Re: XSS LAB DEMO IDEAS

From: Mark Curphey (mark@curphey.com)
Date: 01/06/03

Next message: Kevin Spett: "Re: XSS LAB DEMO IDEAS"

Previous message: Loki: "Re: XSS LAB DEMO IDEAS"
In reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
Next in thread: Kevin Spett: "Re: XSS LAB DEMO IDEAS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Mark Curphey <mark@curphey.com>
To: Jeremy Junginger <jj@act.com>, pen-test <pen-test@securityfocus.com>
Date: Mon, 06 Jan 2003 13:00:23 -0500 (EST)

Try WebGoat from OWASP http://www.owasp.org/webgoat/

It is a demo web application with XSS and many other problems like SQL Injection. A new version with full installers for Win32 and Linux will be released next week.

---- Jeremy Junginger <jj@act.com> wrote:
> After reading the papers by iDefense and the paper at
> http://www.technicalinfo.net/papers/CSS.html , I would like to put a
> working example together to familiarize our web developers with XSS
> vulnerabilities and their impact on the web site (and business). I
> would like to poll the group for interesting ways to demonstrate these
> vulnerabilities in a lab environment. Thanks for taking the time to
> give your input.
>
> -Jeremy
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Kevin Spett: "Re: XSS LAB DEMO IDEAS"
Previous message: Loki: "Re: XSS LAB DEMO IDEAS"
In reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
Next in thread: Kevin Spett: "Re: XSS LAB DEMO IDEAS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: (citrix testing)
... For more information on SecurityFocus' SIA service which ... >- This list is provided by the SecurityFocus Security Intelligence Alert ... > automatically alerts you to the latest security vulnerabilities please ...
(Pen-Test)
Re: Buffer Overflow Help
... >>> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... >>> automatically alerts you to the latest security vulnerabilities please ...
(Pen-Test)
Re: IIS HTR Exploit ?
... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... automatically alerts you to the latest security vulnerabilities please see: ...
(Pen-Test)
Re: Need Novell vuln. scanner ASAP!
... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... > automatically alerts you to the latest security vulnerabilities please see: ...
(Pen-Test)
Re: faster scans? (nmap)
... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)