Webgoat Alternative
Ricky
Is there any other project similar to webgoat, that could help me in
understanding web application vulnerabilities.
Regards
Ricky.
Bhowmik Shah
You could have a look at damn vulnerable web app
HTTP: \\dvwa.co.UK
It is a similar web app which is very insecure and you can use it to learn about web application vulnerabilities and try them yourself
Bhowmik
--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
To unsubscribe from this group, send email to null-co-in+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
muxica...@gmail.com
Try a quick search.
-Bipin Upadhyay.
»»Sent from my pwnedBerry®
Nikhil Wagholikar
You can have a look at Hacme Bank (in ASP.NET) or Hacme Books (in J2EE) from Foundstone Inc. as an alternative to Webgoat.
More Info:
Hacme Bank: http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
Hacme Books: http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
Hope this helps!
---
Nikhil Wagholikar
Practice Lead | Security Assessments & Digital Forensics
Network Intelligence India Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://iisecurity.in/courses/Training Calendar.html
corrupt
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).
Link: http://code.google.com/p/owaspbwa/
Cheers,
corrupt
Akash
From the site page
Web Security Dojo
A free open-source self-contained training environment for Web
Application Security penetration testing. Tools + Targets = Dojo
What?
Various web application security testing tools and vulnerable web
applications were added to a clean install of Ubuntu v9.10.
Why?
The Web Security Dojo is for learning and practicing web app security
testing techniques. It is ideal for training classes and conferences
since it does not need a network connection. The Dojo contains
everything needed to get started - tools, targets, and documentation.
Where?
Download Web Security Dojo from
http://sourceforge.net/projects/websecuritydojo/files/.
On 20 March 2010 09:59, Ricky <g.m...@gmail.com> wrote:
> --
> null - Spreading the right Information
> null Mailing list charter: http://null.co.in/section/about/null_list_charter/
>
> To unsubscribe from this group, send email to null-co-in+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
>
--
warm regards,
Akash Mahajan
----------------------------------------------------------
Security Consultant, (Web / Networks /
Servers / IT/ Virtualization)
Founder Headstart Network Foundation
----------------------------------------------------------
http://www.linkedin.com/in/akashm
http://twitter.com/makash
----------------------------------------------------------
Tamaghna Basu
| You can also try: http://www.badstore.net/ "Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques." |
|
Your Mail works best with the New Yahoo Optimized IE8. Get it NOW!.
Akash
just clicking submit takes you to the download page.
http://www.badstore.net/downloads/return.htm?retURL=http://www.badstore.net/downloads/return.htm&first_name=&last_name=&company=&phone=&country=&email=&subscribe=yes&submit=Submit
Tamaghna Basu
| I think, that's just to tempt you about web app hacking and flaws :) |
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
Abhishek Lyall
Many interesting Web penetration testing environments are listed here. Also Mutillidae by Irongeek is good for testing and developing skills.
download from http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
And to see how to setup various vulnerable applications listed above see the video on securityages.
The link is http://www.securityaegis.com/pentest-lab-web-application-edition/
Regards
Abhishek Lyall
Tyrael
This is an educational environment intended to give insight into
common web application and PHP vulnerabilities.
http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Project/
Varun V Nair
Test sites / testing grounds
SPI Dynamics (live) - http://zero.webappsecurity.com/
Cenzic (live) - http://crackme.cenzic.com/
Watchfire (live) - http://demo.testfire.net/
Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com
WebMaven / Buggy Bank - http://www.mavensecurity.com/webmaven
Foundstone SASS tools - http://www.foundstone.com/us/resources-free-tools.asp
Updated HackmeBank - http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator
Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/
SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/
Regards,
Varun V Nair
http://paheli.net/blog/
--
Ricky
is basic from where i can start from?
Regards
Ricky
On Mar 21, 9:27 pm, Varun V Nair <varunvn...@gmail.com> wrote:
> A few more dummy web applications here -http://www.owasp.org/index.php/Phoenix/Tools
>
> Test sites / testing grounds
>
> SPI Dynamics (live) -http://zero.webappsecurity.com/
> Cenzic (live) -http://crackme.cenzic.com/
> Watchfire (live) -http://demo.testfire.net/
> Acunetix (live) -http://testphp.acunetix.com/http://testasp.acunetix.comhttp://testaspnet.acunetix.com
> WebMaven / Buggy Bank -http://www.mavensecurity.com/webmaven
> Foundstone SASS tools -http://www.foundstone.com/us/resources-free-tools.asp
> Updated HackmeBank -http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-...
> OWASP WebGoat -http://www.owasp.org/index.php/OWASP_WebGoat_Project
> OWASP SiteGenerator -http://www.owasp.org/index.php/Owasp_SiteGenerator
> Stanford SecuriBench -http://suif.stanford.edu/~livshits/securibench/
> SecuriBench Micro -http://suif.stanford.edu/~livshits/work/securibench-micro/
>
> Regards,
> Varun V Nair
>
> http://paheli.net/blog/
>
> On 21 March 2010 11:00, Tyrael <anish.a...@gmail.com> wrote:
>
>
>
> > Another one is The ButterFly - Security Project
>
> > This is an educational environment intended to give insight into
> > common web application and PHP vulnerabilities.
>
> >http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Pro...
>
> > --
> > null - Spreading the right Information
> > null Mailing list charter:
> >http://null.co.in/section/about/null_list_charter/
>
> > To unsubscribe from this group, send email to null-co-in+
> > unsubscribegooglegroups.com or reply to this email with the words "REMOVE
> > ME" as the subject.- Hide quoted text -
>
> - Show quoted text -
Akash
> Thanks for your valuable guidance, please could you tell me which one
> is basic from where i can start from?
For linux I would start with http://dvwa.co.uk/