OWASP OWTF Anant Shrivastava
Slide 1
Slide 2
OWTF
Slide 3
O.W.T.F.
Slide 4
Offensive Web Testing Framework
Slide 5
Who am i Anant Shrivastava Information Security Consultant OWASP + G4H + null http://anantshri.info @anantshri
Slide 6
Agenda What is OWTF OWTF Demo Things not covered How to Contribute
Slide 7
Offensive Web Testing Framework
Slide 8
Need of W.T.F. Automated Pentest operations Organize finding as per standard standard could be OWASP, NIST or others custom notes and rankings identify type of execution Passive, active
Slide 9
History We started out as a way to run OWASP test’s without accessing the website directly i.e. via indirect / passive ways. Written in Python by Abraham (@7a_) One of the most active OWASP projects alongside (ZAP and TestingGuide)
Slide 10
U. S. P. Automated task execution Single Dashboard result aggregation (in future co-relation) Raw tools output available Single point dashboard for all data. Control Task’s : Pause and resume.
Slide 11
HOW
Slide 12
But its primarily a DEMO
Slide 13
So lets Launch the demo parts first.
Slide 14
Project hosted at http://github.com/owtf/owtf
Slide 15
Officially supports KALI LINUX & Samurai WTF
Slide 16
Demo Setup 1. Kali Machine with OWTF configured on it 2. scan : http://demo.testfire.net 3. scan : http://testasp.vulnweb.com
Slide 17
Basic setup git clone http://github.com/owtf/owtf.git cd owtf python2 install/install.py
Slide 18
DEMO
Slide 19
Development
Slide 20
Not covered OWTF botnetmode OWTF inbuilt proxy OWTF PlugnHack support OWTF Waf Bypasser and other plugins
Slide 21
contribute? GSoC Winter of Code Just Code Issue tracker comments on Github page.
Slide 22
Useful links 1. 2. 3. 4. http://owtf.org http://github.com/owtf/owtf Video Demos @ youtube (owtfproject) http://bit.ly/owtf-demo-lionheart
Slide 23
Social Connect Twitter: @owtfp Freenode IRC : #owtf
Slide 24
Any Questions?
Slide 25
slide credits Not all slides were mine. credits to @tunnelshade_ and @7a_ for some slides.
Slide 26
Thank You
