{"id":10268,"date":"2018-05-31T11:40:36","date_gmt":"2018-05-31T11:40:36","guid":{"rendered":"http:\/\/www.esds.co.in\/blog\/?p=10268"},"modified":"2020-01-07T10:29:56","modified_gmt":"2020-01-07T10:29:56","slug":"open-web-application-security-project-audit","status":"publish","type":"post","link":"https:\/\/www.esds.co.in\/blog\/open-web-application-security-project-audit\/","title":{"rendered":"Open Web Application Security Project Audit"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"360\" src=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/Open-Web-Application-Security-Project-Audit-blog.png\" alt=\"\" class=\"wp-image-10269\" srcset=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/Open-Web-Application-Security-Project-Audit-blog.png 800w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/Open-Web-Application-Security-Project-Audit-blog-150x68.png 150w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/Open-Web-Application-Security-Project-Audit-blog-300x135.png 300w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/Open-Web-Application-Security-Project-Audit-blog-660x297.png 660w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Introduction\"><\/span><strong>Introduction<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p style=\"text-align: justify;\">Open Web Application Security Project (OWASP) produces methodologies, documentation, tools, and technologies in the area of web application security. It produces&nbsp;Top 10 vulnerabilities&nbsp;after every 3 years. We cover OWASP TOP 10 2017 latest one and report the vulnerabilities related to it.<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esds.co.in\/blog\/open-web-application-security-project-audit\/#Introduction\" >Introduction<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esds.co.in\/blog\/open-web-application-security-project-audit\/#ESDS_VTMScan_Detection_Techniques\" >ESDS VTMScan Detection Techniques<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"ESDS_VTMScan_Detection_Techniques\"><\/span>ESDS VTM<strong>Scan Detection Techniques<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>SQL Injection:<\/strong>\u00a0In SQL Injection we append various payloads such as 1\u2019 for GET and POST request and check if we get any database error. We check for functional and error-based SQL Injection. We check for error based, Boolean and blind SQL Injection as well.<\/li><li><strong>XML External Entities (XXE):<\/strong>\u00a0In XXE we append payloads to check vulnerability in web application. We check for Error-based XXE, Out-Of-Band XXE and XSLT-base.<\/li><li><strong>Cross-Site Scripting (XSS):<\/strong>\u00a0In XSS we append and input various payloads such as \u2018>&lt;script>alert(\/XSS_Check\/)&lt;\/script> etc. in GET and POST request and check for the response and if we get a vulnerable response then we report it.<\/li><li><strong>Insecure Deserialization:<\/strong>\u00a0We look for deserialization vulnerabilities in multiple java frameworks, platforms and applications like Jenkins, Seam Framework, RMI over HTTP, Remote, Java Server Faces and others. We also check such issues in Servlet, Apache Struts2, JBoss Application, Jmx-console, admin-console, web-console and JMXInvokerServlet.<\/li><\/ul>\n\n\n\n<p style=\"text-align:center\"><strong><a href=\"https:\/\/esds.co.in\/security\/vtmscan\">ESDS VTMScan Features<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Open Web Application Security Project (OWASP) produces methodologies, documentation, tools, and technologies in the area of web application security. It produces&nbsp;Top 10 vulnerabilities&nbsp;after every 3 years. We cover OWASP TOP 10 2017 latest one and report the vulnerabilities related to it. ESDS VTMScan Detection Techniques SQL Injection:\u00a0In SQL Injection we append various payloads such&#8230; <\/p>\n<div class=\"clear\"><\/div>\n<p><a href=\"https:\/\/www.esds.co.in\/blog\/open-web-application-security-project-audit\/\" class=\"gdlr-button small excerpt-read-more\">Read More<\/a><\/p>\n","protected":false},"author":81,"featured_media":10269,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1271],"tags":[1970,1911,1917,2020],"class_list":["post-10268","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-2","tag-automated-audit","tag-freescan-owasp-audit","tag-open-web-application-security-project-audit","tag-owasp-audit"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/users\/81"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/comments?post=10268"}],"version-history":[{"count":2,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10268\/revisions"}],"predecessor-version":[{"id":11157,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10268\/revisions\/11157"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media\/10269"}],"wp:attachment":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media?parent=10268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/categories?post=10268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/tags?post=10268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}