LinuxCBT.com

Syllabus

Focus: Web Server Scanning

Duration: 10-Hours

  • Intro to Web Server Scanning with Nikto - Module XV

    • Introduction - Nikto - Features
      • Discuss Nikto Features
      • Pinpoint useful online resources
      • Identify key systems in topology
      • Explore possible scan targets
    •  
    • Nikto Installation
      • Download Nikto Web Scanner
      • Perform Installation
      • Explore run-time environment
      • Discuss Plugins - Signatures - DBs
      • Peruse configuration entries
      • Mention key CLI options
    •  
    • Staging Scan
      • Identify Staging targets
      • Scan Staging to ascertain server metadata
      • Perform comprehensive scans of targets
      • Watch web logs while scans are ongoing
      • Alter display of Web Scan Requests and Responses
      • Rule-out false-positives
      • Adjust security posture where applicable
      • Re-scan and compare and contrast
    •  
    • Production Scan
      • Identify PROD web instance
      • Discern useful metadata with reconnaissance
      • Drill deeper to determine more relevant attributes
      • Attempt to identify vulnerabilities on target
      • Peruse findings accordingly
      • Suggest methods of filtering false-positives
    •  
    • Reporting | Logging
      • Compare STDOUT to Report Data
      • Discuss Logging | Reporting options and formats
      • Enable Reports on various scans
      • Vary target reports for Cron mode
      • Tweak scans and redirect output accordingly
    •  
    • SSL Scans
      • Discuss applicabilitiy
      • Identify key options
      • Enable SSL scanning on targets
      • Compare Staging and Production output
      • Examine supported ciphers on targets
      • Search for cipher weaknesses
      • Evaluate results
    •  
    • Proxy Server Relay Scans
      • Discus pros and cons of Proxy Usage
      • Identify Squid Proxy Facility
      • Update Nikto configuration to support Proxy Usage
      • Perform Proxy Scans from multiple Web Scanners
      • Evaluate Proxy Requests | Responses in Real-Time
      • Compar and Contrast performance differentials
      • Evaluate results
    •  
    • Nikto Scan Tuning
      • Discuss features and benefits
      • Identify key Tuning Options
      • Filter scans to focus on targeted Plugins
      • Initiate multiple Tuned Scans
      • Evaluate Results
    •  
    • Web Application Attack Audit Framework (w3af)
      • Discuss features and benefits
      • Obtain sources
      • Fulfill dependencies
      • Launch and peruse interface
      • Execute common scans
      • Evaluate and discuss ongoing
    •  
    • 'apache-users'
      • Discuss features
      • Search target for UserDir support
      • Enable UserDir support
      • Enumerate confirmed system users
      • Search for non-system users
      • Alter search to handle different return values
      • Disable UserDir support
    •  
    • 'dirb'
      • Discuss features
      • Search web server for common content
      • Look for Apache vulnerabilities
      • Check for CGI-related issues
      • Check using multiple wordlists
      • Recurse to find additional directories
      • Discuss findings and possible remediations
    •  
    • Apache - Suppress Superfluous Bits n Bobs
      • Launch Burp Suite
      • Proxy Requests
      • Identify Superfluous items
      • Tweak Config
      • Mitigate data exposure
      • Re-Test
    •  
    • 'skipfish'
      • Discuss features
      • Scan Target
      • Peruse Report
      • Rectify XSS Concerns
      • Discuss various findings
      • Re-Scan
    •  
    • OWASP - ZAProxy
      • Discuss features
      • Quick Attack Target URL
      • Discuss findings
      • Tighten HTTP Headers
      • Re-Scan | Discuss findings
      • Explore default Spider Results
      • Expand results via SVN Spider
      • AJAX-Spider URL
      • Mitigate visible SVN Entries
      • Passively scan Web Application
      • Evaluate captured data
      • Active Scan - WebApp
      • Proxy valid user requests
      • Define WebApp user
      • Define Login/Logout indications
      • Perform Active Scan
      • Evaluate additional results
      • Process False-Positives
      • Handle XSS Positive
    •  

LinuxCBT WebScan Edition

  •  
DEMO