EC Council CCT Module 9-L PDF
Document Details
Uploaded by SimplerAloe
Emmanuel Ayama
Tags
Related
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 01_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 02_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 01_ocred_fax_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 02_ocred_fax_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 04_ocred_fax_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 05_ocred_fax_ocred.pdf
Summary
This document is a module on application security, covering various topics such as threat modeling, application security techniques and tools. It is geared towards a professional audience.
Full Transcript
WITH @CDR AYAM MODULE 9 APPLICATION SECURITY Understanding Secure Application Design and Architecture Understanding Secure Coding Practices Overview of Software Security Standards, Models, and Frameworks Understanding...
WITH @CDR AYAM MODULE 9 APPLICATION SECURITY Understanding Secure Application Design and Architecture Understanding Secure Coding Practices Overview of Software Security Standards, Models, and Frameworks Understanding the Secure Application Development, Deployment, and Automation Understanding Various Application Security Testing Techniques and Tools EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY THREAT MODELING Threat modeling helps to: Identify relevant threats to a particular application scenario Identify key vulnerabilities in an application’s design Improve security design EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY 1. To Identify Security Objectives: administrators should ask the following questions: 1. What data should be protected? 2. Are there any compliance requirements? 3. Are there specific quality-of-service requirements? 4. Are there intangible assets to protect? 2. Application Overview: Identify the components, data flows, and trust boundaries. To draw the end-to-end deployment scenario, the administrator should use a whiteboard. First, they should draw a rough diagram that explains the workings and structure of the application, its subsystems, and its deployment characteristics. The deployment diagram should contain the following: 1. End-to-end deployment topology 2. Logical layers 3. Key components 4. Key services 5. Communication ports and protocols 6. Identities 7. External dependencies Identify Roles: The administrator should identify people and the roles and actions they can perform within the application. For example, 1. are there higher-privileged groups of users? 2. Who can read data? 3. Who can update data? 4. Who can delete data? Identify Key Usage Scenarios: The administrator should use the application’s use cases to determine its objective. Use cases explain how the application is used and misused. Identify Technologies: The administrator should list the technologies and key features of the software, as well as the following technologies in use: 1. Operating systems 2. Web server software 3. Database server software 4. Technologies for presentation, business, and data access layers 5. Development languages Identifying these technologies helps to focus on technology-specific threats. Identify Application Security Mechanisms: The administrator should identify some key points regarding the following: 1. Input and data validation 2. Authorization and authentication 3. Sensitive data 4. Configuration management 5. Session management 6. Parameter manipulation 7. Cryptography 8. Exception management 9. Auditing and logging EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY 3. Decompose the Application: In this step, the administrator breaks down the application to identify the trust boundaries, data flows, entry points, and exit points. Doing so makes it considerably easier to find more relevant and more detailed threats and vulnerabilities. Identify Trust Boundaries: Identifying the application’s trust boundaries helps the administrator to focus on the relevant areas of the application. It indicates where trust levels change. 1. Identify outer system boundaries 2. Identify access control points or key places where access requires extra privileges or role membership 3. Identify trust boundaries from a data flow perspective Identify Data Flows: The administrator should list the application’s data input from entry to exit. This helps to understand how the application communicates with outside systems and clients and how the internal components interact. They should pay particular attention to the data flow across trust boundaries and the data validation at the trust boundary entry point. A good approach is to start at the highest level and then deconstruct the application by testing the data flow between different subsystems. Identify Entry Points: The application’s entry point can also serve as an entry point for attacks. All users interact with the application at these entry points. Other internal entry points uncovered by subcomponents over the layers of the application may be present only to support internal communication with other components. The administrator should identify these entry points to determine the methods used by an intruder to get in through them. They should focus on the entry points that allow access to critical functionalities and provide adequate defense for them. Identify Exit Points The administrator should also identify the points where the application transfers data to the client or external systems. They should prioritize the exit points at which the application writes data containing client input or data from untrusted sources, such as a shared database. EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY 4. Identify Threats: The administrator should identify threats relevant to the control scenario and context using the information obtained in the application overview and decompose application steps. They should bring members of the development and test teams together to identify potential threats. The team should start with a list of common threats grouped. by their application vulnerability category. This step uses a question-driven approach to help identify threats. 5. Identify Vulnerabilities: A vulnerability is a weakness in an application (deployed in an information system) that allows attacker exploitation, thereby leading to security breaches. Security administrators should identify any weaknesses related to the threats found using the vulnerability categories to identifying vulnerabilities and fix them beforehand to keep intruders away. 6. Risk and Impact Analysis: The security administrator should perform risk and impact analysis to determine the amount of damage that a vulnerability in an application can cause when it is exploited as well as to rate the risk or severity level for each threat associated with it. Then, the administrator must prioritize the threats based on the decreasing order of severity level and inform the security management team to identify risk mitigation strategies. EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 https://owasp.org- APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 https://www.opensamm.org APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 https://www.bsimm.com APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY STEPS OF FUZZ TESTING Identify the target system Identify inputs Generate fuzzed data Execute the test using fuzz data Monitor system behavior Log defects EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY ADVANTAGES OF WHITELISTING Protection against malware attacks The whitelisting of applications in an organization can prevent malware attacks. Any application that is not in the whitelist is blocked. Mitigating Zero-day attacks: Generally, attackers start exploiting vulnerabilities once a software patch is released. Occasionally, malware for unpatched systems is ready to be deployed in a short time window during which a new patch has not yet been tested or implemented. Antivirus vendors also take time to identify new signatures to produce and distribute. Implementing application whitelisting hinders the execution of such vulnerabilities. Improved efficiency of computers: Application whitelisting prevents unauthorized applications from running in organizations, improving the efficiency of computers. Increased visibility and greatly reduced attack surface: Application whitelisting removes many basic attacks by protecting against the attack vector of download and execute. Application whitelisting enables organizations to track which applications are running or blocked on company systems. Improving the capability of monitoring and controlling applications greatly reduces the attack surface area, unauthorized changes to applications, and inspection requirements. EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY ADVANTAGES OF WHITELISTING Reclaiming bandwidth from streaming or sharing applications: Application whitelisting avoids the significant use of resources to operate unapproved and unnecessary applications, ensuring the optimal utilization of company resources in organizations. Application whitelisting limits the exposure of social media applications, bans certain websites, eliminates games, and blocks other destructive applications that consume excessive employee time and network bandwidth. Avoiding organizations from facing lawsuits or paying unnecessary license fees: Application whitelisting helps organizations avoid troubles such as lawsuits or license fees for unknowingly using unlicensed or illegal applications. Security independent of constant application updating: Unlike antivirus programs, application whitelisting solutions do not need to get updated periodically to be active. EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY ADVANTAGES OF WHITELISTING Easier attack detection: Attack detection becomes easier when many attack activities are blocked, and attacks generate a lot of noise. The noise created by attackers provide valuable information to incident response teams. This helps in measuring how long it takes for an antivirus solution to detect the existence of malware or changes on a system. Reduced bring-your-own-device (BYOD) risk: Application whitelisting reduces BYOD risk through the enforcement of mobile-application policies. EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY ADVANTAGES OF APPLICATION BLACKLISTING It is simple to implement. A blacklist simply identifies the blacklisted applications, denies them access, and allows the execution of all other applications not in the blacklist. Blacklists need low maintenance since the security software compiles lists and do not ask users for inputs often. EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY DISADVANTAGES OF APPLICATION BLACKLISTING A blacklist cannot be comprehensive, and the effectiveness of a blacklist is limited as the number of different and complex threats is continuously increasing. Sharing threat information can help make application blacklisting more effective. Blacklisting can tackle known attacks well but will not be able to protect against zero-day attacks. If an organization is the first target of new threats, blacklisting cannot stop them. Occasionally, hackers create malware to evade detection using blacklisting tools. In these cases, blacklisting fails to recognize the malware and add it to the blacklist. EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY https://www.manageengine.com EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY Selecting Not Configured option Select “Turn Off Local Group Policy Objects Processing” Policy Setting EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY Disabling Computer Configuration Settings EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY Setting Security Levels EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY Setting the Properties of “Unrestricted” Security Level EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY Applying Software Restriction Policies to All Users EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY ADDITIONAL APPLICATION WHITELISTING AND BLACKLISTING TOOLS ◊ Airlock Digital (https://www.airlockdigital.com) ◊ Digital Guardian (https://digitalguardian.com) ◊ Ivanti Application Control (https://www.ivanti.com) ◊ Thycotic (https://thycotic.com) ◊ RiskAnalytics (https://riskanalytics.com) EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY APPLICATION SANDBOXING TOOLS ◊ BUFFERZONE (https://bufferzonesecurity.com) ◊ SHADE Sandbox (https://www.shadesandbox.com) ◊ Shadow Defender (http://www.shadowdefender.com) EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY WHAT IS PATCH MANAGEMENT? It involves the following tasks: Choosing, verifying, testing, and applying patches Updating previously applied patches with current patches Listing patches applied previously to the current software Recording repositories or depots of patches for easy selection Assigning and deploying the applied patches EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY PATCH MANAGEMENT TOOLS ◊ GFI LanGuard (https://www.gfi.co) ◊ Symantec Client Management Suite (https://www.broadcom.com) ◊ Solarwinds Patch Manager (https://www.solarwinds.com) EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY BENEFITS OF WEB APPLICATION FIREWALL (WAF) a) WAF implementation secures existing and productive web applications. b) Many WAFs have functionalities that can be used in the design process to minimize the workload. c) It provides cookies protection with encryption and signature methodology. d) It secures applications from cross-site request forgery and negates parameter tampering by URL encryption. e) A WAF can detect data-validation issues through the in-depth testing of characters, character length, the range of a value, etc. f) It allows network defender to illustrate compliance with regulatory standards such as Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), and General Data Protection Regulation (GDPR). @CDR AYAM EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY WEB APPLICATION FIREWALLS (WAFS) SOLUTIONS ◊ dotDefender (http://www.applicure.com) ◊ ServerDefender VP (https://www.iis.net) ◊ ModSecurity (https://github.com) EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY WEB APPLICATION SECURITY SCANNERS ◊ N-Stalker Web App Security Scanner (https://www.nstalker.com) ◊ Acunetix WVS (https://www.acunetix.com) ◊ Browser Exploitation Framework (BeEF) (http://beefproject.com) EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY PROXY-BASED SECURITY TESTING TOOLS ◊ Burp Suite (https://portswigger.net) ◊ OWASP Zed Attack Proxy (ZAP) (https://www.owasp.org) EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY WEB SERVER FOOTPRINTING TOOLS ◊ cURL (https://curl.se) ◊ Netcat (http://netcat.sourceforge.net) EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM MODULE 9 APPLICATION SECURITY EC-COUNCIL CCT: CERTIFIED CYBERSECURITY TECHNICIAN BY EMMANUEL AYAMBA @CDR AYAM
