Vulnerability Assessment OS2C-Jogja The Vulnerability Assessment is indetification hole and vulner to system, method Vulnerability Assessment are

kind easy user uses things application sale a contens diffrent. The Proses vulnerability assessment search critical appliction and vulner code or pacth on the application. For example date 24 desember 2011 apache realse pact web sever anti DoS(http://www.computerworld.com), while before reaslse problem impact to minimalize attack kind most hapaned. The Other exmple also impact attack to vulner find to IE microsoft while a attacker wass indetify and quantify vulnebilytis to application windows. and side mirosoft warns of the word attacker. Danger hacker are expoite a vulnerbilty in micorsoft to a vulner microsoft word while find bug in microsoft word 2002,2003,2007 and 2010. This make row devlopment microsoft to queckly to patch vulner to application IE and microsoft word application. Prsose search indetify vulner with vulnebilty asssesment we can used framework scanning likly : nessuss, w3af (web_scanner) , nikto, paros proxy. This is application often used to search and find vulner to application web or system. The adult vulnerabilty clear away to type malicius or malware are infection application example most applying application to mobile phone include malwere. Now i will show opetarion application to search vulnerbilty in web application with arachni, Modules on arachni we can show : allowed_methods, interesting_responses, http_put, xst, unencrypted_password_forms, backdoors, common_files, mixed_resource, backup_files, directory_listing, common_directories, credit_card, emails, captcha, ssn, private_ip, html_objects, cvs_svn_users, htaccess_limit, webdav, os_cmd_injection_timing, xss_tag, sqli, sqli_blind_timing, sqli_blind_rdiff, xss_script_tag, code_injection_timing, code_injection, path_traversal, xss_path, xss, csrf, trainer, xss_uri, xpath, os_cmd_injection, xss_event, ldapi, response_splitting, rfi, unvalidated_redirect.

[*] Dumping audit results in '2012-02-01 08.45.05 -0800.afr'. [*] Done! ================================================================================ [+] Web Application Security Report - Arachni Framework [~] Report generated on: 2012-02-01 08:45:05 -0800 [~] Report false positives: http://github.com/Zapotek/arachni/issues [+] System settings: [~] --------------[~] Version: 0.4.0.2 [~] Revision: 0.2.5 [~] Audit started on: Wed Feb 1 08:44:56 2012 [~] Audit finished on: Wed Feb 1 08:45:03 2012 [~] Runtime: 00:00:06 [~] URL: http://192.168.56.103/owasp/wp_01/ [~] User agent: Arachni/0.4.0.2 [*] Audited elements: [~] * Links [~] * Forms [~] * Cookies [*] Modules: allowed_methods, interesting_responses, http_put, xst, unencrypted_password_forms, backdoors, common_files, mixed_resource, backup_files, directory_listing, common_directories, credit_card, emails, captcha, ssn, private_ip, html_objects, cvs_svn_users, htaccess_limit, webdav, os_cmd_injection_timing, xss_tag, sqli, sqli_blind_timing, sqli_blind_rdiff, xss_script_tag, code_injection_timing, code_injection, path_traversal, xss_path, xss, csrf, trainer, xss_uri, xpath, os_cmd_injection, xss_event, ldapi, response_splitting, rfi, unvalidated_redirect [*] Filters: [~] Exclude: [~] Include: [~] (?-mix:.*) [~] Redundant: [*] Cookies: [~] =========================== [+] 0 issues were detected. [+] Plugin data: [~] --------------[*] URL health-map [~] ~~~~~~~~~~~~~~~~ [~] Legend: [+] No issues [-] Has issues [+] http://192.168.56.103/owasp/wp_01/ [+] http://192.168.56.103/sitemap.xml.gz [+] http://192.168.56.103/sitemap.xml [~] Total: 3 [+] Without issues: 3 [-] With issues: 0 ( 0% ) [*] Profiler [~] ~~~~~~~~~~~~~~ [~] Description: Examines the behavior of the web application gathering general statistics and performs taint analysis to determine which inputs affect the output.

It does not perform any vulnerability assesment nor does it send attack payloads. [~] Inputs affecting output:

[~] 100.0% [============================================================>] 100% [~] Est. remaining time: --:--:-[~] Crawler has discovered 3 pages. [~] Sent 705 requests. [~] Received and analyzed 705 responses. [~] In 00:00:06 [~] Average: 101 requests/second. [~] Currently auditing http://192.168.56.103/sitemap.xml [~] Burst response time total 0 [~] Burst response count total 0 [~] Burst average response time 0 [~] Burst average 0 requests/second [~] Timed-out requests 0 [~] Original max concurrency 20 [~] Throttled max concurrency 20 root@hakaje:/pentest/web/arachni-v0.4.0.2-cde#

Resource download : www.hakaje.blogspot.com http://www.scribd.com/muzammi_06