Burp Suite Web Vulnerability Scanner
by Michael G. Solomon
Security Strategies in Windows Platforms and Applications, 3rd Edition
- Cover
- Title Page
- Copyright Page
- Contents
- Preface
- Acknowledgments
- About the Author
- CHAPTER 1 Microsoft Windows and the Threat Landscape
- Information Systems Security
- Tenets of Information Security: The C-I-A Triad
- Mapping Microsoft Windows and Applications into a Typical IT Infrastructure
- Microsoft’s End-User License Agreement
- Windows Threats and Vulnerabilities
- Anatomy of Microsoft Windows Vulnerabilities
- Discovery-Analysis-Remediation Cycle
- Common Forms of Attack
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 1 ASSESSMENT
- CHAPTER 2 Security in the Microsoft Windows Operating System
- Operating System Components and Architecture
- Basic Windows Operating System Architecture
- Access Controls and Authentication
- Security Access Tokens, Rights, and Permissions
- Users, Groups, and Active Directory
- Windows Attack Surfaces and Mitigation
- Fundamentals of Microsoft Windows Security Monitoring and Maintenance
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 2 ASSESSMENT
- CHAPTER 3 Access Controls in Microsoft Windows
- The Principle of Least Privilege
- Access Models: Identification, Authentication, Authorization, ACLs, and More
- Windows Server 2012, Windows Server 2016, and Windows Server 2019 Dynamic Access Control
- Windows Objects and Access Controls
- SIDs, Globally Unique Identifiers, and Class Identifiers
- Calculating Microsoft Windows Access Permissions
- Auditing and Tracking Windows Access
- Microsoft Windows Access Management Tools
- Best Practices for Microsoft Windows Access Control
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 3 ASSESSMENT
- CHAPTER 4 Microsoft Windows Encryption Tools and Technologies
- Encryption Methods Microsoft Windows Supports
- Encrypting File System, BitLocker, and BitLocker To Go
- Enabling File-, Folder-, and Volume-Level Encryption
- Encryption in Communications
- Encryption Protocols in Microsoft Windows
- Microsoft Windows and Security Certificates
- Public Key Infrastructure
- Best Practices for Windows Encryption Techniques
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 4 ASSESSMENT
- CHAPTER 5 Protecting Microsoft Windows against Malware
- The Purpose of Malware
- Types of Malware
- Anti-Malware Software
- Malware Mitigation Techniques
- Importance of Updating Your Software
- Maintaining a Malware-Free Environment
- Scanning and Auditing Malware
- Tools and Techniques for Removing Malware
- Malware Prevention Best Practices
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 5 ASSESSMENT
- CHAPTER 6 Group Policy Control in Microsoft Windows
- Group Policy and Group Policy Objects
- Group Policy Settings
- Making Group Policy Conform to Security Policy
- Types of GPOs in the Registry
- Types of GPOs in Active Directory
- Designing, Deploying, and Tracking Group Policy Controls
- Auditing and Managing Group Policy
- Best Practices for Microsoft Windows Group Policy and Processes
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 6 ASSESSMENT
- CHAPTER 7 Microsoft Windows Security Profile and Audit Tools
- Profiling Microsoft Windows Security
- Microsoft Baseline Security Analyzer
- OpenVAS
- Nessus Essentials
- Burp Suite Web Vulnerability Scanner
- Microsoft Windows Security Audit
- Microsoft Windows Security Audit Tools
- Best Practices for Microsoft Windows Security Audits
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 7 ASSESSMENT
- CHAPTER 8 Microsoft Windows Backup and Recovery Tools
- Microsoft Windows Operating System and Application Backup and Recovery
- Workstation, Server, Network, and Cloud Backup Techniques
- Microsoft Windows and Application Backup and Recovery in a Business Continuity Setting
- Microsoft Windows Backup and Restore Utility
- Restoring with the Windows Backup and Restore Utility
- Rebuilding Systems from Bare Metal
- Managing Backups with Virtual Machines
- Best Practices for Microsoft Windows Backup and Recovery
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 8 ASSESSMENT
- CHAPTER 9 Microsoft Windows Network Security
- Network Security
- Principles of Microsoft Windows Network Security
- Microsoft Windows Security Protocols and Services
- Securing Microsoft Windows Environment Network Services
- Securing Microsoft Windows Wireless Networking
- Microsoft Windows Workstation Network Security
- Microsoft Windows Server Network Security
- Internal Network and Cloud Security
- Best Practices for Microsoft Windows Network Security
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 9 ASSESSMENT
- CHAPTER 10 Microsoft Windows Security Administration
- Security Administration Overview
- Maintaining the C-I-A Triad in the Microsoft Windows OS World
- Microsoft Windows OS Security Administration
