Web Application Penetration Testing using OWASP Zed Attack Proxy Project, w3af,

Question

Web Application Penetration Testing using OWASP Zed Attack Proxy Project, w3af, Back Track, Netsparker, or any other penetration tool

Web Applications Penetration Testing

Web penetration testing tools can be used to evaluate web applications to withstand various security attacks.

Learn how to conduct a pen testing against a web application using one of well-known web applications penetration testing tools such as OWASP Zed Attack Proxy Project, w3af, Back Track, Netsparker, etc.

Requirements:

Need to learn how to install and use a pen testing tool. (e.g.) if you want to use OWASP Zed Attack Proxy Project, which I recommend, refer to the following site. (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)

Use the following URL for the target web application pen testing, http://software-security-class-test-app.azurewebsites.net/

Then, document the testing procedures and results.

The report should include the following items.

A. Include the name and brief description of the used penetration tool

B. Include installation and testing procedures (including screenshots)

C. describe at least two vulnerabilities found by the penetration testing (including result screenshots). It should include what the security vulnerabilities are, how they work, what damage they can cause, how they can be avoided/cured, and so on.

You will find some of the following security vulnerabilities: Access Control Flaws, AJAX Security, Authentication Flaws, Buffer Overflows, Code Quality, Concurrency, Cross-Site Scripting (XSS), Denial of Service, Improper Error Handling, Injection Flaws, Insecure Communication, Insecure Configuration, Insecure Storage, Malicious Execution, Parameter Tampering, Session Management Flaws, Web Services, and so on.

Explanation / Answer

Here we are going to use penetration testing tool named Netsparker the description about it is given below:

How to install: This trial version of Netsparker Professional tool is available for 15 days. For using for 15 days you need to give your credit card details and all. After download it from its website. you can install with on your windows like other softwares.

Test procedure: Its very easy to use, with out this tool you need to spend time on finding the security tool and learn how to use it. But with netsparker, you need not to worry, just download, install then start scanning your web applications. The testing steps are given below:

1. Download netsparker,and then install it.
2. Open netsparker and then enter the URL of web application that you wan to check for vulnerability.
3. Now click on Start Scan option
4. Now the pre configured setting of netsparker will come in to picture and do all the vulnerability checks and show the result
5. You also can change the setting on the bases of your needs.
6. Its easy to use and got praise from all around the world for its simple user interface.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.