diff options
| author | mo khan <mo@mokhan.ca> | 2016-02-07 09:36:53 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2016-02-07 09:36:53 -0700 |
| commit | e2f09c61fa14cc803600f616d10a8b135badaed2 (patch) | |
| tree | d476bc1351c600d1c9534c301d7996836d3d363d /README.md | |
| parent | 46e4a6812933c0309c8b952585ab25ceb68132b1 (diff) | |
rename files.
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..6e3f817 --- /dev/null +++ b/README.md @@ -0,0 +1,48 @@ +# Overview + +* bt5r3-was.sait230.ca + * linux distro with lots of security tools +* nessus.sait230.ca + * nessus and nexpose vulnerability scanners +* samurai.sait230.ca + * web testing framework + * has vulnerable web applications as well as the tools to test them. +* websecdojo.sait230.ca + * has vulnerable web apps as well as tools to test them. + * preconfigured, stand-alone training environment for web app security. +* metasploitable.sait230.ca + * has vulnerable network services and web applications for security testing. +* tomcat-apache.sait230.ca + * tomcat installed, used for recon and file injection. +* bwa.sait230.ca + * variety of applications with known vulnerabilities. +* ultimatelamp.sait230.ca + * LAMP applications + * used for recon, discovery and mapping phases. + +Targets: +* metasploitable +* tomcat-apache +* bwa +* ultimatelamp + +# web security technologies + +Pure web server: serve static content only. + +```ruby + client -> server +``` + +Dynamic web servers: servers that serve both static and active content. +Application servers: + * examples: websphere, bea weblogic, jboss, tomcat +Proxy servers: + * front ends for one or more applications called a reverse proxy. +Http Protocol: + * request response pattern + * port 80 + +HTTP request packets + +GET /login.php http/1.1 |