- Ensuring Due Diligence and Regulatory Compliance
- The Need for Security Policies, Standards, Procedures, and Guidelines
- Best Practices for Microsoft Windows OS Security Administration
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 10 ASSESSMENT
- CHAPTER 11 Hardening the Microsoft Windows Operating System
- Understanding the Hardening Process and Mindset
- Hardening Microsoft Windows Operating System Authentication
- Hardening the Network Infrastructure
- Securing Directory Information and Operations
- Hardening Microsoft Windows OS Administration
- Hardening Microsoft Servers and Client Computers
- Hardening Workstation Computers
- Hardening Data Access and Controls
- Hardening Communications and Remote Access
- Hardening PKI
- User Security Training and Awareness
- Best Practices for Hardening Microsoft Windows OS and Applications
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 11 ASSESSMENT
- CHAPTER 12 Microsoft Application Security
- Principles of Microsoft Application Security
- Securing Key Microsoft Client Applications
- Web Browser
- Securing Key Microsoft Server Applications
- Case Studies in Microsoft Application Security
- Best Practices for Securing Microsoft Windows Applications
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 12 ASSESSMENT
- CHAPTER 13 Microsoft Windows Incident Handling and Management
- Understanding and Handling Security Incidents Involving Microsoft Windows OS and Applications
- Formulating an Incident Response Plan
- Plan for Anything that Could Cause Loss or Damage
- Handling Incident Response
- Incident Handling and Management Tools for Microsoft Windows and Applications
- Investigating Microsoft Windows and Applications Incidents
- Acquiring and Managing Incident Evidence
- Best Practices for Handling Microsoft Windows OS and Applications Incidents and Investigations
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 13 ASSESSMENT
- CHAPTER 14 Microsoft Windows and the Security Life Cycle
- Understanding Traditional System Life Cycle Phases
- Agile Software Development
- Managing Microsoft Windows OS and Application Software Security
- Developing Secure Microsoft Windows OS and Application Software
- Implementing, Evaluating, and Testing Microsoft Windows OS and Application Software Security
- Maintaining the Security of Microsoft Windows OS and Application Software
- Microsoft Windows OS and Application Software Revision, Change Management, and End-of-Life Phaseout
- Best Practices for Microsoft Windows and Application Software Development Security Investigations
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 14 ASSESSMENT
- CHAPTER 15 Best Practices for Microsoft Windows and Application Security
- Basic Rules of Microsoft Windows OS and Application Security
- Audit and Remediation Cycles
- Security Policy Conformance Checks
- Security Baseline Analysis
- OS and Application Checks and Upkeep
- Network Management Tools and Policies
- Software Testing, Staging, and Deployment
- Compliance/Currency Tests on Network Entry
- Trends in Microsoft Windows OS and Application Security Management
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 15 ASSESSMENT
- APPENDIX A Answer Key
- APPENDIX B Standard Acronyms
- Glossary of Key Terms
- References
- Index
Burp Suite Web Vulnerability Scanner
Some Windows servers perform specialized functions, and need to be assessed accordingly. For example, you should scan your web servers for general security vulnerabilities, but also scan them for vulnerabilities that are specific to web applications. The Burp Suite Web Vulnerability Scanner does just that. Burp Suite focuses on vulnerabilities found in web applications and makes it easy to scan for those weaknesses. Depending on your needs, you can get Burp Suite as Enterprise, Professional, or Community licenses. Each license provides different levels of service. The Community edition is free, but lacks the powerful Web Vulnerability Scanner. To get the scanner, you’ll need at least the Professional license. Figure 7-17 shows the defined web server target for a vulnerability scan. Figure 7-18 shows the results of a web vulnerability scan. Figure 7-19 shows an Executive Report that Burp Suite created based on the previous scan.
FIGURE 7-17 Defining the targets for a Burp Suite web vulnerability scan.
FIGURE 7-17
Defining the targets for a Burp Suite web venerability scan.
Used with permission from PortSwigger Ltd.
FIGURE 7-18 Burp Suite web vulnerability scan results.
FIGURE 7-18
Burp Suite web vulnerability scan results.
Used with permission from PortSwigger Ltd.
FIGURE 7-19 Burp Suite web vulnerability scan results report.
FIGURE 7-19
Burp Suite web vulnerability scan results.
Used with permission from PortSwigger Ltd.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.