1 / 16

Automating Web Testing Beyond OWASP WebScarab Using Python

Automating Web Testing Beyond OWASP WebScarab Using Python. Brad Causey OWASP Guy IISFA Guy brad.causey@owasp.org. About Brad. Survivalist MMA Local Cop Gun Enthusiast Married with 5 Kids. 2. About Brad. Instructor for 8 years Various Publications Books

ernst
Download Presentation

Automating Web Testing Beyond OWASP WebScarab Using Python

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automating Web Testing Beyond OWASP WebScarab Using Python Brad Causey OWASP Guy IISFA Guy brad.causey@owasp.org

  2. About Brad • Survivalist • MMA • Local Cop • Gun Enthusiast • Married with 5 Kids 2

  3. About Brad • Instructor for 8 years • Various Publications • Books • BBVA Compass Security Analyst • Training videos • OWASP GPC • OWASP Alabama Chapter Lead • IISFA Alabama Chapter Lead 3

  4. Why are we here? • Have the need to Automate tests • Some of these are difficult • Adapt to the app • WebScarab and Python are pretty popular 4

  5. Why WebScarab? • Open Source • Scriptable • Uses text to store data • Cross-Platform • Browser Agnostic 5

  6. WS Configuration and Special Notes • Saved Session Structure • Scripting • http://www.owasp.org/index.php/Scripting_in_WebScarab • import org.owasp.webscarab.model.HttpUrl; import org.owasp.webscarab.model.Request; import org.owasp.webscarab.model.Response; 6

  7. WS Advanced Features • Search • Extensions • Session ID Analysis • XSS • Tagging 7

  8. WS Weaknesses • AJAX • Performance • Output Format • Reporting 8

  9. Why Python? • Open Source Interpreter • Plain Text • Great Support • Cross-Platform • Text Processing 9

  10. A Python Primer • very clear, readable syntax • strong introspection capabilities • intuitive object orientation • natural expression of procedural code • exception-based error handling • very high level dynamic data types • extensive standard libraries • embeddable within applications as a scripting interface 10

  11. Useful Python Libraries • string • Built-in Library • .find • .index • .count 11

  12. Useful Python Libraries • urllib2 • Built-in Library • .urlopen • Encoding • Data (for request) 12

  13. Gluing the two together • WebScarab Files • Python File Reader • WebScarab Storage in-depth 13

  14. Possibilities are endless! • Http Methods testing • Post/Get fuzzing • Cookies? Yes! • importcookielib, urllib2 • http://docs.python.org/library/cookielib.html 14

  15. Demo! http://cdn1.gamepro.com/article_img/gamepro/214635-1.jpg?rand=2487A2F8-E22A-95A8-2C5A303E3847C9A2 15

  16. The Norris convention center? 16

More Related