OWASP
2016-12-01 23:29:42 0 举报AI智能生成
OWASP v4
作者其他创作
大纲/内容
2.Configuration and Deployment Management Testing
4.Authentication Testing
6.Session Management Testing
8.Error Handing
10.Business Logic Testing
1.InformationGathering
2.Web应用指纹识别
4.枚举Web服务器上的应用
# nmap -PN -sT -p0-65535 $TARGET
6.分辨应用接入点
1.Request
GET-->URL:a?...
POST-->HTTP body
2.Response
Set-Cookie
HTTP StatusCode
3xx:Redirect
403:Forbidden
500:ServerError
3.tools
ZedAttackProxy(ZAP)
BurpSuit
FireFox-->Plug-in:TamperData
7.爬行网站
8.识别应用框架
HTTP-->X-Powered-By/X-Generator
HTTP-->Cookies
HTML-->MATE tag
3.Identify Managment Testing
5.Authorization Testing
7.Input Validation Testing
9.Cryptography
11.Client Side Testing
0 条评论
下一页
