{"id":159,"date":"2008-10-31T10:27:15","date_gmt":"2008-10-31T15:27:15","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=159"},"modified":"2008-10-31T10:29:57","modified_gmt":"2008-10-31T15:29:57","slug":"using-proxies-to-secure-applications-and-more","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2008\/10\/31\/using-proxies-to-secure-applications-and-more\/","title":{"rendered":"Using Proxies to Secure Applications and More"},"content":{"rendered":"<p>I&#8217;ve been really surprised that for as long as I&#8217;ve been active with OWASP, I&#8217;ve never seen a proxy presentation.\u00a0 After all, they are hugely beneficial in doing web application penetration testing and they&#8217;re really not that difficult to use.\u00a0 Take TamperData for example.\u00a0 It&#8217;s just a firefox plugin, but it does header, cookie, get, and post manipulation just as well as WebScarab.\u00a0 Or Google Ratproxy, which works in the background while you browse around QA&#8217;ing your web site and gives you a nice actionable report when you&#8217;re done.\u00a0 I decided it was time to educate my peers on the awesomeness of proxies.<\/p>\n<p>This past Tuesday I presented to a crowd of about 35 people at the Austin OWASP Meeting.\u00a0 The title of my presentation was &#8220;Using Proxies to Secure Applications and More&#8221;.\u00a0 Since so many people came up to me afterward telling me what a great presentation it was and how they learned something they can take back to the office, I decided (with a little insistance from Ernest) that it was worth putting up on SlideShare and posting to the Web Admin Blog.<\/p>\n<p>The presentation starts off with a brief description of what a proxy is.\u00a0 Then, I talked about the different types of proxies.\u00a0 Then, the bulk of the presentation was just me giving examples and demonstrating the various proxies.\u00a0 I included anonymizing proxies, reverse proxies, and intercepting proxies.\u00a0 While my slides can&#8217;t substitue for the actual demo, I did try to include in them what tool I used for the demo.\u00a0 If you have any specific questions, please let me know.\u00a0 All that said, <a href=\"http:\/\/www.slideshare.net\/jsokol\/using-proxies-to-secure-applications-and-more-presentation\" target=\"_blank\">here&#8217;s the presentation<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve been really surprised that for as long as I&#8217;ve been active with OWASP, I&#8217;ve never seen a proxy presentation.\u00a0 After all, they are hugely beneficial in doing web application penetration testing and they&#8217;re really not that difficult to use.\u00a0 Take TamperData for example.\u00a0 It&#8217;s just a firefox plugin, but it does header, cookie, get, [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[96,4],"tags":[201,204,100,12,200,101,90,203,102,202],"class_list":["post-159","post","type-post","status-publish","format-standard","hentry","category-software-and-tools","category-web-app-sec","tag-applications","tag-firefox","tag-google","tag-owasp","tag-proxies","tag-ratproxy","tag-secure","tag-tamperdata","tag-web","tag-webscarab"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-2z","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=159"}],"version-history":[{"count":2,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/159\/revisions"}],"predecessor-version":[{"id":161,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/159\/revisions\/161"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}