การทดสอบเจาะระบบ - กรณีศึกษาเครือข่ายของมหาวิทยาลัยขอนแก่น

1. Penetration Testing – A Case Study of KhonKaen University Networks การทดสอบเจาะระบบ - กรณีศึกษาเครือข่ายของมหาวิทยาลัยขอนแก่น

2. COE2007-04 • Advisor • KittTientanopajai, D.Eng • Co-Advisor • Assoc.Prof. ArnutChaosakul • Assoc.Prof. PichateChiewthanakul • Member • Mr. PongphopLaochaikun 473040597-8 • Miss ArttapornPansamdang 473040629-1

3. Agenda • Progress • Result of Penetration • Introduction to WeVSA • WeVSA Operational Procedure • Problem • Future work • Demo

4. Progress Comment: In Progress Not started Finished

5. Result of Penetration 1/4 • 51 servers tested • 7 Critical Vulnerabilities

6. Result of Penetration 2/4

7. Result of Penetration 3/4 1 2 3

8. Result of Penetration 4/4 1 2

9. Introduction to WeVSA

10. WeVSA Operational Procedure 1/3 Server’s name Scan Attack

11. Server’s name Signal for Start Result

12. Java Script Injection Etc.. Hidden filed Attack Cross-Stie Scripting Etc.. <script>alert(Document.cookie);</script> SQL Injection Etc.. [T’ or 1=1 --]

14. WeVSA Operational Procedure 2/3 Target Attack

15. Penetrate by technique Target Result http response

16. WeVSA Operational Procedure 3/3

17. Problem • WeVSA waiting for scanning from scanner solved by use Thread. • WeVSA must clear results from last scanning. First program cannot delete results because objects was connected with file. We solved by clear garbage collection before deleted.

18. Future work • Implement WeVSA • Documentation • Penetrate network systems

19. Anyone has any question? Thank you for your listening