Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Differences Between Web Application Scanning Tools When Scanning for XSS and SQLi

OWASP Foundation via YouTube

Overview

Explore an in-depth investigation into the differences between web application scanning tools for detecting XSS and SQL injection vulnerabilities in this AppSecUSA 2017 conference talk. Delve into the challenges faced by automated scanners as web technologies evolve, using the 2015 TalkTalk hack as a case study to highlight the critical importance of secure web applications. Examine how various scanning tools attempt to identify dangerous vulnerabilities and the impact of modern development frameworks on their effectiveness. Learn about the problems scanners encounter with both traditional and contemporary web architectures, including issues like Anti-CSRF tokens, recursive links, and dynamically generated URLs. Gain insights into potential improvements for automated scanning and understand the pitfalls of relying solely on automation without applying intelligence and context. Benefit from the expertise of Robert Feeney, SecOps Lead at Edgescan, as he shares his knowledge on web application security and managed services.

Syllabus

Introduction
Agenda
About Me
Verizon Data Breach Report
Notable Web Breaches
Automated Web Application Scanning
Why Johnny Cant Pentest
Experiment Setup
Experiment Overview
Key Findings
Attack Vectors
Stored XSS
Solution
Known Pitfalls
CAPTCHAs
Multistep Logins
Surf Tokens
NonStandard Error Messages
NonStandard Protocol
Name Level Check
Component Security

Taught by

OWASP Foundation

Reviews

Start your review of Differences Between Web Application Scanning Tools When Scanning for XSS and SQLi

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.