owasppantera–dissectingwebapplications

owasppantera–dissectingwebapplications内容摘要：

s (PPA)  Import / Export  Spider  Data Miner  Visual Resource Icons (VRI)  Fingerprint (Cookies / Extensions)  AntiIDS Generation  Statistics  The Snitch 16 6th OWASP AppSec Conference – Milan – May 2020 Pantera Feature – Session Management  An assessment is a project.  Manage your projects easily.  Under Project Session Mode you get the “whole enchilada”. 17 6th OWASP AppSec Conference – Milan – May 2020 Pantera Feature – Session Management 18 6th OWASP AppSec Conference – Milan – May 2020 Pantera Feature – Pantera Passive Analysis (PPA)  PPA is a passive analysis engine on the fly.  PPA checks are easy to write plugins.  Checks are divided into categories (16)  Forms / Authentication Forms  SSL  Email  Cookies  More than 20+ checks available. 19 6th OWASP AppSec Conference – Milan – May 2020 Pantera Feature – Pantera Passive Analysis (PPA) 20 6th OWASP AppSec Conference – Milan – May 2020 Pantera Feature – Spider  Pantera now includes a Spider. (still in infancy)  Works in both operational modes.  Uses many smart gathering techniques:  Parse  Parse sitemap  Parse JavaScript  Request Directory Index 21 6th OWASP AppSec Conference – Milan – May 2020 Pantera Feature – Data Miner  “Get what you want”.  Allows to get any information from the project.  Emails  IE. Query ”All links with forms”  Only place in Pantera to view all links.  Easy to use and powerful. 22。