Acunetix technical presentation v7 setembro2011

Version 7.0
Treinamento Técnico

Content
• What do hackers do?
• What is a Web Vulnerability Scanner?
• Acunetix WVS
– The Scan Wizard
– Scan Results
– Scan Report
• Acunetix WVS Tools
– Target Finder
– Site Crawler
– AcuSensor Technology
– Port Scanner and Network Alerts
– HTTP Editor
– HTTP Fuzzer
– HTTP Sniffer
– Blind SQL Injector
– Authentication Tester
– Compare Results
• Acunetix WVS Configuration
– Application Settings
– Scanning Profiles

The Hacking Objectives
- Techniques used by
Hackers and Acunetix WVS

What do hackers do?
• Hackers use a systematic plan of action:
1. Study Server Infrastructure and Server Operating
System/type.
2. Survey the website/application.
3. Check for presence of vulnerabilities.
4. Plan and Mount the attack.
• Acunetix WVS acts like a Hacker by trying to find vulnerabilities on
the web application, web technology (e.g. PHP, Apache etc), web server
or any network service (e.g. DNS, FTP etc) running on the web server.

Popular Hacking Techniques
• Known static methods:
– Specific Web Applications known
exploits
– Directory enumeration
– Known Web Server exploits
– Known Web technology exploits
(e.g. php vulnerabilities)
– Known network services exploits
(e.g. DNS, FTP, SMTP)
• Unknown dynamic methods:
– SQL Injection
– Cross-site Scripting
– Directory and Link Traversal
– File Inclusion
– Source Code Disclosure
– Code Execution
– Common File Checks
– Parameter Manipulation
– Arbitrary file creation or deletion
– CRLF Injection
– Path Truncation
– Java Applet reverse engineering
– Session Hijacking
– Authentication Attacks
– Google Hacking Database
Acunetix WVS searches for all of
the above hacking methods and
much more.

Web Vulnerability Scanners
- Acunetix WVS

What is a Web Vulnerability Scanner?
• Hacking is an ever-growing threat against web applications. Any
user browsing a website can be a potential hacker, so a preventive
approach is the first defence.
• A Web Vulnerability Scanner is an automated security application
that searches for vulnerabilities within web applications, web
technologies and web servers.

Acunetix WVS
• Acunetix WVS is a Web Scanner which is easy to use and provides
both automatic and manual ways of vulnerability checking.
• Uses dynamic methods to replicate hacking attacks in a non-
destructive manner, Acunetix WVS is an essential tool to find
vulnerabilities in your web applications and web servers.

The Acunetix WVS
Acunetix WVS is an
easy-to-use Heuristic
Methodology Scanner
allowing automatic and
manual scans and
audits.
By replicating hacking
attacks in a non-
destructive manner,
Acunetix WVS is an
essential tool to help you
find vulnerabilities in your
web environment.

How Acunetix WVS Works
• Discovery and Crawling Process Stage
• Automated Scan Stage
• Specific Manual Testing Stage (optional)
• Reporting Stage

The Acunetix Scan Wizard
-Launch a Security Scan
in 6 Easy Steps

Scan Wizard – Scan Type
• Four options to choose from to
start a scan:
– URL of the website
– From previously saved
crawling results
– From list of URLs in a text file
– From a port scan on a range
of IP‟s

Scan Wizard – Select Targets
• The 2nd step in the scan wizard
the Web Scanner identifies the
web server, web technology, its
operating system and optimizes
the scan accordingly.
• For every target you can configure
specific details such as OS and
Web server if not identified by
scanner.

Scan Wizard – Crawling Options
• The 3rd step allows you to
configure crawling settings.
• These selections will determine
how the website will be crawled
with options related to the URL,
folders, forms and the execution of
JavaScript / AJAX.

Scan Wizard – Scan Options
• The 4th step allows you to select a
scanning profile to specify specific
vulnerability scanning.
• The scanning mode selection configured
determines the complexity of the scan
methodology.
• You can also turn ON / OFF AcuSensor
Technology, Port Scanner and Network
Alerts, Scanning for known web
applications and options for manipulating
HTTP headers.

Scan Wizard – Scanning Mode Help
• The scanning mode help link
explains the difference between
the three scanning modes.

