Re: Mock Penentration Test Site
From: Robert Rich (rrich_at_gstisecurity.com)
Date: 08/20/04
- Previous message: Gerry Eisenhaur: "Re: Mock Penentration Test Site"
- In reply to: Tim: "Re: Mock Penentration Test Site"
- Next in thread: Benjamin Tomhave: "RE: Mock Penentration Test Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Aug 2004 20:50:47 -0400 To: Tim <tim-pentest@sentinelchicken.org>
WebGoat at OWASP is one option with a J2EE flavor... I've never used it myself,
so I can't vouch for its effectiveness...but the OWASP folks seem to work pretty
hard at putting quality stuff together.
http://www.owasp.org/software/webgoat.html
Quoting Tim <tim-pentest@sentinelchicken.org>:
> > I am trying to create a Red Teaming Exercise and I was wondering if
> > anyone knows of a full site I can download that will. Anything will
> > do as an example, with CGI, PHP, JSP , ASP, forms and database.
> > Basically anything that will resemble a real site with real
> > vulnerabilities. i dotn have the time to build a fully functioning
> > site from scratch and no one at work wants to give me one. Can anyone
> > help?
>
> Well, you could always set up an installation of PHPNuke or PHPbb. They
> seem to have plenty of holes in them already for you to exploit... ;-)
>
> Even if their current versions are well-patched, I am sure it would be
> easy to slip in a few XSS and SQL injection holes.
>
> tim
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
>
-------------------------------------------------------------------------------
>
>
-- Robert Rich Global Security Technologies, Inc. Mobile: 614.975.7549 Office: 614.890.6400 ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
- Previous message: Gerry Eisenhaur: "Re: Mock Penentration Test Site"
- In reply to: Tim: "Re: Mock Penentration Test Site"
- Next in thread: Benjamin Tomhave: "RE: Mock Penentration Test Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
