Upload
raghu-nath
View
485
Download
3
Tags:
Embed Size (px)
Citation preview
Why Joomla/Gymla ?
● Challenge !● Learn exploitation in complex
web applications● IBM X-force paper on CMS
security.
Know your enemy
If you know your enemies and know yourself, you will not be imperiled in a hundred battles
-- Sun Tzu, the art of war
Source code Auditing
●Identify vulnerable Functions●Analyze the entry points●Analyze Input Validations.
Fuzzing● Find the entry points ● SQL Injection● XSS● CSRF● Command Injection● Click Jacking with Drag and drop
References
● http://www.exploit-db.com/papers/15780/
● http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119