Submit Search
Upload
Security testing ?
•
3 likes
•
870 views
M
Maikel Ninaber
Follow
How serious is Web Apps Security Testing ?
Read less
Read more
Internet
Report
Share
Report
Share
1 of 46
Recommended
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Chris Gates
Web application security & Testing
Web application security & Testing
Deepu S Nath
Security Testing
Security Testing
Kiran Kumar
Owasp zap
Owasp zap
penetration Tester
The OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
Security testing fundamentals
Security testing fundamentals
Cygnet Infotech
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17
Sagar M Parmar
Recommended
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Chris Gates
Web application security & Testing
Web application security & Testing
Deepu S Nath
Security Testing
Security Testing
Kiran Kumar
Owasp zap
Owasp zap
penetration Tester
The OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
Aditya Gupta
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
Security testing fundamentals
Security testing fundamentals
Cygnet Infotech
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17
Sagar M Parmar
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
SSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
Security Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic Attacks
Marco Morana
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
bartblaze
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Michael Coates
Security testing vikesh kumar
Security testing vikesh kumar
Vikesh Kumar
OWASP Top Ten
OWASP Top Ten
Christian Heinrich
Lie to Me: Bypassing Modern Web Application Firewalls
Lie to Me: Bypassing Modern Web Application Firewalls
Ivan Novikov
Malware analysis
Malware analysis
Prakashchand Suthar
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP
Security Testing
Security Testing
Qualitest
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)
Ajay Negi
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
Security testing
Security testing
Rihab Chebbah
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
Stephen de Vries
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
Stephan Kaps
More Related Content
What's hot
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
SSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
Security Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic Attacks
Marco Morana
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
bartblaze
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Michael Coates
Security testing vikesh kumar
Security testing vikesh kumar
Vikesh Kumar
OWASP Top Ten
OWASP Top Ten
Christian Heinrich
Lie to Me: Bypassing Modern Web Application Firewalls
Lie to Me: Bypassing Modern Web Application Firewalls
Ivan Novikov
Malware analysis
Malware analysis
Prakashchand Suthar
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP
Security Testing
Security Testing
Qualitest
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)
Ajay Negi
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
Security testing
Security testing
Rihab Chebbah
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
What's hot
(20)
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
SSRF For Bug Bounties
SSRF For Bug Bounties
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Security Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic Attacks
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Security testing vikesh kumar
Security testing vikesh kumar
OWASP Top Ten
OWASP Top Ten
Lie to Me: Bypassing Modern Web Application Firewalls
Lie to Me: Bypassing Modern Web Application Firewalls
Malware analysis
Malware analysis
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Security Testing
Security Testing
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Logical Attacks(Vulnerability Research)
Logical Attacks(Vulnerability Research)
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Security testing
Security testing
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Viewers also liked
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
Stephen de Vries
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
Stephan Kaps
Security testing presentation
Security testing presentation
Confiz
Software Project Management: Testing Document
Software Project Management: Testing Document
Minhas Kamal
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Study
we45
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Kyle Lai
8 Access Control
8 Access Control
Alfred Ouyang
Audit Checklist for Information Systems
Audit Checklist for Information Systems
Ahmad Tariq Bhatti
Viewers also liked
(8)
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
Security testing presentation
Security testing presentation
Software Project Management: Testing Document
Software Project Management: Testing Document
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Study
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
8 Access Control
8 Access Control
Audit Checklist for Information Systems
Audit Checklist for Information Systems
Similar to Security testing ?
No, you be the hacker !
No, you be the hacker !
Maikel Ninaber
Once upon a time... before UX became relevant
Once upon a time... before UX became relevant
Michael Van der Gaag
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
Deploy360 Programme (Internet Society)
Summit 2016 Wrap-up for eVar7
Summit 2016 Wrap-up for eVar7
Keisuke Anzai
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threat
Cyren, Inc
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
Nrf 2016 - Observations and reflections
Nrf 2016 - Observations and reflections
Capgemini
State of NetBeans
State of NetBeans
Geertjan Wielenga
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
CODE BLUE
Similar to Security testing ?
(9)
No, you be the hacker !
No, you be the hacker !
Once upon a time... before UX became relevant
Once upon a time... before UX became relevant
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
ION Hangzhou - Keynote: Collaborative Security and an Open Internet
Summit 2016 Wrap-up for eVar7
Summit 2016 Wrap-up for eVar7
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Nrf 2016 - Observations and reflections
Nrf 2016 - Observations and reflections
State of NetBeans
State of NetBeans
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
[CB16] Background Story of "Operation neutralizing banking malware" and highl...
Recently uploaded
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
rnrncn29
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Sonam Pathan
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
Fs
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
ys8omjxb
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
miss dipika
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Excelmac1
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
Fs
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
gdsc13
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
MartaLoveguard
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
rnrncn29
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Sonam Pathan
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
494f574xmv
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
eusebiomeyer
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
editsforyah
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
z xss
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
Marko4394
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
zdzoqco
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
Christopher H Felton
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
LinaWolf1
Recently uploaded
(20)
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
Security testing ?
1.
Maikel Ninaber 19/04/2016 How serious
is Web Apps Security Testing ?
2.
2Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Known facts
3.
3Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Known facts
4.
4Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Web Apps
5.
5Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Web Apps
6.
6Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Web Apps
7.
7Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Web Apps
8.
8Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Web Apps
9.
9Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Web Apps
10.
10Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Web Apps
11.
11Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Query strings
12.
12Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Query strings
13.
13Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Query strings
14.
14Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Query strings
15.
15Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Routing
16.
16Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Routing
17.
17Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Routing
18.
18Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 HTTP verbs
19.
19Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 HTTP verbs
20.
20Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 HTTP verbs
21.
21Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 HTTP verbs
22.
22Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Browser protection
23.
23Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Browser protection
24.
24Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Browser protection
25.
25Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Browser protection
26.
26Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 What the browser can’t defend against
27.
27Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 What the browser can’t defend against
28.
28Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 What the browser can’t defend against
29.
29Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 OWASP top 10
30.
30Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 No SQL injection today
31.
31Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Understanding Untrusted Data
32.
32Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Understanding Untrusted Data
33.
33Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Understanding Untrusted Data
34.
34Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Understanding Untrusted Data
35.
35Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Understanding Untrusted Data
36.
36Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Understanding Untrusted Data
37.
37Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Understanding Untrusted Data
38.
38Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Demo
39.
39Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Defending Against Tampering
40.
40Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Defending Against Tampering
41.
41Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Defending Against Tampering
42.
42Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Defending Against Tampering
43.
43Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Where to practice
44.
44Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Limitations Computer Fraud and Abuse Act • Using a computer to intrude upon or steal something from another computer is illegal Unintended consequences, such as damaging hijacked computers belonging to innocent individuals, while real criminals remain hidden several layers back on the Internet (e.g., TOR) The only kind of hacking that's considered tolerable is what you might enact defensively within your own computer or network. What’s clearly illegal are offensive hacks, where you leave your territory and actively pursue an assailant online.
45.
45Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Another Hacker goes to jail !
46.
46Copyright © 2016
Maikel Ninaber. All Rights Reserved Security testing | May 2016 Sources http://www.telerik.com/fiddler https://www.troyhunt.com/ https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sh eet https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project http://www.dvwa.co.uk/ https://hackyourselffirst.troyhunt.com/ https://nl.linkedin.com/in/maikelninaber http://cookiecontroller.com/internet-cookies/secure-cookies/ http://stackoverflow.com/questions/1442863/how-can-i-set-the-secure-flag-on- an-asp-net-session-cookie