automating web testing beyond owasp webscarab using python

Report

Post on 25-Feb-2016

51 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

Automating Web Testing Beyond OWASP WebScarab Using Python. Brad Causey OWASP Guy IISFA Guy brad.causey@owasp.org. About Brad. Survivalist MMA Local Cop Gun Enthusiast Married with 5 Kids. 2. About Brad. Instructor for 8 years Various Publications Books - PowerPoint PPT Presentation

TRANSCRIPT

Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.

The OWASP Foundation

LASCON 2010Austin, Tx

http://www.owasp.org

Automating Web Testing Beyond OWASP WebScarab Using Python

Brad CauseyOWASP GuyIISFA Guybrad.causey@owasp.org

LASCON 2010

About Brad

SurvivalistMMALocal CopGun EnthusiastMarried with 5 Kids

LASCON 2010

About Brad

Instructor for 8 yearsVarious PublicationsBooksBBVA Compass Security AnalystTraining videosOWASP GPCOWASP Alabama Chapter Lead IISFA Alabama Chapter Lead

LASCON 2010

Why are we here?

Have the need to Automate tests

Some of these are difficult

Adapt to the app

WebScarab and Python are pretty popular

LASCON 2010

Why WebScarab?

Open Source

Scriptable

Uses text to store data

Cross-Platform

Browser Agnostic

LASCON 2010

WS Configuration and Special Notes

Saved Session Structure

Scriptinghttp://www.owasp.org/index.php/

Scripting_in_WebScarabimport org.owasp.webscarab.model.HttpUrl;

import org.owasp.webscarab.model.Request; import org.owasp.webscarab.model.Response;

LASCON 2010

WS Advanced Features

Search

Extensions

Session ID Analysis

XSS

Tagging

LASCON 2010

WS Weaknesses

AJAX

Performance

Output Format

Reporting

LASCON 2010

Why Python?

Open Source Interpreter

Plain Text

Great Support

Cross-Platform

Text Processing

LASCON 2010

A Python Primer

very clear, readable syntaxstrong introspection capabilities intuitive object orientationnatural expression of procedural codeexception-based error handlingvery high level dynamic data typesextensive standard librariesembeddable within applications as a

scripting interface

LASCON 2010

Useful Python Libraries

string Built-in Library .find .index .count

LASCON 2010

Useful Python Libraries

urllib2 Built-in Library .urlopen

EncodingData (for request)

LASCON 2010

Gluing the two together

WebScarab Files

Python File Reader

WebScarab Storage in-depth

LASCON 2010

Possibilities are endless!

Http Methods testing

Post/Get fuzzing

Cookies? Yes! import cookielib, urllib2http://docs.python.org/library/cookielib.html

LASCON 2010

Demo!

http://cdn1.gamepro.com/article_img/gamepro/214635-1.jpg?rand=2487A2F8-E22A-95A8-2C5A303E3847C9A2

LASCON 2010

The Norris convention center?

top related

automating owasp zap - devcseccon talk
Internet
owasp · 2021. 3. 9. · if you fancy a bite to eat you can...
Documents
webscarab, an introduction. - owasp€¦ · owasp 19 spider...
Documents
owasp cornucopia ecommerce website edition · web...
Documents
automating web application security testing with owasp zap...
Technology
the owasp foundation owasp chennai 2007 phishing
Documents
owasp owtf - summer storm - owasp appsec eu 2013
Technology
review owasp 2014 - owasp perú
Software
webgoat & webscarab
Documents
owasp london chapter meeting 30th march 2017...making &...
Documents
the owasp foundation owasp top 10 2010 kuai hinojosa...
Documents
webgoat & webscarab - owasp
Documents
sheepl - owasp foundation...autoit v3 is a freeware...
Documents
the owasp foundation owasp busting frame busting
Documents
owasp joomla! vulnerability scanner - owasp-my
Documents
open web application security project (owasp)€¦ · with...
Documents
owasp otg-configuration (owasp thailand chapter november...
Technology
getting benefits of owasp asvs at initial phases ·...
Documents
webgoat & webscarab “what is computer security for $1000...
Documents
owasp education owasp global summit portugal 2011
Documents