web Apps Firewalls Don t Protect Web Apps Browser Malware Bypasses Firewall Goals ... | PowerPoint PPT presentation | free to view

Application and OS Attacks - Metasploit Knows about lots of attacks Has lots of payloads Metasploit Payloads include Bind shell to current port Bind shell to arbitrary port Reverse shell ... | PowerPoint PPT presentation | free to view

Context-Sensitive Program Analysis as Database Queries PowerPoint PPT Presentation

Context-Sensitive Program Analysis as Database Queries - ... 00 22669.00 468.00 1244.00 3428.00 1.00 47.00 0.00 8131.00 9183.00 226.00 229.00 5078.00 9737.00 167.00 309.00 16118.00 24483.00 767.00 3642.00 25588.00 48356 ... | PowerPoint PPT presentation | free to view

Changing global scenario of Information Security and its effects on Security testing PowerPoint PPT Presentation

Changing global scenario of Information Security and its effects on Security testing - CEH, CHFI, ECSA, LPT, DNV cVa, ECSP, EDRP, ECVP, ISO 27001 LA, SSCP, CISSP, DCL, PGDCL and some more Evolution of cyber crime First crime registered was in 1820. | PowerPoint PPT presentation | free to view

Web Hacking - Chapter 12 Web Hacking Revised 5-1-09 Web-Crawling Tools wget is a simple command-line tool to download a page, and can be used in scripts Available for Linux and ... | PowerPoint PPT presentation | free to view

OWASP Top 10 Project PowerPoint PPT Presentation

OWASP Top 10 Project - OWASP Top 10 Project Presented by ISAM Staff Tyler Hargis [GSEC, GWAS,GCIH] - and - Michael Morrison [GSEC, GWAS, CPTS, NSA IAM] * Input validation. Use a standard ... | PowerPoint PPT presentation | free to view

OWASP Building Secure Web Applications PowerPoint PPT Presentation

OWASP Building Secure Web Applications - ... y=1 ; time=12:30GMT ; OWASP Top Ten Unvalidated Input Broken Access Control Broken Authentication and Session ... Password Based Authentication Schemes ... | PowerPoint PPT presentation | free to view

Hacking - Hacking InfoPoint 07.12.2005 J rg W thrich | PowerPoint PPT presentation | free to view

Keamanan Web PowerPoint PPT Presentation

Keamanan Web - ... namun tidak semua menggunakan SSL karena komputasi yang tinggi DoS attack Request dalam ... Netscape Implementasi gratis pun tersedia openSSL ... | PowerPoint PPT presentation | free to view

WEB SECURITY - WEB SECURITY | PowerPoint PPT presentation | free to view