Scan Wizard – Login
• The 5th step is optional and it is
used to configure credentials to be
used by the scanner during the
scan to access password
protected sites.
– Supports both HTTP and
HTML authentication methods.
– A login sequence recorder is
used to record an HTML login
manually to be used during an
automated scan.

Scan Wizard – Review
• The 6th and final step is a
summary that indicates that the
scanner has successfully located
its target and is ready to launch
the scan with the specified profile.

The Web Application
Crawl and Scan Process
- Site Crawling
- Test Execution

Web Application Scan Process
• The scan sequence consists of 2
phases:
– Crawling
• Builds the structure of the
website on which the scan
will be launched.
– Scanning
• Executes vulnerability
attacks in a non-
destructive manner against
the crawled site structure.

• During the scan results are
updated in real time. it is possible
to click on any reported
vulnerability and view its details,
html requests and responses,
attack details and more in the
information window on the right
hand side.

• When the scan is complete, the
results are automatically saved to
the default database, or as
configured by the user for report
generation.
• The activity window at the bottom
indicates scan completion.

The Web Services Scan Wizard
-web service security
Scan in 4 easy steps

Web Services Scan Wizard – Location
• Two options to start a scan:
– Select the target WSDL from
its URL
– Select the target WSDL from
a local directory

Web Services Scan Wizard – Selection
• In the 2nd step the scanner
identifies the web service port
types and allows you to select
which inputs you want to scan.

Web Services Scan Wizard – Defaults
• The 3rd stage allows you to enter
specific values for the web
service inputs. If left blank, the
scanner will use its test values
during the scan.

The Web Services Scan Wizard – Finish
• The final stage is a confirmation
that a connection has been
established to the web service,
and that the scan has the correct
configuration to proceed.

- Site Crawling
- Test Execution
The Web Services
Scan Process

Web Services Scan Process
• For web services, the scan
immediately performs its test
routines on the various inputs
defined by the WSDL.
• During the scan, it is possible to
view real-time information in the
info-window on the right hand side
of the interface.

Web Services Scan Process
• When the scan is complete WVS
automatically insert the results into
the database and a report can be
instantly generated.

WVS Reporter
- Full featured reporting
application

WVS Reporter – Generate Report
• After a scan completion, you can
generate a report. To generate
the default report style from the
scan results, click “Report” button
in the Web Scanner toolbar.

WVS Reporter – Review and export
• The generated report is easily
reviewed directly from the
Reporter Tool. The Reporter also
offers complete export
functionality to the most required
document formats such as PDF,
HTML, MS Word and more.

WVS Reporter – various report formats
• The tools explorer in the Reporter
allows you to choose from various
built in templates to generate
reports in such format. Templates
include:
– Executive report
– Developer report
– Compliance (HIPAA, PCI,
OWASP, SOX, WASC) report
– Comparison report
– Statistical report

Acunetix Vulnerability Editor
-The Core of Acunetix WVS
- Customize Vulnerability
Checks

Acunetix Vulnerability Editor
• The Vulnerability Editor is a
separate component of Acunetix
WVS.
• It is the central vulnerability
database used by the scanner.

Acunetix Vulnerability Editor –
Create your own vulnerabilities
• The Acunetix research lab is
dedicated to gather information
from a wide spectrum of sources.
As soon as a new vulnerability is
found, it will be added to the
vulnerability database and
immediately put available to
product updates.
• Moreover, the Acunetix WVS lets
expert users to create and add
their own vulnerability checks
through the vulnerability editor.

Acunetix WVS Tools
-Manual Testing Tools
And Utilities

Acunetix WVS Tools
• Apart from the automated
scanning, ideal for Penetration
testers and Security experts,
Acunetix WVS contains other
tools which can be used to
perform manual and complex
security tests.

Target Finder Tool
• A port scanning tool that may
be used to find target
websites to scan from a range
of IP Addresses.
• It is possible to launch a scan
directly from the list of web
servers displayed in the
results pane.

Site Crawler Tool
• Traverses the target site and
builds an internal representation
of the site layout using the
information collected.
• You can use the site crawler tool
to analyze the structure of a
website without launching the
attacks.
• With AcuSensor Technology
enabled a listing of all objects in
the website is generated included
hidden and non published objects.

