From the course: DevSecOps: Automated Security Testing
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Application security attack tools
From the course: DevSecOps: Automated Security Testing
Application security attack tools
- [Instructor] Let's get hands on with the popular web application scanner Arachni. Scanners attempt to attack applications and find problems from cross-site scripting, or command execution, or other vulnerabilities. For our lab environment we're going to use a Docker container with the attack tools and Gauntlt already built into it. One of those tools is Arachni. In a browser I've headed over to www.arachni-scanner.com. Arachni is an open source web scanner with a command line and UI component. We will be working with the command line portion only throughout this course. Out of the box Arachni is a first class web application scanner. It covers cross-site scripting, SQL injection, command execution, and more. Let's take a look at it on the command line but to do this we need to get our Docket container built and ready to use. Let's head over to github.com and look at the Gauntlt Docker repo. I'm typing github.com/gauntlt/gauntlt-docker into my browser. Now I'm selecting the Docker…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.