Penetration Testing mailing list archives
Re: Mock Penentration Test Site
From: Robert Rich <rrich () gstisecurity com>
Date: Thu, 19 Aug 2004 20:50:47 -0400
WebGoat at OWASP is one option with a J2EE flavor... I've never used it myself, so I can't vouch for its effectiveness...but the OWASP folks seem to work pretty hard at putting quality stuff together. http://www.owasp.org/software/webgoat.html Quoting Tim <tim-pentest () sentinelchicken org>:
I am trying to create a Red Teaming Exercise and I was wondering if anyone knows of a full site I can download that will. Anything will do as an example, with CGI, PHP, JSP , ASP, forms and database. Basically anything that will resemble a real site with real vulnerabilities. i dotn have the time to build a fully functioning site from scratch and no one at work wants to give me one. Can anyone help?Well, you could always set up an installation of PHPNuke or PHPbb. They seem to have plenty of holes in them already for you to exploit... ;-) Even if their current versions are well-patched, I am sure it would be easy to slip in a few XSS and SQL injection holes. tim ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------
-- Robert Rich Global Security Technologies, Inc. Mobile: 614.975.7549 Office: 614.890.6400 ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
Current thread:
- Mock Penentration Test Site jwoloz (Aug 18)
- Re: Mock Penentration Test Site Nicolas Gregoire (Aug 19)
- Re: Mock Penentration Test Site Tim (Aug 19)
- out of office auto replies (was Re: Mock Penentration Test Site) Tim (Aug 20)
- Re: out of office auto replies (was Re: Mock Penentration Test Site) Martin Mačok (Aug 23)
- Re: out of office auto replies (was Re: Mock Penentration Test Site) Todd Burroughs (Aug 24)
- out of office auto replies (was Re: Mock Penentration Test Site) Tim (Aug 20)
- Re: Mock Penentration Test Site Robert Rich (Aug 20)
- RE: Mock Penentration Test Site Benjamin Tomhave (Aug 19)
- Re: Mock Penentration Test Site Gerry Eisenhaur (Aug 20)
- Re: Mock Penentration Test Site Skander Ben Mansour (Aug 20)
- RE: Mock Penentration Test Site Clement Dupuis (Aug 21)