HTTP Editor Tool
• Allows you to create or edit HTTP
requests and analyze the server
response.
• Organized into 2 panes:
– The top pane shows the HTTP
request data.
– The bottom pane shows the
server response data.
• From the crawler results, one can
export any page which needs in
depth analysis into the HTTP
Editor.

HTTP Fuzzer Tool
• Allows sophisticated testing for:
– Buffer Overflows
– Input Validation
– A Range of Variables
– Cookie Matching
• Using generators, it is possible to
automatically submit a range of requests
determined by an easy parameter
configuration. This degree of automation
allows you to quickly test the results of a
multitude of queries while significantly
reducing the amount of manual input.
• example:
http://testphp.acunetix.com/listproducts.php?cat=1 – the numerical value of cat=1can be
replaced by a number generator to automatically submit requests between 1 to 1000. The
scanner will then display all the valid responses returned.

HTTP Sniffer Tool
• A proxy server which can capture, edit
and filter requests passed between a web
client (e.g. browser) and a web server.
• An excellent tool used to intercept client
requests and modify them before they are
sent to the server and back. May be used
to:
– Create a rule to trap particular POST,
GET requests and change them
manually.
– Create a rule to that automatically
changes particular requests.
– Create a rule to automatically log
information in requests or responses.

Blind SQL Injector
• Ideal for penetration testers,
the Blind SQL injector is an
automated database data
extractiontool perfect for
making manual tests to allow
further testing for SQL
injections.

Authentication Tester Tool
• Used to test HTTP or HTML authentication forms for weak
passwords via a dictionary attack.
• Create your own dictionary or download a dictionary and configure
Acunetix WVS to use such dictionary.

Compare Results Tool
• Allows you to analyze the
differences between 2 scans
performed at different dates. You
can compare a full security scan,
or just the site crawler output.
• After saving 2 sets of scan
results, it is possible to load them
side by side for an easy visual
comparison.

Acunetix Scheduler
• Offers all the same functionality
available in the application or
web service wizards.
• Run as a Windows service.
• Features an automated mailer
which attaches scan results and
reports on completion.

Command Line Support
• Acunetix WVS and its scan
parameters can be configured
and launched through a
command prompt.
• Automate repetitivetasks through
batch files and scripting
languages. Scans are performed
faster than normal GUI operated
scans.

The Acunetix Scanner Settings
- Customize and Configure all
the WVS components

Acunetix WVS Configuration
• Acunetix is a fully configurable
scanner as we believe that each
website is unique and requires a
specific dedicated and fully
customizable testingtool and
specific tests need to be run
against it.

Application Settings
• In Application settings once can
configure:
– updates URL
– user agent string
– Customize HTTP tuning
– Password Protect WVS
– Proxy / Socks Settings
– Database settings (for
reporting functionality)
– Web site client certificates
– Logging options

Site Crawler Settings
• Apart from configuring default
crawler settings, one can also
configure:
– File Filters e.g exclude
multimedia files
– Directory Filters
– URL Rewrite rules e.g. helps
the crawler crawl websites
using search engine friendly
URL‟s
– Custom cookies e.g. create
your own custom cookies for
specific sites requiring
specific cookies

HTTP Sniffer Settings
• The HTTP Sniffer can be
configured to run on any
particular port. By default it runs
on port 8080.
• It can also be configured to
listen on localhost only or to
listen on any interface running
on the computer, so any web
browser on the network can use
http sniffer as a proxy.

Application Settings – Scanner
• Apart from configuring default
settings for the scanner and options
like „Limit crawl recursion‟ and
„Abort scan if server stops
responding‟ one can also configure
options such as:
– Add / remove or edit Login
Sequences
– submission of specific values to
specific HTML forms
– Parameter Manipulation options
– Parameter Exclusion options
– Custom 404 Pages
– Google Hacking database
options
– AcuSensor Technology options
– Port Scanner options
– False Positives options

Scanning Profiles Settings
• Scanning profiles can be
configured to include or exclude
particular tests from a scan. All
scanning profiles can be saved
or deleted accordingly.

Acunetix WVS Scheduler
Obrigado pela sua atenção !
For Web Security information follow our blog; www.acunetix.com/blog

Acunetix technical presentation v7 setembro2011

More Related Content

What's hot (20)

Similar to Acunetix technical presentation v7 setembro2011 (20)

Recently uploaded (20)

Acunetix technical presentation v7 setembro2011