1 00:00:00,060 --> 00:00:07,950 You can find some interesting projects on tools for VAPT on the OWASP website, or in the Tools section 2 00:00:08,100 --> 00:00:10,860 of the Kali Linux website. 3 00:00:12,510 --> 00:00:20,460 A first type of tools that can be used are programs for crawling web applications, they allow you 4 00:00:20,460 --> 00:00:24,400 to download the entire structure of a website locally. 5 00:00:24,840 --> 00:00:32,240 Among these tools we can mention, for example, the wget command line program or the HTTrack 6 00:00:32,250 --> 00:00:33,060 application. 7 00:00:33,810 --> 00:00:40,650 At the end of this operation, the tester will be able to conveniently check the client-side source code 8 00:00:40,800 --> 00:00:48,780 of all pages in search of vulnerabilities, or sensitive data, and will also have a look at the structure 9 00:00:48,780 --> 00:00:52,290 of the site in terms of virtual directory. 10 00:00:54,040 --> 00:01:03,130 Another type of useful tools for VAPTs, are proxies such as Fiddler, Burp or WebScarab. 11 00:01:03,670 --> 00:01:12,040 They allow intercepting requests to bypass any input validation carried out on the pages with client 12 00:01:12,040 --> 00:01:21,100 side technology such as JavaScript, Jquery, Angular and check whether server side a further data validation 13 00:01:21,100 --> 00:01:22,270 is carried out. 14 00:01:25,850 --> 00:01:32,750 This is a screenshot of the Burp Suite, which is not only a proxy, but a more complete application, 15 00:01:33,260 --> 00:01:40,790 which in the professional version also adds a Web application vulnerability scanner functionality. 16 00:01:42,310 --> 00:01:48,070 We also have tools that work as vulnerability scanners, among them 17 00:01:48,250 --> 00:01:56,500 there are vulnerability scanners at the Web server level, such as Nikto, able to detect incorrect 18 00:01:56,520 --> 00:01:59,590 configuration on the Web servers. 19 00:02:01,480 --> 00:02:10,990 Then there are general purpose vulnerability scanners that are potentially capable of detecting vulnerabilities 20 00:02:10,990 --> 00:02:20,130 of the most disparate targets, such as applications, operating systems, services, network devices. 21 00:02:20,890 --> 00:02:28,810 At the end of the scan, they generate reports that list the vulnerabilities found on the target, classifying 22 00:02:28,810 --> 00:02:31,810 them typically by criticality. 23 00:02:32,710 --> 00:02:39,400 One of the most well-known critical encodings is the CVSS standard common vulnerabilities 24 00:02:39,400 --> 00:02:40,480 scoring system. 25 00:02:40,960 --> 00:02:47,080 Among these vulnerability scanners, for example, Tenable Nessus can be mentioned. 26 00:02:48,780 --> 00:02:57,360 Greenbone Security's OpenVas is another known general-purpose vulnerability scanner. 27 00:02:58,670 --> 00:03:03,580 Rapid7's Nexpose is also a famous vulnerability scanner 28 00:03:05,860 --> 00:03:12,250 Another known general-purpose vulnerability scanner is the Qualys vulnerability scanner. 29 00:03:14,410 --> 00:03:22,270 There are also specific vulnerability scanners for finding vulnerabilities on web applications, 30 00:03:22,600 --> 00:03:32,410 also known as dynamic application security testing tools, or DAST tools as, for example, Acunetix 31 00:03:32,410 --> 00:03:33,580 and Netsparker. 32 00:03:37,110 --> 00:03:46,080 Owasp has developed an open source Web application vulnerability scanner known as ZAP Zed Attack Proxy, 33 00:03:46,470 --> 00:03:51,540 which can be downloaded by accessing the Owasp ZAP project section. 34 00:03:55,130 --> 00:04:05,090 There are also suites that work not only as DAST tools, but also as SAST tools or static application 35 00:04:05,090 --> 00:04:14,690 security testing tools, which can also allow you to perform a static analysis of the source code of 36 00:04:14,690 --> 00:04:15,810 the Web application. 37 00:04:16,160 --> 00:04:24,470 Among this, it is worth mentioning the WebInspect/Fortify suite and the AppScan suite. 38 00:04:26,400 --> 00:04:34,390 And finally, there are specific vulnerability scanners for Web applications developed with CMS 39 00:04:34,500 --> 00:04:42,000 such as Joomla or WordPress, among which we can mention, for example, the Joomscan or WPscan 40 00:04:42,000 --> 00:04:48,030 tools, both included among the tools of the Kali Linux distribution. 41 00:04:50,280 --> 00:04:58,380 Moving on from the vulnerability assessment, which only highlights vulnerabilities without exploiting 42 00:04:58,380 --> 00:05:06,120 them to the Pentest, which instead attempts to exploit vulnerabilities through exploits, we can 43 00:05:06,120 --> 00:05:11,430 mention framework that allows you to automate Pentests such as 44 00:05:12,780 --> 00:05:15,450 Core Impact of Core Security 45 00:05:17,050 --> 00:05:25,420 A very famous platform for Pentest automation, is Rapid7's Metasploit, which also exist in 46 00:05:25,420 --> 00:05:28,900 the community version included in Kali Linux. 47 00:05:32,160 --> 00:05:37,890 Immunity's Canvas can also be mentioned among the Pentest frameworks. 48 00:05:40,190 --> 00:05:48,680 This slide shows a list of the most frequent and common attacks on applications and web targets. 49 00:05:52,350 --> 00:06:01,530 Here I've shown in the form of a diagram, all the possible sequential steps to be performed to carry 50 00:06:01,530 --> 00:06:04,290 out Pentest of Web applications. 51 00:06:07,710 --> 00:06:15,780 To carry out VAPTs simulations, various application projects developed with various technologies can 52 00:06:15,780 --> 00:06:24,400 be found on the Web, they can be used to perform test laboratories. Owasp has also developped a 53 00:06:24,510 --> 00:06:31,530 project called WebGoat, a Web application in PHP to run Pentest laboratories. 54 00:06:33,210 --> 00:06:42,000 You can also use for testing purposes for VAPT, a project of an application I developed with ASP.NET 55 00:06:42,000 --> 00:06:46,800 called VVWA, downloadable from GitHub 56 00:06:49,480 --> 00:06:52,050 Thank you for your kind attention.