Description: Web Application Security has become one of the most hot areas in information security in recent times. As networks administrators are getting more and more aware of security best practices, they are locking down the entry points into their networks. However, certain essential services such as HTTP, HTTPS, Email etc always remain open. Thus now malicious hackers are slowly shifting their focus towards Web Applications as they are an easy target - thousands of lines of custom code generally written by developers who have no idea or background in security.
In order to secure / exploit web applications one needs a suite of automated tools which can quickly check for exploitation vectors such as SQL Injection, XSS, etc. The Exploit-Me suite of tools from Security Compass is just that. It is a set of Firefox plugins using which web application developers can quickly check if their code can be made to do malicious things. The current version consists of 3 plugins - XSS-Me (for Cross Site Scripting attacks), SQL Inject-Me (for SQL Injection attacks) and Access-Me (to check for access to privileged resources with requiring authentication).
In this presentation given at NotACon 2008, Dan Sinclair and Sabha Kazerooni from Security Compass talk about web application security and demonstrate various attacks using the Exploit-Me suite of tools.
You can download the Exploit-Me tools from the Security Compass website. A high resolution video of the talk can be downloaded here.
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.