Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Info

Web Scanners FOR THE WIN...

General Info

Type: Slides
Tags: vulnerability assessment, web application
Authors: Louis Nyffenegger
Event: Ruxcon 2010
Indexed on: Mar 26, 2013

File details

URL: http://www.ruxcon.org.au/assets/Presentations/louis.web-scanners.2010.pdf
File name: louis.web-scanners.2010.pdf
File size: 2.7 MB
MD5: ccd2f29570cc5088bdbe3780a8a794d8
SHA1: 754bc1ac5b6801d437950a29c3cf7bd75d6ab69d

Abstract

More and more organisations think an automatic web scanner can replace pentesters. Even if it may be true in some cases, I will demonstrate that most web scanners don't do a decent job and cannot be used to ensure that a website is secure. Most arguments against web scanners are based on the fact that these scanners cannot understand the business logic behind applications however, we will see that scanners are not even able to properly find vulnerabilities like SQL injections or command injection vulnerabilities. Based on commercial and open source tools, this presentation will take some examples of web vulnerabilities and go through each scanners results for good lulz.

View Permalink Favorite Read later

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.

Statistics

Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.

Contribute

To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !