Temple University

Week 10

Burp suite is a powerful tool used to test potential vulnerabilities in web applications. Burp sequencer is used to find authentication to web applications. Burp decoder is used to decode encrypted usernames or passwords on the client side and gain access to a web application. Burp comparer simply compares two sets of data like various responses so that you can see where the differences are. Burp proxy works between the browser and the application to potentially launch a man in the middle attack. Burp proxy is literally in the middle of the application and the browser being used to connect to it. Burp sitemap helps to identify where you want to focus your attention on a domain, similarly burp spider gets an exhaustive list of URLs for every site. For example Temple.edu would receive a large number of responses compared to darinbartholomew.com. Burp intruder finally executes the attacks. Once you used the various other tools to find authentication methods and define your scope you can deliver a payload.

Question for the class: Do you see web application threats to be a growing trend as we become even more connected and our applications become more network dependent than they already are?

Article http://www.zdnet.com/article/find-a-flash-drive-pick-it-up-study-highlights-poor-city-security-habits/

This article interested me because it used a “social experiment” (sort of like social engineering) to see how many people would pick up an abandoned USB drive and later plug them into their devices. 17% or one in five plugged them into their devices. This is a huge vulnerability because someone could do a similar thing with malicious intent and the drive could launch malicious software instead of the software used in this case to simply find out if it was plugged in. In our application this is something to think about because without proper training and employee knowledge, one of these drives could end up infecting an entire network that we are one day working to protect.

Leave a Reply

Your email address will not be published. Required fields are marked *