Colombo Security Meet up the Sri Lankan chapter of ”Open Web Application Security Project” (OWASP) had their 2nd meeting on September 5th 2012 at 99X Technology. It which was widely attended by over 50 IT specialists who were keen on improving the security of application software. The Sri Lankan chapter of the OWASP was initiated by Janesh Kodikara and Krishan Navaratne.
The intractive session on Role of WebScarab in Application Security, was presented by Dilan Warnakulasooriya (Information Security engineer-99x technology). Dilan is a certified ethical hacker with a degree in information technology from the University of Moratuwa. Prior to joining the 99X Technology, Dilan worked for the TechCERT computer, which is a security firm. Currently he is handling the internal applications for Norwegian information security projects. Dilan is proficient in penetration testing, mobile security, wireless security, vulnerability analysis and malicious forensics. He is also a member of the winning team at the Sri Lanka Hacking Challenge 2011.
What is WebScarab?
WebScarab is a framework for analyzing applications that communicate using the HTTP and HTTPS protocols. it is written in java, and its portable to many platforms. WebScarab has several models of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browsers. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that passes through WebScarab.