Anatomy of a WebShell
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the intricacies of WebShells in this 19-minute OWASP Foundation conference talk. Gain insights into the often misunderstood and overlooked form of malware that continues to be a popular and powerful tool for attackers. Discover the range of WebShells from simple to complex designs, and understand their role in establishing long-term, stealthy presence in compromised networks. Learn about the common parts of WebShells, their design principles, and typical usage. Delve into different categories of WebShells, including EVAL, Admin, and Proxy types. Understand the importance of WebShells in cybersecurity and the mechanisms that make them effective. Examine web security vulnerabilities that enable WebShell deployment. Differentiate between trojanized and standalone WebShells, and explore their persistence and stealth techniques. By the end of the talk, acquire the knowledge to identify and detect WebShells, even when dormant and not actively used by intruders.
Syllabus
Intro
Three Different Ones (EVAL)
Three Different Ones (Admin)
Three Different Ones (Proxy)
Why Should We Care
What Makes Them Work
Web Security - Or Lack Thereof
Trojanized or Standalone
Persistence and Stealth
WebShells You'll Know What To Look For...
Taught by
OWASP Foundation
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network